Date
June 24, 2025, 11:37 a.m.
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 37.097765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3de4/0x4858 [ 36.835973] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5b4/0x4858 [ 36.700643] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2b0/0x4858 [ 36.648469] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x40a8/0x4858
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 36.514706] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 36.466567] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 36.416736] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0
Failure - log-parser-boot - internal-error-oops-oops-smp
[ 121.908233] Internal error: Oops: 0000000096000005 [#1] SMP [ 121.919467] Modules linked in: [ 121.920595] CPU: 0 UID: 0 PID: 543 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 121.921564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 121.922056] Hardware name: linux,dummy-virt (DT) [ 121.923081] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 121.924008] pc : kunit_test_null_dereference+0x70/0x170 [ 121.924669] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 121.925330] sp : ffff800081f77d30 [ 121.925798] x29: ffff800081f77d90 x28: 0000000000000000 x27: 0000000000000000 [ 121.926927] x26: 1ffe000018ad8d61 x25: 0000000000000000 x24: 0000000000000004 [ 121.927835] x23: fff00000c56c6b0c x22: ffffac8ac1c2a688 x21: fff00000c138b788 [ 121.928763] x20: 1ffff000103eefa6 x19: ffff800080087990 x18: 00000000e0151aba [ 121.929701] x17: 0000000039dc48e5 x16: 0000000000000100 x15: 00000000bb1a010c [ 121.930661] x14: 00000000474c1336 x13: 1ffe00001b48c589 x12: fffd800018f10b3c [ 121.931586] x11: 1ffe000018f10b3b x10: fffd800018f10b3b x9 : ffffac8ac1c21e30 [ 121.932568] x8 : ffff800081f77c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 121.933460] x5 : ffff7000103eefa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 121.934395] x2 : dfff800000000000 x1 : fff00000c7885100 x0 : ffff800080087990 [ 121.935415] Call trace: [ 121.935814] kunit_test_null_dereference+0x70/0x170 (P) [ 121.936434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 121.937142] kthread+0x328/0x630 [ 121.937597] ret_from_fork+0x10/0x20 [ 121.938650] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 121.939680] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 68.541163] ================================================================== [ 68.541266] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 68.541266] [ 68.541378] Use-after-free read at 0x00000000c8045cd3 (in kfence-#203): [ 68.541446] test_krealloc+0x51c/0x830 [ 68.541505] kunit_try_run_case+0x170/0x3f0 [ 68.541562] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.541615] kthread+0x328/0x630 [ 68.541663] ret_from_fork+0x10/0x20 [ 68.541711] [ 68.541740] kfence-#203: 0x00000000c8045cd3-0x000000004c50b74a, size=32, cache=kmalloc-32 [ 68.541740] [ 68.541807] allocated by task 348 on cpu 0 at 68.540055s (0.001747s ago): [ 68.541906] test_alloc+0x29c/0x628 [ 68.541961] test_krealloc+0xc0/0x830 [ 68.542011] kunit_try_run_case+0x170/0x3f0 [ 68.542059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.542112] kthread+0x328/0x630 [ 68.542155] ret_from_fork+0x10/0x20 [ 68.542203] [ 68.542231] freed by task 348 on cpu 0 at 68.540538s (0.001689s ago): [ 68.542308] krealloc_noprof+0x148/0x360 [ 68.542356] test_krealloc+0x1dc/0x830 [ 68.542424] kunit_try_run_case+0x170/0x3f0 [ 68.542473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.542525] kthread+0x328/0x630 [ 68.542570] ret_from_fork+0x10/0x20 [ 68.542618] [ 68.542670] CPU: 0 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 68.542770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 68.542807] Hardware name: linux,dummy-virt (DT) [ 68.542849] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 68.371984] ================================================================== [ 68.372090] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 68.372090] [ 68.372205] Use-after-free read at 0x0000000074f18ec6 (in kfence-#201): [ 68.372271] test_memcache_typesafe_by_rcu+0x280/0x560 [ 68.372335] kunit_try_run_case+0x170/0x3f0 [ 68.372394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.372451] kthread+0x328/0x630 [ 68.372500] ret_from_fork+0x10/0x20 [ 68.372550] [ 68.372580] kfence-#201: 0x0000000074f18ec6-0x0000000022a61ee6, size=32, cache=test [ 68.372580] [ 68.372644] allocated by task 346 on cpu 1 at 68.332048s (0.040591s ago): [ 68.372727] test_alloc+0x230/0x628 [ 68.372779] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 68.372834] kunit_try_run_case+0x170/0x3f0 [ 68.372883] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.372960] kthread+0x328/0x630 [ 68.373008] ret_from_fork+0x10/0x20 [ 68.373056] [ 68.373084] freed by task 346 on cpu 1 at 68.332205s (0.040874s ago): [ 68.373155] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 68.373210] kunit_try_run_case+0x170/0x3f0 [ 68.373260] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 68.373311] kthread+0x328/0x630 [ 68.373356] ret_from_fork+0x10/0x20 [ 68.373409] [ 68.373465] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 68.373561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 68.373596] Hardware name: linux,dummy-virt (DT) [ 68.373640] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 47.142482] ================================================================== [ 47.142710] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 47.142710] [ 47.142943] Invalid read at 0x00000000c468ae20: [ 47.143129] test_invalid_access+0xdc/0x1f0 [ 47.144036] kunit_try_run_case+0x170/0x3f0 [ 47.144175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.144309] kthread+0x328/0x630 [ 47.144423] ret_from_fork+0x10/0x20 [ 47.144554] [ 47.144671] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 47.144881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.144993] Hardware name: linux,dummy-virt (DT) [ 47.145089] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 39.253302] ================================================================== [ 39.253491] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 39.253491] [ 39.254553] Out-of-bounds write at 0x000000005e6c5e2e (1B left of kfence-#124): [ 39.254912] test_out_of_bounds_write+0x100/0x240 [ 39.255775] kunit_try_run_case+0x170/0x3f0 [ 39.256029] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.256808] kthread+0x328/0x630 [ 39.257287] ret_from_fork+0x10/0x20 [ 39.257440] [ 39.257498] kfence-#124: 0x000000007041317f-0x0000000016c580f4, size=32, cache=kmalloc-32 [ 39.257498] [ 39.257877] allocated by task 302 on cpu 0 at 39.253049s (0.004817s ago): [ 39.258397] test_alloc+0x29c/0x628 [ 39.258977] test_out_of_bounds_write+0xc8/0x240 [ 39.259471] kunit_try_run_case+0x170/0x3f0 [ 39.259707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.260130] kthread+0x328/0x630 [ 39.260300] ret_from_fork+0x10/0x20 [ 39.260608] [ 39.260772] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 39.261214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.261609] Hardware name: linux,dummy-virt (DT) [ 39.262032] ================================================================== [ 39.568676] ================================================================== [ 39.569078] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 39.569078] [ 39.569548] Out-of-bounds write at 0x00000000c6461809 (1B left of kfence-#127): [ 39.569684] test_out_of_bounds_write+0x100/0x240 [ 39.569796] kunit_try_run_case+0x170/0x3f0 [ 39.569918] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.570039] kthread+0x328/0x630 [ 39.570208] ret_from_fork+0x10/0x20 [ 39.570366] [ 39.570435] kfence-#127: 0x00000000a5a5b29f-0x00000000599331bc, size=32, cache=test [ 39.570435] [ 39.570575] allocated by task 304 on cpu 0 at 39.568452s (0.002113s ago): [ 39.570801] test_alloc+0x230/0x628 [ 39.570926] test_out_of_bounds_write+0xc8/0x240 [ 39.571033] kunit_try_run_case+0x170/0x3f0 [ 39.571176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.571291] kthread+0x328/0x630 [ 39.571383] ret_from_fork+0x10/0x20 [ 39.571489] [ 39.571602] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 39.571855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.571985] Hardware name: linux,dummy-virt (DT) [ 39.572122] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 46.908923] ================================================================== [ 46.909032] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 46.909032] [ 46.909114] Corrupted memory at 0x00000000de3a8a92 [ ! . . . . . . . . . . . . . . . ] (in kfence-#197): [ 46.909484] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 46.909547] kunit_try_run_case+0x170/0x3f0 [ 46.909603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.909658] kthread+0x328/0x630 [ 46.909705] ret_from_fork+0x10/0x20 [ 46.909756] [ 46.909785] kfence-#197: 0x00000000e4ade892-0x00000000d2aa3706, size=73, cache=kmalloc-96 [ 46.909785] [ 46.909850] allocated by task 336 on cpu 0 at 46.908527s (0.001318s ago): [ 46.909945] test_alloc+0x29c/0x628 [ 46.910000] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 46.910054] kunit_try_run_case+0x170/0x3f0 [ 46.910107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.910161] kthread+0x328/0x630 [ 46.910206] ret_from_fork+0x10/0x20 [ 46.910255] [ 46.910283] freed by task 336 on cpu 0 at 46.908747s (0.001531s ago): [ 46.910359] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 46.910429] kunit_try_run_case+0x170/0x3f0 [ 46.910481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.910535] kthread+0x328/0x630 [ 46.910580] ret_from_fork+0x10/0x20 [ 46.910629] [ 46.910679] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 46.910777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.910813] Hardware name: linux,dummy-virt (DT) [ 46.910854] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 46.700333] ================================================================== [ 46.700485] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 46.700485] [ 46.700604] Out-of-bounds read at 0x0000000074ecdac6 (105B right of kfence-#195): [ 46.700679] test_kmalloc_aligned_oob_read+0x238/0x468 [ 46.700742] kunit_try_run_case+0x170/0x3f0 [ 46.700798] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.700855] kthread+0x328/0x630 [ 46.700935] ret_from_fork+0x10/0x20 [ 46.700988] [ 46.701020] kfence-#195: 0x0000000079e7aaa8-0x00000000dd834fc3, size=73, cache=kmalloc-96 [ 46.701020] [ 46.701085] allocated by task 334 on cpu 0 at 46.699941s (0.001140s ago): [ 46.701170] test_alloc+0x29c/0x628 [ 46.701222] test_kmalloc_aligned_oob_read+0x100/0x468 [ 46.701277] kunit_try_run_case+0x170/0x3f0 [ 46.701329] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.701383] kthread+0x328/0x630 [ 46.701426] ret_from_fork+0x10/0x20 [ 46.701474] [ 46.701528] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 46.701628] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.701665] Hardware name: linux,dummy-virt (DT) [ 46.701705] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 41.171980] ================================================================== [ 41.172127] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 41.172127] [ 41.172255] Corrupted memory at 0x00000000536e1d6e [ ! ] (in kfence-#142): [ 41.172546] test_corruption+0x1d8/0x378 [ 41.172902] kunit_try_run_case+0x170/0x3f0 [ 41.173036] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.173160] kthread+0x328/0x630 [ 41.173371] ret_from_fork+0x10/0x20 [ 41.173738] [ 41.174000] kfence-#142: 0x0000000038e82a5b-0x000000005ffea886, size=32, cache=test [ 41.174000] [ 41.174741] allocated by task 324 on cpu 0 at 41.171077s (0.003655s ago): [ 41.174906] test_alloc+0x230/0x628 [ 41.175010] test_corruption+0x198/0x378 [ 41.176443] kunit_try_run_case+0x170/0x3f0 [ 41.176522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.176586] kthread+0x328/0x630 [ 41.176672] ret_from_fork+0x10/0x20 [ 41.176726] [ 41.176754] freed by task 324 on cpu 0 at 41.171523s (0.005227s ago): [ 41.176837] test_corruption+0x1d8/0x378 [ 41.176911] kunit_try_run_case+0x170/0x3f0 [ 41.176968] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.177024] kthread+0x328/0x630 [ 41.177071] ret_from_fork+0x10/0x20 [ 41.177120] [ 41.177165] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 41.177260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.177297] Hardware name: linux,dummy-virt (DT) [ 41.177337] ================================================================== [ 41.062098] ================================================================== [ 41.062299] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 41.062299] [ 41.062543] Corrupted memory at 0x00000000c8512eea [ ! . . . . . . . . . . . . . . . ] (in kfence-#141): [ 41.068955] test_corruption+0x120/0x378 [ 41.069682] kunit_try_run_case+0x170/0x3f0 [ 41.069804] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.069930] kthread+0x328/0x630 [ 41.070092] ret_from_fork+0x10/0x20 [ 41.070827] [ 41.070923] kfence-#141: 0x00000000e72ddaed-0x000000002215e385, size=32, cache=test [ 41.070923] [ 41.071048] allocated by task 324 on cpu 0 at 41.061754s (0.009285s ago): [ 41.071556] test_alloc+0x230/0x628 [ 41.072296] test_corruption+0xdc/0x378 [ 41.073028] kunit_try_run_case+0x170/0x3f0 [ 41.073195] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.073300] kthread+0x328/0x630 [ 41.073394] ret_from_fork+0x10/0x20 [ 41.074270] [ 41.074402] freed by task 324 on cpu 0 at 41.061815s (0.012578s ago): [ 41.075054] test_corruption+0x120/0x378 [ 41.075250] kunit_try_run_case+0x170/0x3f0 [ 41.075369] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.075495] kthread+0x328/0x630 [ 41.076468] ret_from_fork+0x10/0x20 [ 41.076877] [ 41.077140] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 41.077461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.077840] Hardware name: linux,dummy-virt (DT) [ 41.078099] ================================================================== [ 40.641554] ================================================================== [ 40.641733] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 40.641733] [ 40.641903] Corrupted memory at 0x00000000a1683ce9 [ ! . . . . . . . . . . . . . . . ] (in kfence-#137): [ 40.645841] test_corruption+0x278/0x378 [ 40.645993] kunit_try_run_case+0x170/0x3f0 [ 40.646157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.646316] kthread+0x328/0x630 [ 40.646504] ret_from_fork+0x10/0x20 [ 40.646625] [ 40.646685] kfence-#137: 0x00000000b7430fa4-0x00000000f07db2a2, size=32, cache=kmalloc-32 [ 40.646685] [ 40.646825] allocated by task 322 on cpu 0 at 40.640999s (0.005816s ago): [ 40.646989] test_alloc+0x29c/0x628 [ 40.647104] test_corruption+0xdc/0x378 [ 40.647228] kunit_try_run_case+0x170/0x3f0 [ 40.647374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.647527] kthread+0x328/0x630 [ 40.647680] ret_from_fork+0x10/0x20 [ 40.647810] [ 40.647903] freed by task 322 on cpu 0 at 40.641204s (0.006662s ago): [ 40.648109] test_corruption+0x278/0x378 [ 40.648227] kunit_try_run_case+0x170/0x3f0 [ 40.648373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.648523] kthread+0x328/0x630 [ 40.648650] ret_from_fork+0x10/0x20 [ 40.648763] [ 40.649049] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.649330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.649433] Hardware name: linux,dummy-virt (DT) [ 40.649560] ================================================================== [ 40.956671] ================================================================== [ 40.957062] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 40.957062] [ 40.957290] Corrupted memory at 0x0000000021f7d7a7 [ ! ] (in kfence-#140): [ 40.957940] test_corruption+0x284/0x378 [ 40.958069] kunit_try_run_case+0x170/0x3f0 [ 40.958194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.958452] kthread+0x328/0x630 [ 40.958570] ret_from_fork+0x10/0x20 [ 40.958820] [ 40.958955] kfence-#140: 0x000000003e8fb66f-0x0000000026a40a74, size=32, cache=kmalloc-32 [ 40.958955] [ 40.959223] allocated by task 322 on cpu 0 at 40.956219s (0.002993s ago): [ 40.959388] test_alloc+0x29c/0x628 [ 40.959494] test_corruption+0x198/0x378 [ 40.959611] kunit_try_run_case+0x170/0x3f0 [ 40.959723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.959849] kthread+0x328/0x630 [ 40.960071] ret_from_fork+0x10/0x20 [ 40.960347] [ 40.960407] freed by task 322 on cpu 0 at 40.956368s (0.004031s ago): [ 40.960564] test_corruption+0x284/0x378 [ 40.960670] kunit_try_run_case+0x170/0x3f0 [ 40.960783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.961090] kthread+0x328/0x630 [ 40.961196] ret_from_fork+0x10/0x20 [ 40.961448] [ 40.961547] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.961854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.961978] Hardware name: linux,dummy-virt (DT) [ 40.962077] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 40.317625] ================================================================== [ 40.317726] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 40.317726] [ 40.317850] Invalid free of 0x000000000233deb4 (in kfence-#134): [ 40.319416] test_invalid_addr_free+0x1ac/0x238 [ 40.319542] kunit_try_run_case+0x170/0x3f0 [ 40.319665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.321515] kthread+0x328/0x630 [ 40.321654] ret_from_fork+0x10/0x20 [ 40.321775] [ 40.321843] kfence-#134: 0x0000000008f7f74f-0x00000000923c5938, size=32, cache=kmalloc-32 [ 40.321843] [ 40.322010] allocated by task 318 on cpu 0 at 40.317426s (0.004575s ago): [ 40.322242] test_alloc+0x29c/0x628 [ 40.322398] test_invalid_addr_free+0xd4/0x238 [ 40.322695] kunit_try_run_case+0x170/0x3f0 [ 40.322858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.323167] kthread+0x328/0x630 [ 40.323264] ret_from_fork+0x10/0x20 [ 40.323365] [ 40.323458] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.323655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.323869] Hardware name: linux,dummy-virt (DT) [ 40.324511] ================================================================== [ 40.433125] ================================================================== [ 40.433824] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 40.433824] [ 40.433967] Invalid free of 0x00000000e3e69464 (in kfence-#135): [ 40.434086] test_invalid_addr_free+0xec/0x238 [ 40.434190] kunit_try_run_case+0x170/0x3f0 [ 40.434290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.434403] kthread+0x328/0x630 [ 40.435847] ret_from_fork+0x10/0x20 [ 40.436810] [ 40.437360] kfence-#135: 0x00000000e07c468d-0x000000001e5b5b7d, size=32, cache=test [ 40.437360] [ 40.437880] allocated by task 320 on cpu 0 at 40.432139s (0.005729s ago): [ 40.438049] test_alloc+0x230/0x628 [ 40.438994] test_invalid_addr_free+0xd4/0x238 [ 40.439559] kunit_try_run_case+0x170/0x3f0 [ 40.439908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.440711] kthread+0x328/0x630 [ 40.440879] ret_from_fork+0x10/0x20 [ 40.440995] [ 40.441618] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.442547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.442879] Hardware name: linux,dummy-virt (DT) [ 40.443232] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 40.211851] ================================================================== [ 40.212811] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 40.212811] [ 40.212955] Invalid free of 0x00000000503a98ff (in kfence-#133): [ 40.213070] test_double_free+0x100/0x238 [ 40.213177] kunit_try_run_case+0x170/0x3f0 [ 40.213428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.214284] kthread+0x328/0x630 [ 40.215143] ret_from_fork+0x10/0x20 [ 40.215424] [ 40.215857] kfence-#133: 0x00000000503a98ff-0x00000000c2bd6fd5, size=32, cache=test [ 40.215857] [ 40.216226] allocated by task 316 on cpu 0 at 40.209754s (0.006462s ago): [ 40.216371] test_alloc+0x230/0x628 [ 40.217425] test_double_free+0xd4/0x238 [ 40.217939] kunit_try_run_case+0x170/0x3f0 [ 40.218300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.218701] kthread+0x328/0x630 [ 40.218796] ret_from_fork+0x10/0x20 [ 40.219206] [ 40.219533] freed by task 316 on cpu 0 at 40.210741s (0.008781s ago): [ 40.220471] test_double_free+0xf0/0x238 [ 40.220938] kunit_try_run_case+0x170/0x3f0 [ 40.221168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.221804] kthread+0x328/0x630 [ 40.221918] ret_from_fork+0x10/0x20 [ 40.222272] [ 40.223789] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.224008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.224085] Hardware name: linux,dummy-virt (DT) [ 40.225126] ================================================================== [ 40.105076] ================================================================== [ 40.105232] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 40.105232] [ 40.105389] Invalid free of 0x000000009a73a567 (in kfence-#132): [ 40.105810] test_double_free+0x1bc/0x238 [ 40.105969] kunit_try_run_case+0x170/0x3f0 [ 40.106085] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.106195] kthread+0x328/0x630 [ 40.106295] ret_from_fork+0x10/0x20 [ 40.106406] [ 40.106464] kfence-#132: 0x000000009a73a567-0x00000000a3b67386, size=32, cache=kmalloc-32 [ 40.106464] [ 40.106593] allocated by task 314 on cpu 0 at 40.104567s (0.002017s ago): [ 40.106738] test_alloc+0x29c/0x628 [ 40.106836] test_double_free+0xd4/0x238 [ 40.107211] kunit_try_run_case+0x170/0x3f0 [ 40.107714] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.108098] kthread+0x328/0x630 [ 40.108198] ret_from_fork+0x10/0x20 [ 40.108297] [ 40.108961] freed by task 314 on cpu 0 at 40.104698s (0.004252s ago): [ 40.109496] test_double_free+0x1ac/0x238 [ 40.109606] kunit_try_run_case+0x170/0x3f0 [ 40.109709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.111214] kthread+0x328/0x630 [ 40.111328] ret_from_fork+0x10/0x20 [ 40.111855] [ 40.112178] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.112673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.112806] Hardware name: linux,dummy-virt (DT) [ 40.112975] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 39.687869] ================================================================== [ 39.688190] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 39.688190] [ 39.688617] Use-after-free read at 0x00000000b663f615 (in kfence-#128): [ 39.688775] test_use_after_free_read+0x114/0x248 [ 39.688992] kunit_try_run_case+0x170/0x3f0 [ 39.689203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.689375] kthread+0x328/0x630 [ 39.689493] ret_from_fork+0x10/0x20 [ 39.689689] [ 39.689813] kfence-#128: 0x00000000b663f615-0x00000000631cfb0c, size=32, cache=kmalloc-32 [ 39.689813] [ 39.689962] allocated by task 306 on cpu 0 at 39.684480s (0.005470s ago): [ 39.690139] test_alloc+0x29c/0x628 [ 39.690534] test_use_after_free_read+0xd0/0x248 [ 39.690754] kunit_try_run_case+0x170/0x3f0 [ 39.690965] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.691188] kthread+0x328/0x630 [ 39.691443] ret_from_fork+0x10/0x20 [ 39.691629] [ 39.692192] freed by task 306 on cpu 0 at 39.684585s (0.007187s ago): [ 39.692454] test_use_after_free_read+0x1c0/0x248 [ 39.692585] kunit_try_run_case+0x170/0x3f0 [ 39.692789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.693179] kthread+0x328/0x630 [ 39.693623] ret_from_fork+0x10/0x20 [ 39.693824] [ 39.694004] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 39.694195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.694283] Hardware name: linux,dummy-virt (DT) [ 39.694526] ================================================================== [ 39.789251] ================================================================== [ 39.789405] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 39.789405] [ 39.789970] Use-after-free read at 0x00000000f3c6b332 (in kfence-#129): [ 39.790286] test_use_after_free_read+0x114/0x248 [ 39.790590] kunit_try_run_case+0x170/0x3f0 [ 39.790738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.791055] kthread+0x328/0x630 [ 39.791326] ret_from_fork+0x10/0x20 [ 39.791671] [ 39.791735] kfence-#129: 0x00000000f3c6b332-0x00000000cb43fcad, size=32, cache=test [ 39.791735] [ 39.792043] allocated by task 308 on cpu 0 at 39.788402s (0.003632s ago): [ 39.792205] test_alloc+0x230/0x628 [ 39.792317] test_use_after_free_read+0xd0/0x248 [ 39.792653] kunit_try_run_case+0x170/0x3f0 [ 39.792765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.792883] kthread+0x328/0x630 [ 39.793327] ret_from_fork+0x10/0x20 [ 39.793509] [ 39.793741] freed by task 308 on cpu 0 at 39.788503s (0.005219s ago): [ 39.794206] test_use_after_free_read+0xf0/0x248 [ 39.794320] kunit_try_run_case+0x170/0x3f0 [ 39.794460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.794661] kthread+0x328/0x630 [ 39.794849] ret_from_fork+0x10/0x20 [ 39.794996] [ 39.795198] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 39.795383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.795453] Hardware name: linux,dummy-virt (DT) [ 39.795528] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 33.609727] ================================================================== [ 33.609875] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 33.610022] Read of size 8 at addr fff00000c77385c0 by task kunit_try_catch/211 [ 33.610138] [ 33.610220] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.610443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.610511] Hardware name: linux,dummy-virt (DT) [ 33.610587] Call trace: [ 33.610644] show_stack+0x20/0x38 (C) [ 33.614081] dump_stack_lvl+0x8c/0xd0 [ 33.614222] print_report+0x118/0x608 [ 33.614367] kasan_report+0xdc/0x128 [ 33.615322] __asan_report_load8_noabort+0x20/0x30 [ 33.615627] workqueue_uaf+0x480/0x4a8 [ 33.615848] kunit_try_run_case+0x170/0x3f0 [ 33.616563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.616732] kthread+0x328/0x630 [ 33.616930] ret_from_fork+0x10/0x20 [ 33.617354] [ 33.617532] Allocated by task 211: [ 33.617617] kasan_save_stack+0x3c/0x68 [ 33.618010] kasan_save_track+0x20/0x40 [ 33.618138] kasan_save_alloc_info+0x40/0x58 [ 33.618240] __kasan_kmalloc+0xd4/0xd8 [ 33.618706] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.619171] workqueue_uaf+0x13c/0x4a8 [ 33.619290] kunit_try_run_case+0x170/0x3f0 [ 33.619398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.619516] kthread+0x328/0x630 [ 33.619827] ret_from_fork+0x10/0x20 [ 33.620174] [ 33.620292] Freed by task 75: [ 33.620398] kasan_save_stack+0x3c/0x68 [ 33.620535] kasan_save_track+0x20/0x40 [ 33.620656] kasan_save_free_info+0x4c/0x78 [ 33.620752] __kasan_slab_free+0x6c/0x98 [ 33.620878] kfree+0x214/0x3c8 [ 33.621134] workqueue_uaf_work+0x18/0x30 [ 33.621250] process_one_work+0x530/0xf98 [ 33.621468] worker_thread+0x618/0xf38 [ 33.621609] kthread+0x328/0x630 [ 33.621836] ret_from_fork+0x10/0x20 [ 33.622165] [ 33.622222] Last potentially related work creation: [ 33.622260] kasan_save_stack+0x3c/0x68 [ 33.622375] kasan_record_aux_stack+0xb4/0xc8 [ 33.622437] __queue_work+0x65c/0xfe0 [ 33.622481] queue_work_on+0xbc/0xf8 [ 33.622525] workqueue_uaf+0x210/0x4a8 [ 33.622568] kunit_try_run_case+0x170/0x3f0 [ 33.622615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.622672] kthread+0x328/0x630 [ 33.622711] ret_from_fork+0x10/0x20 [ 33.622756] [ 33.622779] The buggy address belongs to the object at fff00000c77385c0 [ 33.622779] which belongs to the cache kmalloc-32 of size 32 [ 33.622850] The buggy address is located 0 bytes inside of [ 33.622850] freed 32-byte region [fff00000c77385c0, fff00000c77385e0) [ 33.623162] [ 33.623214] The buggy address belongs to the physical page: [ 33.623286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107738 [ 33.623468] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.623623] page_type: f5(slab) [ 33.623717] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.623838] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.623954] page dumped because: kasan: bad access detected [ 33.624078] [ 33.624164] Memory state around the buggy address: [ 33.624250] fff00000c7738480: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 33.624405] fff00000c7738500: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.624657] >fff00000c7738580: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 33.624882] ^ [ 33.625009] fff00000c7738600: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.625129] fff00000c7738680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.625235] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 33.544753] ================================================================== [ 33.545038] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 33.545357] Read of size 4 at addr fff00000c7738400 by task swapper/0/0 [ 33.545497] [ 33.545580] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.545780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.545840] Hardware name: linux,dummy-virt (DT) [ 33.546001] Call trace: [ 33.546284] show_stack+0x20/0x38 (C) [ 33.546444] dump_stack_lvl+0x8c/0xd0 [ 33.546538] print_report+0x118/0x608 [ 33.546600] kasan_report+0xdc/0x128 [ 33.546694] __asan_report_load4_noabort+0x20/0x30 [ 33.546775] rcu_uaf_reclaim+0x64/0x70 [ 33.546830] rcu_core+0x9f4/0x1e20 [ 33.546908] rcu_core_si+0x18/0x30 [ 33.547183] handle_softirqs+0x374/0xb28 [ 33.547342] __do_softirq+0x1c/0x28 [ 33.547499] ____do_softirq+0x18/0x30 [ 33.547653] call_on_irq_stack+0x24/0x30 [ 33.547835] do_softirq_own_stack+0x24/0x38 [ 33.548185] __irq_exit_rcu+0x1fc/0x318 [ 33.548306] irq_exit_rcu+0x1c/0x80 [ 33.548453] el1_interrupt+0x38/0x58 [ 33.548818] el1h_64_irq_handler+0x18/0x28 [ 33.548955] el1h_64_irq+0x6c/0x70 [ 33.549138] arch_local_irq_enable+0x4/0x8 (P) [ 33.549272] do_idle+0x384/0x4e8 [ 33.549381] cpu_startup_entry+0x68/0x80 [ 33.549498] rest_init+0x160/0x188 [ 33.549623] start_kernel+0x30c/0x3d0 [ 33.549752] __primary_switched+0x8c/0xa0 [ 33.549880] [ 33.549948] Allocated by task 209: [ 33.550019] kasan_save_stack+0x3c/0x68 [ 33.550125] kasan_save_track+0x20/0x40 [ 33.550222] kasan_save_alloc_info+0x40/0x58 [ 33.550327] __kasan_kmalloc+0xd4/0xd8 [ 33.550433] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.550562] rcu_uaf+0xb0/0x2d8 [ 33.550662] kunit_try_run_case+0x170/0x3f0 [ 33.550837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.550981] kthread+0x328/0x630 [ 33.551191] ret_from_fork+0x10/0x20 [ 33.551300] [ 33.551353] Freed by task 0: [ 33.551449] kasan_save_stack+0x3c/0x68 [ 33.551583] kasan_save_track+0x20/0x40 [ 33.551697] kasan_save_free_info+0x4c/0x78 [ 33.551839] __kasan_slab_free+0x6c/0x98 [ 33.552037] kfree+0x214/0x3c8 [ 33.552129] rcu_uaf_reclaim+0x28/0x70 [ 33.552238] rcu_core+0x9f4/0x1e20 [ 33.552377] rcu_core_si+0x18/0x30 [ 33.552473] handle_softirqs+0x374/0xb28 [ 33.552581] __do_softirq+0x1c/0x28 [ 33.552705] [ 33.552810] Last potentially related work creation: [ 33.552917] kasan_save_stack+0x3c/0x68 [ 33.553077] kasan_record_aux_stack+0xb4/0xc8 [ 33.553203] __call_rcu_common.constprop.0+0x74/0x8c8 [ 33.553632] call_rcu+0x18/0x30 [ 33.553834] rcu_uaf+0x14c/0x2d8 [ 33.554010] kunit_try_run_case+0x170/0x3f0 [ 33.554201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.554510] kthread+0x328/0x630 [ 33.554610] ret_from_fork+0x10/0x20 [ 33.554723] [ 33.555047] The buggy address belongs to the object at fff00000c7738400 [ 33.555047] which belongs to the cache kmalloc-32 of size 32 [ 33.555182] The buggy address is located 0 bytes inside of [ 33.555182] freed 32-byte region [fff00000c7738400, fff00000c7738420) [ 33.555261] [ 33.555343] The buggy address belongs to the physical page: [ 33.555448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107738 [ 33.555529] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.555591] page_type: f5(slab) [ 33.555639] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.555699] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.555749] page dumped because: kasan: bad access detected [ 33.555787] [ 33.555808] Memory state around the buggy address: [ 33.555848] fff00000c7738300: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 33.556875] fff00000c7738380: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 33.557672] >fff00000c7738400: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 33.558030] ^ [ 33.558386] fff00000c7738480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.558496] fff00000c7738500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.559037] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 33.405260] ================================================================== [ 33.405363] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 33.405468] Read of size 1 at addr fff00000c7732600 by task kunit_try_catch/207 [ 33.405581] [ 33.405648] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.405848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.406326] Hardware name: linux,dummy-virt (DT) [ 33.407596] Call trace: [ 33.408168] show_stack+0x20/0x38 (C) [ 33.408775] dump_stack_lvl+0x8c/0xd0 [ 33.409070] print_report+0x118/0x608 [ 33.409212] kasan_report+0xdc/0x128 [ 33.409856] __asan_report_load1_noabort+0x20/0x30 [ 33.410641] ksize_uaf+0x598/0x5f8 [ 33.410855] kunit_try_run_case+0x170/0x3f0 [ 33.411004] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.411250] kthread+0x328/0x630 [ 33.411471] ret_from_fork+0x10/0x20 [ 33.411619] [ 33.411664] Allocated by task 207: [ 33.411737] kasan_save_stack+0x3c/0x68 [ 33.411833] kasan_save_track+0x20/0x40 [ 33.411951] kasan_save_alloc_info+0x40/0x58 [ 33.412071] __kasan_kmalloc+0xd4/0xd8 [ 33.412182] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.412453] ksize_uaf+0xb8/0x5f8 [ 33.412668] kunit_try_run_case+0x170/0x3f0 [ 33.412769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.412874] kthread+0x328/0x630 [ 33.412981] ret_from_fork+0x10/0x20 [ 33.413092] [ 33.413147] Freed by task 207: [ 33.413226] kasan_save_stack+0x3c/0x68 [ 33.413874] kasan_save_track+0x20/0x40 [ 33.414046] kasan_save_free_info+0x4c/0x78 [ 33.414174] __kasan_slab_free+0x6c/0x98 [ 33.414306] kfree+0x214/0x3c8 [ 33.414527] ksize_uaf+0x11c/0x5f8 [ 33.414708] kunit_try_run_case+0x170/0x3f0 [ 33.414949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.415149] kthread+0x328/0x630 [ 33.415322] ret_from_fork+0x10/0x20 [ 33.415426] [ 33.415482] The buggy address belongs to the object at fff00000c7732600 [ 33.415482] which belongs to the cache kmalloc-128 of size 128 [ 33.415662] The buggy address is located 0 bytes inside of [ 33.415662] freed 128-byte region [fff00000c7732600, fff00000c7732680) [ 33.416104] [ 33.416149] The buggy address belongs to the physical page: [ 33.416216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.416342] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.416557] page_type: f5(slab) [ 33.416654] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.416790] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.416904] page dumped because: kasan: bad access detected [ 33.417009] [ 33.417084] Memory state around the buggy address: [ 33.417164] fff00000c7732500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.417268] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.417372] >fff00000c7732600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.417494] ^ [ 33.417565] fff00000c7732680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.417666] fff00000c7732700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.417758] ================================================================== [ 33.418986] ================================================================== [ 33.419094] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 33.419277] Read of size 1 at addr fff00000c7732678 by task kunit_try_catch/207 [ 33.419376] [ 33.419450] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.419569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.419603] Hardware name: linux,dummy-virt (DT) [ 33.419679] Call trace: [ 33.419727] show_stack+0x20/0x38 (C) [ 33.419792] dump_stack_lvl+0x8c/0xd0 [ 33.419847] print_report+0x118/0x608 [ 33.419931] kasan_report+0xdc/0x128 [ 33.419995] __asan_report_load1_noabort+0x20/0x30 [ 33.420054] ksize_uaf+0x544/0x5f8 [ 33.420106] kunit_try_run_case+0x170/0x3f0 [ 33.420165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.420226] kthread+0x328/0x630 [ 33.420279] ret_from_fork+0x10/0x20 [ 33.420334] [ 33.420356] Allocated by task 207: [ 33.420391] kasan_save_stack+0x3c/0x68 [ 33.420443] kasan_save_track+0x20/0x40 [ 33.420490] kasan_save_alloc_info+0x40/0x58 [ 33.420535] __kasan_kmalloc+0xd4/0xd8 [ 33.420580] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.420630] ksize_uaf+0xb8/0x5f8 [ 33.420672] kunit_try_run_case+0x170/0x3f0 [ 33.420719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.420772] kthread+0x328/0x630 [ 33.420812] ret_from_fork+0x10/0x20 [ 33.420857] [ 33.420880] Freed by task 207: [ 33.420986] kasan_save_stack+0x3c/0x68 [ 33.421089] kasan_save_track+0x20/0x40 [ 33.421192] kasan_save_free_info+0x4c/0x78 [ 33.421357] __kasan_slab_free+0x6c/0x98 [ 33.421481] kfree+0x214/0x3c8 [ 33.421673] ksize_uaf+0x11c/0x5f8 [ 33.422210] kunit_try_run_case+0x170/0x3f0 [ 33.423168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.423657] kthread+0x328/0x630 [ 33.424002] ret_from_fork+0x10/0x20 [ 33.424109] [ 33.424156] The buggy address belongs to the object at fff00000c7732600 [ 33.424156] which belongs to the cache kmalloc-128 of size 128 [ 33.424337] The buggy address is located 120 bytes inside of [ 33.424337] freed 128-byte region [fff00000c7732600, fff00000c7732680) [ 33.424484] [ 33.424536] The buggy address belongs to the physical page: [ 33.424608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.425248] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.426079] page_type: f5(slab) [ 33.426459] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.427118] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.427511] page dumped because: kasan: bad access detected [ 33.427614] [ 33.427665] Memory state around the buggy address: [ 33.427800] fff00000c7732500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.428014] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.428149] >fff00000c7732600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.428320] ^ [ 33.428573] fff00000c7732680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.428727] fff00000c7732700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.428949] ================================================================== [ 33.387870] ================================================================== [ 33.388012] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 33.388139] Read of size 1 at addr fff00000c7732600 by task kunit_try_catch/207 [ 33.388261] [ 33.388332] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.390960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.391209] Hardware name: linux,dummy-virt (DT) [ 33.391316] Call trace: [ 33.391380] show_stack+0x20/0x38 (C) [ 33.391508] dump_stack_lvl+0x8c/0xd0 [ 33.391882] print_report+0x118/0x608 [ 33.392055] kasan_report+0xdc/0x128 [ 33.392179] __kasan_check_byte+0x54/0x70 [ 33.392338] ksize+0x30/0x88 [ 33.392476] ksize_uaf+0x168/0x5f8 [ 33.392594] kunit_try_run_case+0x170/0x3f0 [ 33.392754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.392939] kthread+0x328/0x630 [ 33.393056] ret_from_fork+0x10/0x20 [ 33.393183] [ 33.393232] Allocated by task 207: [ 33.393307] kasan_save_stack+0x3c/0x68 [ 33.393789] kasan_save_track+0x20/0x40 [ 33.393948] kasan_save_alloc_info+0x40/0x58 [ 33.394087] __kasan_kmalloc+0xd4/0xd8 [ 33.394208] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.394334] ksize_uaf+0xb8/0x5f8 [ 33.394444] kunit_try_run_case+0x170/0x3f0 [ 33.394554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.394663] kthread+0x328/0x630 [ 33.394764] ret_from_fork+0x10/0x20 [ 33.394864] [ 33.394929] Freed by task 207: [ 33.395007] kasan_save_stack+0x3c/0x68 [ 33.395309] kasan_save_track+0x20/0x40 [ 33.395420] kasan_save_free_info+0x4c/0x78 [ 33.395612] __kasan_slab_free+0x6c/0x98 [ 33.395826] kfree+0x214/0x3c8 [ 33.396019] ksize_uaf+0x11c/0x5f8 [ 33.396216] kunit_try_run_case+0x170/0x3f0 [ 33.396812] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.397278] kthread+0x328/0x630 [ 33.397670] ret_from_fork+0x10/0x20 [ 33.398008] [ 33.398206] The buggy address belongs to the object at fff00000c7732600 [ 33.398206] which belongs to the cache kmalloc-128 of size 128 [ 33.398343] The buggy address is located 0 bytes inside of [ 33.398343] freed 128-byte region [fff00000c7732600, fff00000c7732680) [ 33.398932] [ 33.399042] The buggy address belongs to the physical page: [ 33.399240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.399480] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.399661] page_type: f5(slab) [ 33.399944] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.400186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.400343] page dumped because: kasan: bad access detected [ 33.400563] [ 33.400706] Memory state around the buggy address: [ 33.400915] fff00000c7732500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.401033] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.401228] >fff00000c7732600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.401322] ^ [ 33.401461] fff00000c7732680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.401572] fff00000c7732700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.401666] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 33.341118] ================================================================== [ 33.341553] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 33.342067] Read of size 1 at addr fff00000c7732573 by task kunit_try_catch/205 [ 33.342449] [ 33.342643] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.343463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.343819] Hardware name: linux,dummy-virt (DT) [ 33.343921] Call trace: [ 33.344303] show_stack+0x20/0x38 (C) [ 33.344476] dump_stack_lvl+0x8c/0xd0 [ 33.344576] print_report+0x118/0x608 [ 33.344639] kasan_report+0xdc/0x128 [ 33.344736] __asan_report_load1_noabort+0x20/0x30 [ 33.344829] ksize_unpoisons_memory+0x628/0x740 [ 33.344927] kunit_try_run_case+0x170/0x3f0 [ 33.345299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.345464] kthread+0x328/0x630 [ 33.345777] ret_from_fork+0x10/0x20 [ 33.345955] [ 33.346028] Allocated by task 205: [ 33.346122] kasan_save_stack+0x3c/0x68 [ 33.346275] kasan_save_track+0x20/0x40 [ 33.346412] kasan_save_alloc_info+0x40/0x58 [ 33.346651] __kasan_kmalloc+0xd4/0xd8 [ 33.346748] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.346878] ksize_unpoisons_memory+0xc0/0x740 [ 33.347138] kunit_try_run_case+0x170/0x3f0 [ 33.347249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.347372] kthread+0x328/0x630 [ 33.347472] ret_from_fork+0x10/0x20 [ 33.347578] [ 33.347623] The buggy address belongs to the object at fff00000c7732500 [ 33.347623] which belongs to the cache kmalloc-128 of size 128 [ 33.347755] The buggy address is located 0 bytes to the right of [ 33.347755] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.347930] [ 33.348062] The buggy address belongs to the physical page: [ 33.348153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.348282] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.348427] page_type: f5(slab) [ 33.348604] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.348768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.348944] page dumped because: kasan: bad access detected [ 33.349058] [ 33.349140] Memory state around the buggy address: [ 33.349216] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.349486] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.349652] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.349744] ^ [ 33.349903] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.350104] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.350257] ================================================================== [ 33.353457] ================================================================== [ 33.353582] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 33.353816] Read of size 1 at addr fff00000c7732578 by task kunit_try_catch/205 [ 33.354081] [ 33.354208] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.354801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.354997] Hardware name: linux,dummy-virt (DT) [ 33.355078] Call trace: [ 33.355150] show_stack+0x20/0x38 (C) [ 33.355268] dump_stack_lvl+0x8c/0xd0 [ 33.356703] print_report+0x118/0x608 [ 33.356800] kasan_report+0xdc/0x128 [ 33.356865] __asan_report_load1_noabort+0x20/0x30 [ 33.356985] ksize_unpoisons_memory+0x618/0x740 [ 33.357049] kunit_try_run_case+0x170/0x3f0 [ 33.357111] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.357178] kthread+0x328/0x630 [ 33.357229] ret_from_fork+0x10/0x20 [ 33.357288] [ 33.357310] Allocated by task 205: [ 33.357349] kasan_save_stack+0x3c/0x68 [ 33.357400] kasan_save_track+0x20/0x40 [ 33.357447] kasan_save_alloc_info+0x40/0x58 [ 33.357494] __kasan_kmalloc+0xd4/0xd8 [ 33.357539] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.357590] ksize_unpoisons_memory+0xc0/0x740 [ 33.357636] kunit_try_run_case+0x170/0x3f0 [ 33.357684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.357736] kthread+0x328/0x630 [ 33.357774] ret_from_fork+0x10/0x20 [ 33.357818] [ 33.357840] The buggy address belongs to the object at fff00000c7732500 [ 33.357840] which belongs to the cache kmalloc-128 of size 128 [ 33.358136] The buggy address is located 5 bytes to the right of [ 33.358136] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.358441] [ 33.358500] The buggy address belongs to the physical page: [ 33.359129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.359328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.359495] page_type: f5(slab) [ 33.359619] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.359806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.359932] page dumped because: kasan: bad access detected [ 33.360384] [ 33.360453] Memory state around the buggy address: [ 33.360550] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.360818] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.361365] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.361562] ^ [ 33.361943] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.362077] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.362171] ================================================================== [ 33.363601] ================================================================== [ 33.363726] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 33.364504] Read of size 1 at addr fff00000c773257f by task kunit_try_catch/205 [ 33.364730] [ 33.364817] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.365850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.366266] Hardware name: linux,dummy-virt (DT) [ 33.366871] Call trace: [ 33.366962] show_stack+0x20/0x38 (C) [ 33.367149] dump_stack_lvl+0x8c/0xd0 [ 33.367691] print_report+0x118/0x608 [ 33.368132] kasan_report+0xdc/0x128 [ 33.368297] __asan_report_load1_noabort+0x20/0x30 [ 33.368836] ksize_unpoisons_memory+0x690/0x740 [ 33.369329] kunit_try_run_case+0x170/0x3f0 [ 33.369652] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.370117] kthread+0x328/0x630 [ 33.370842] ret_from_fork+0x10/0x20 [ 33.371159] [ 33.371284] Allocated by task 205: [ 33.371392] kasan_save_stack+0x3c/0x68 [ 33.371511] kasan_save_track+0x20/0x40 [ 33.371630] kasan_save_alloc_info+0x40/0x58 [ 33.371730] __kasan_kmalloc+0xd4/0xd8 [ 33.371818] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.371982] ksize_unpoisons_memory+0xc0/0x740 [ 33.372161] kunit_try_run_case+0x170/0x3f0 [ 33.372287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.372392] kthread+0x328/0x630 [ 33.372474] ret_from_fork+0x10/0x20 [ 33.372558] [ 33.372603] The buggy address belongs to the object at fff00000c7732500 [ 33.372603] which belongs to the cache kmalloc-128 of size 128 [ 33.372735] The buggy address is located 12 bytes to the right of [ 33.372735] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.372955] [ 33.373065] The buggy address belongs to the physical page: [ 33.373176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.373343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.373460] page_type: f5(slab) [ 33.373560] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.373812] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.373934] page dumped because: kasan: bad access detected [ 33.374027] [ 33.374080] Memory state around the buggy address: [ 33.374170] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.374291] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.374423] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.374534] ^ [ 33.374652] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.374809] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.375011] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 38.186337] ================================================================== [ 38.186498] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 38.186498] [ 38.186695] Out-of-bounds read at 0x00000000374b82ed (32B right of kfence-#114): [ 38.186830] test_out_of_bounds_read+0x1c8/0x3e0 [ 38.186964] kunit_try_run_case+0x170/0x3f0 [ 38.187082] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.187239] kthread+0x328/0x630 [ 38.187636] ret_from_fork+0x10/0x20 [ 38.188087] [ 38.188215] kfence-#114: 0x0000000004dab95f-0x00000000cbc7f81c, size=32, cache=kmalloc-32 [ 38.188215] [ 38.188453] allocated by task 298 on cpu 0 at 38.185924s (0.002500s ago): [ 38.188734] test_alloc+0x29c/0x628 [ 38.188903] test_out_of_bounds_read+0x198/0x3e0 [ 38.189373] kunit_try_run_case+0x170/0x3f0 [ 38.190193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.190836] kthread+0x328/0x630 [ 38.191352] ret_from_fork+0x10/0x20 [ 38.192035] [ 38.192244] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 38.193353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.194077] Hardware name: linux,dummy-virt (DT) [ 38.194518] ================================================================== [ 38.086713] ================================================================== [ 38.086943] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 38.086943] [ 38.088281] Out-of-bounds read at 0x00000000cc6c76ac (1B left of kfence-#113): [ 38.090095] test_out_of_bounds_read+0x114/0x3e0 [ 38.090323] kunit_try_run_case+0x170/0x3f0 [ 38.090657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.090834] kthread+0x328/0x630 [ 38.091140] ret_from_fork+0x10/0x20 [ 38.091265] [ 38.091684] kfence-#113: 0x000000009c82bd1c-0x000000001dbfc1d7, size=32, cache=kmalloc-32 [ 38.091684] [ 38.092076] allocated by task 298 on cpu 0 at 38.084159s (0.007810s ago): [ 38.094417] test_alloc+0x29c/0x628 [ 38.094783] test_out_of_bounds_read+0xdc/0x3e0 [ 38.097250] kunit_try_run_case+0x170/0x3f0 [ 38.097314] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.097369] kthread+0x328/0x630 [ 38.097413] ret_from_fork+0x10/0x20 [ 38.097537] [ 38.097631] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 38.097736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.097774] Hardware name: linux,dummy-virt (DT) [ 38.097824] ================================================================== [ 38.509552] ================================================================== [ 38.509963] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 38.509963] [ 38.510412] Out-of-bounds read at 0x00000000bf7124f7 (32B right of kfence-#117): [ 38.510597] test_out_of_bounds_read+0x1c8/0x3e0 [ 38.510899] kunit_try_run_case+0x170/0x3f0 [ 38.511012] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.511199] kthread+0x328/0x630 [ 38.511323] ret_from_fork+0x10/0x20 [ 38.511427] [ 38.511534] kfence-#117: 0x0000000031295163-0x00000000f702fd9c, size=32, cache=test [ 38.511534] [ 38.511701] allocated by task 300 on cpu 0 at 38.509231s (0.002461s ago): [ 38.511863] test_alloc+0x230/0x628 [ 38.512338] test_out_of_bounds_read+0x198/0x3e0 [ 38.512576] kunit_try_run_case+0x170/0x3f0 [ 38.512683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.512883] kthread+0x328/0x630 [ 38.512996] ret_from_fork+0x10/0x20 [ 38.513160] [ 38.513655] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 38.514258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.514489] Hardware name: linux,dummy-virt (DT) [ 38.515024] ================================================================== [ 38.398703] ================================================================== [ 38.399013] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 38.399013] [ 38.399415] Out-of-bounds read at 0x0000000009e3637f (1B left of kfence-#116): [ 38.399609] test_out_of_bounds_read+0x114/0x3e0 [ 38.399733] kunit_try_run_case+0x170/0x3f0 [ 38.400337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.400992] kthread+0x328/0x630 [ 38.401136] ret_from_fork+0x10/0x20 [ 38.401390] [ 38.401554] kfence-#116: 0x000000007d44daa9-0x0000000069763289, size=32, cache=test [ 38.401554] [ 38.401938] allocated by task 300 on cpu 0 at 38.397974s (0.003924s ago): [ 38.402775] test_alloc+0x230/0x628 [ 38.403010] test_out_of_bounds_read+0xdc/0x3e0 [ 38.403557] kunit_try_run_case+0x170/0x3f0 [ 38.404189] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.404308] kthread+0x328/0x630 [ 38.404361] ret_from_fork+0x10/0x20 [ 38.404411] [ 38.404503] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 38.404614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.404651] Hardware name: linux,dummy-virt (DT) [ 38.404691] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 37.944956] ================================================================== [ 37.945083] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 37.945213] Write of size 1 at addr fff00000c77e6a78 by task kunit_try_catch/296 [ 37.945341] [ 37.945442] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.945662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.945753] Hardware name: linux,dummy-virt (DT) [ 37.945844] Call trace: [ 37.945923] show_stack+0x20/0x38 (C) [ 37.946066] dump_stack_lvl+0x8c/0xd0 [ 37.946289] print_report+0x118/0x608 [ 37.946431] kasan_report+0xdc/0x128 [ 37.946618] __asan_report_store1_noabort+0x20/0x30 [ 37.946762] strncpy_from_user+0x270/0x2a0 [ 37.946901] copy_user_test_oob+0x5c0/0xec8 [ 37.947024] kunit_try_run_case+0x170/0x3f0 [ 37.947160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.947292] kthread+0x328/0x630 [ 37.947397] ret_from_fork+0x10/0x20 [ 37.947517] [ 37.947570] Allocated by task 296: [ 37.947639] kasan_save_stack+0x3c/0x68 [ 37.947737] kasan_save_track+0x20/0x40 [ 37.947838] kasan_save_alloc_info+0x40/0x58 [ 37.947960] __kasan_kmalloc+0xd4/0xd8 [ 37.948133] __kmalloc_noprof+0x198/0x4c8 [ 37.948337] kunit_kmalloc_array+0x34/0x88 [ 37.948461] copy_user_test_oob+0xac/0xec8 [ 37.948578] kunit_try_run_case+0x170/0x3f0 [ 37.948715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.948939] kthread+0x328/0x630 [ 37.949141] ret_from_fork+0x10/0x20 [ 37.949260] [ 37.949318] The buggy address belongs to the object at fff00000c77e6a00 [ 37.949318] which belongs to the cache kmalloc-128 of size 128 [ 37.949460] The buggy address is located 0 bytes to the right of [ 37.949460] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.949614] [ 37.949692] The buggy address belongs to the physical page: [ 37.949785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.949991] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.950268] page_type: f5(slab) [ 37.950457] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.950590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.950693] page dumped because: kasan: bad access detected [ 37.950834] [ 37.950962] Memory state around the buggy address: [ 37.951081] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.951271] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.951382] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.951480] ^ [ 37.951609] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.951944] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.952226] ================================================================== [ 37.918764] ================================================================== [ 37.918866] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 37.919368] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.920429] [ 37.920591] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.921423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.921503] Hardware name: linux,dummy-virt (DT) [ 37.921966] Call trace: [ 37.922496] show_stack+0x20/0x38 (C) [ 37.923288] dump_stack_lvl+0x8c/0xd0 [ 37.924059] print_report+0x118/0x608 [ 37.924236] kasan_report+0xdc/0x128 [ 37.924809] kasan_check_range+0x100/0x1a8 [ 37.925394] __kasan_check_write+0x20/0x30 [ 37.925783] strncpy_from_user+0x3c/0x2a0 [ 37.925930] copy_user_test_oob+0x5c0/0xec8 [ 37.926057] kunit_try_run_case+0x170/0x3f0 [ 37.927052] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.927971] kthread+0x328/0x630 [ 37.928096] ret_from_fork+0x10/0x20 [ 37.928824] [ 37.928919] Allocated by task 296: [ 37.929009] kasan_save_stack+0x3c/0x68 [ 37.929118] kasan_save_track+0x20/0x40 [ 37.930093] kasan_save_alloc_info+0x40/0x58 [ 37.930564] __kasan_kmalloc+0xd4/0xd8 [ 37.931067] __kmalloc_noprof+0x198/0x4c8 [ 37.931236] kunit_kmalloc_array+0x34/0x88 [ 37.931350] copy_user_test_oob+0xac/0xec8 [ 37.931462] kunit_try_run_case+0x170/0x3f0 [ 37.931948] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.932698] kthread+0x328/0x630 [ 37.933388] ret_from_fork+0x10/0x20 [ 37.933510] [ 37.933800] The buggy address belongs to the object at fff00000c77e6a00 [ 37.933800] which belongs to the cache kmalloc-128 of size 128 [ 37.934275] The buggy address is located 0 bytes inside of [ 37.934275] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.934815] [ 37.934878] The buggy address belongs to the physical page: [ 37.934980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.935115] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.935245] page_type: f5(slab) [ 37.935925] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.936142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.936254] page dumped because: kasan: bad access detected [ 37.936337] [ 37.936388] Memory state around the buggy address: [ 37.936926] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.937744] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.938112] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.938223] ^ [ 37.939130] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.939285] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.939604] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 37.857996] ================================================================== [ 37.858133] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 37.858325] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.858471] [ 37.858664] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.859048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.859210] Hardware name: linux,dummy-virt (DT) [ 37.859329] Call trace: [ 37.859428] show_stack+0x20/0x38 (C) [ 37.859675] dump_stack_lvl+0x8c/0xd0 [ 37.859809] print_report+0x118/0x608 [ 37.859956] kasan_report+0xdc/0x128 [ 37.860074] kasan_check_range+0x100/0x1a8 [ 37.860220] __kasan_check_read+0x20/0x30 [ 37.860447] copy_user_test_oob+0x728/0xec8 [ 37.860727] kunit_try_run_case+0x170/0x3f0 [ 37.860984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.861260] kthread+0x328/0x630 [ 37.861439] ret_from_fork+0x10/0x20 [ 37.861633] [ 37.861689] Allocated by task 296: [ 37.861773] kasan_save_stack+0x3c/0x68 [ 37.861907] kasan_save_track+0x20/0x40 [ 37.862050] kasan_save_alloc_info+0x40/0x58 [ 37.862252] __kasan_kmalloc+0xd4/0xd8 [ 37.862505] __kmalloc_noprof+0x198/0x4c8 [ 37.862611] kunit_kmalloc_array+0x34/0x88 [ 37.862750] copy_user_test_oob+0xac/0xec8 [ 37.862861] kunit_try_run_case+0x170/0x3f0 [ 37.863165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.863314] kthread+0x328/0x630 [ 37.863457] ret_from_fork+0x10/0x20 [ 37.863602] [ 37.863787] The buggy address belongs to the object at fff00000c77e6a00 [ 37.863787] which belongs to the cache kmalloc-128 of size 128 [ 37.864193] The buggy address is located 0 bytes inside of [ 37.864193] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.864431] [ 37.864494] The buggy address belongs to the physical page: [ 37.864587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.864757] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.864940] page_type: f5(slab) [ 37.865076] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.865280] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.865492] page dumped because: kasan: bad access detected [ 37.865651] [ 37.865813] Memory state around the buggy address: [ 37.865933] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.866066] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.866239] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.866379] ^ [ 37.866706] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.866954] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.867152] ================================================================== [ 37.833648] ================================================================== [ 37.833868] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 37.834504] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.834643] [ 37.834750] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.834978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.835050] Hardware name: linux,dummy-virt (DT) [ 37.835150] Call trace: [ 37.835556] show_stack+0x20/0x38 (C) [ 37.836142] dump_stack_lvl+0x8c/0xd0 [ 37.836447] print_report+0x118/0x608 [ 37.836827] kasan_report+0xdc/0x128 [ 37.836986] kasan_check_range+0x100/0x1a8 [ 37.837401] __kasan_check_write+0x20/0x30 [ 37.837551] copy_user_test_oob+0x234/0xec8 [ 37.838077] kunit_try_run_case+0x170/0x3f0 [ 37.838288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.838819] kthread+0x328/0x630 [ 37.839329] ret_from_fork+0x10/0x20 [ 37.839814] [ 37.840127] Allocated by task 296: [ 37.840220] kasan_save_stack+0x3c/0x68 [ 37.840331] kasan_save_track+0x20/0x40 [ 37.840665] kasan_save_alloc_info+0x40/0x58 [ 37.841242] __kasan_kmalloc+0xd4/0xd8 [ 37.841500] __kmalloc_noprof+0x198/0x4c8 [ 37.841636] kunit_kmalloc_array+0x34/0x88 [ 37.841736] copy_user_test_oob+0xac/0xec8 [ 37.841839] kunit_try_run_case+0x170/0x3f0 [ 37.841973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.842111] kthread+0x328/0x630 [ 37.842202] ret_from_fork+0x10/0x20 [ 37.842325] [ 37.842396] The buggy address belongs to the object at fff00000c77e6a00 [ 37.842396] which belongs to the cache kmalloc-128 of size 128 [ 37.842551] The buggy address is located 0 bytes inside of [ 37.842551] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.842703] [ 37.842761] The buggy address belongs to the physical page: [ 37.842846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.843176] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.843642] page_type: f5(slab) [ 37.844009] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.844289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.844434] page dumped because: kasan: bad access detected [ 37.844538] [ 37.844602] Memory state around the buggy address: [ 37.844691] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.844853] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845146] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.845437] ^ [ 37.845563] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845816] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845935] ================================================================== [ 37.887958] ================================================================== [ 37.888070] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 37.888193] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.888319] [ 37.888384] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.888748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.888829] Hardware name: linux,dummy-virt (DT) [ 37.888934] Call trace: [ 37.889093] show_stack+0x20/0x38 (C) [ 37.889434] dump_stack_lvl+0x8c/0xd0 [ 37.889701] print_report+0x118/0x608 [ 37.889821] kasan_report+0xdc/0x128 [ 37.889963] kasan_check_range+0x100/0x1a8 [ 37.890139] __kasan_check_read+0x20/0x30 [ 37.890315] copy_user_test_oob+0x3c8/0xec8 [ 37.890468] kunit_try_run_case+0x170/0x3f0 [ 37.890653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.890838] kthread+0x328/0x630 [ 37.891105] ret_from_fork+0x10/0x20 [ 37.891294] [ 37.891325] Allocated by task 296: [ 37.891397] kasan_save_stack+0x3c/0x68 [ 37.891477] kasan_save_track+0x20/0x40 [ 37.891529] kasan_save_alloc_info+0x40/0x58 [ 37.891586] __kasan_kmalloc+0xd4/0xd8 [ 37.891673] __kmalloc_noprof+0x198/0x4c8 [ 37.891727] kunit_kmalloc_array+0x34/0x88 [ 37.891775] copy_user_test_oob+0xac/0xec8 [ 37.891822] kunit_try_run_case+0x170/0x3f0 [ 37.891871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.892079] kthread+0x328/0x630 [ 37.892713] ret_from_fork+0x10/0x20 [ 37.893169] [ 37.893347] The buggy address belongs to the object at fff00000c77e6a00 [ 37.893347] which belongs to the cache kmalloc-128 of size 128 [ 37.893730] The buggy address is located 0 bytes inside of [ 37.893730] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.893910] [ 37.893964] The buggy address belongs to the physical page: [ 37.894797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.895779] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.895930] page_type: f5(slab) [ 37.896033] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.896159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.896371] page dumped because: kasan: bad access detected [ 37.896468] [ 37.896534] Memory state around the buggy address: [ 37.896661] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.896833] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.896976] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.897329] ^ [ 37.897654] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.897823] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.897945] ================================================================== [ 37.908495] ================================================================== [ 37.908647] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 37.908812] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.909045] [ 37.909154] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.909536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.909637] Hardware name: linux,dummy-virt (DT) [ 37.909784] Call trace: [ 37.909918] show_stack+0x20/0x38 (C) [ 37.910044] dump_stack_lvl+0x8c/0xd0 [ 37.910183] print_report+0x118/0x608 [ 37.910410] kasan_report+0xdc/0x128 [ 37.910627] kasan_check_range+0x100/0x1a8 [ 37.910958] __kasan_check_read+0x20/0x30 [ 37.911153] copy_user_test_oob+0x4a0/0xec8 [ 37.911313] kunit_try_run_case+0x170/0x3f0 [ 37.911445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.911568] kthread+0x328/0x630 [ 37.911684] ret_from_fork+0x10/0x20 [ 37.911808] [ 37.911862] Allocated by task 296: [ 37.911962] kasan_save_stack+0x3c/0x68 [ 37.912058] kasan_save_track+0x20/0x40 [ 37.912279] kasan_save_alloc_info+0x40/0x58 [ 37.912480] __kasan_kmalloc+0xd4/0xd8 [ 37.912588] __kmalloc_noprof+0x198/0x4c8 [ 37.912755] kunit_kmalloc_array+0x34/0x88 [ 37.912910] copy_user_test_oob+0xac/0xec8 [ 37.913033] kunit_try_run_case+0x170/0x3f0 [ 37.913223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.913384] kthread+0x328/0x630 [ 37.913504] ret_from_fork+0x10/0x20 [ 37.913605] [ 37.913682] The buggy address belongs to the object at fff00000c77e6a00 [ 37.913682] which belongs to the cache kmalloc-128 of size 128 [ 37.913906] The buggy address is located 0 bytes inside of [ 37.913906] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.914076] [ 37.914221] The buggy address belongs to the physical page: [ 37.914313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.914478] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.914603] page_type: f5(slab) [ 37.914723] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.914855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.915043] page dumped because: kasan: bad access detected [ 37.915161] [ 37.915222] Memory state around the buggy address: [ 37.915354] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.915519] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.915769] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.915900] ^ [ 37.916085] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.916366] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.916481] ================================================================== [ 37.877188] ================================================================== [ 37.877477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 37.879294] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.879604] [ 37.879939] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.880199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.880330] Hardware name: linux,dummy-virt (DT) [ 37.880382] Call trace: [ 37.880416] show_stack+0x20/0x38 (C) [ 37.880507] dump_stack_lvl+0x8c/0xd0 [ 37.880595] print_report+0x118/0x608 [ 37.880659] kasan_report+0xdc/0x128 [ 37.880715] kasan_check_range+0x100/0x1a8 [ 37.880777] __kasan_check_write+0x20/0x30 [ 37.880836] copy_user_test_oob+0x35c/0xec8 [ 37.881033] kunit_try_run_case+0x170/0x3f0 [ 37.881193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.881333] kthread+0x328/0x630 [ 37.881445] ret_from_fork+0x10/0x20 [ 37.881579] [ 37.881753] Allocated by task 296: [ 37.881836] kasan_save_stack+0x3c/0x68 [ 37.882014] kasan_save_track+0x20/0x40 [ 37.882265] kasan_save_alloc_info+0x40/0x58 [ 37.882495] __kasan_kmalloc+0xd4/0xd8 [ 37.882633] __kmalloc_noprof+0x198/0x4c8 [ 37.882728] kunit_kmalloc_array+0x34/0x88 [ 37.882831] copy_user_test_oob+0xac/0xec8 [ 37.882959] kunit_try_run_case+0x170/0x3f0 [ 37.883076] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.883263] kthread+0x328/0x630 [ 37.883388] ret_from_fork+0x10/0x20 [ 37.883529] [ 37.883595] The buggy address belongs to the object at fff00000c77e6a00 [ 37.883595] which belongs to the cache kmalloc-128 of size 128 [ 37.883753] The buggy address is located 0 bytes inside of [ 37.883753] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.883944] [ 37.884007] The buggy address belongs to the physical page: [ 37.884146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.884291] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.884431] page_type: f5(slab) [ 37.884554] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.884698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.884863] page dumped because: kasan: bad access detected [ 37.885003] [ 37.885061] Memory state around the buggy address: [ 37.885144] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.885250] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885360] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.885458] ^ [ 37.885579] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885704] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885974] ================================================================== [ 37.899647] ================================================================== [ 37.899950] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 37.900067] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.900399] [ 37.900592] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.901120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.901194] Hardware name: linux,dummy-virt (DT) [ 37.901267] Call trace: [ 37.901325] show_stack+0x20/0x38 (C) [ 37.901440] dump_stack_lvl+0x8c/0xd0 [ 37.901559] print_report+0x118/0x608 [ 37.901676] kasan_report+0xdc/0x128 [ 37.901792] kasan_check_range+0x100/0x1a8 [ 37.901932] __kasan_check_write+0x20/0x30 [ 37.902072] copy_user_test_oob+0x434/0xec8 [ 37.902217] kunit_try_run_case+0x170/0x3f0 [ 37.902373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.902529] kthread+0x328/0x630 [ 37.902674] ret_from_fork+0x10/0x20 [ 37.902847] [ 37.902925] Allocated by task 296: [ 37.903033] kasan_save_stack+0x3c/0x68 [ 37.903176] kasan_save_track+0x20/0x40 [ 37.903308] kasan_save_alloc_info+0x40/0x58 [ 37.903513] __kasan_kmalloc+0xd4/0xd8 [ 37.903629] __kmalloc_noprof+0x198/0x4c8 [ 37.903750] kunit_kmalloc_array+0x34/0x88 [ 37.904049] copy_user_test_oob+0xac/0xec8 [ 37.904214] kunit_try_run_case+0x170/0x3f0 [ 37.904330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.904461] kthread+0x328/0x630 [ 37.904593] ret_from_fork+0x10/0x20 [ 37.904737] [ 37.904800] The buggy address belongs to the object at fff00000c77e6a00 [ 37.904800] which belongs to the cache kmalloc-128 of size 128 [ 37.904960] The buggy address is located 0 bytes inside of [ 37.904960] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.905113] [ 37.905170] The buggy address belongs to the physical page: [ 37.905279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.905436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.905555] page_type: f5(slab) [ 37.905648] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.905838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.905966] page dumped because: kasan: bad access detected [ 37.906067] [ 37.906151] Memory state around the buggy address: [ 37.906273] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.906483] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.906743] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.906855] ^ [ 37.906979] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.907089] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.907211] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 37.745701] ================================================================== [ 37.745768] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 37.745834] Write of size 8 at addr fff00000c77e6978 by task kunit_try_catch/292 [ 37.745963] [ 37.746056] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.746502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.746597] Hardware name: linux,dummy-virt (DT) [ 37.746679] Call trace: [ 37.746742] show_stack+0x20/0x38 (C) [ 37.746860] dump_stack_lvl+0x8c/0xd0 [ 37.746998] print_report+0x118/0x608 [ 37.747133] kasan_report+0xdc/0x128 [ 37.747289] kasan_check_range+0x100/0x1a8 [ 37.747767] __kasan_check_write+0x20/0x30 [ 37.747995] copy_to_kernel_nofault+0x8c/0x250 [ 37.748138] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 37.748317] kunit_try_run_case+0x170/0x3f0 [ 37.748662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.749014] kthread+0x328/0x630 [ 37.749136] ret_from_fork+0x10/0x20 [ 37.749265] [ 37.749315] Allocated by task 292: [ 37.749408] kasan_save_stack+0x3c/0x68 [ 37.749530] kasan_save_track+0x20/0x40 [ 37.750042] kasan_save_alloc_info+0x40/0x58 [ 37.750164] __kasan_kmalloc+0xd4/0xd8 [ 37.750577] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.750690] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.750799] kunit_try_run_case+0x170/0x3f0 [ 37.751153] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.751416] kthread+0x328/0x630 [ 37.751522] ret_from_fork+0x10/0x20 [ 37.752136] [ 37.752216] The buggy address belongs to the object at fff00000c77e6900 [ 37.752216] which belongs to the cache kmalloc-128 of size 128 [ 37.752315] The buggy address is located 0 bytes to the right of [ 37.752315] allocated 120-byte region [fff00000c77e6900, fff00000c77e6978) [ 37.752398] [ 37.752424] The buggy address belongs to the physical page: [ 37.752466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.752535] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.752598] page_type: f5(slab) [ 37.752649] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.752715] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.752768] page dumped because: kasan: bad access detected [ 37.752809] [ 37.752832] Memory state around the buggy address: [ 37.752875] fff00000c77e6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.753112] fff00000c77e6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.753231] >fff00000c77e6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.753577] ^ [ 37.753941] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.754173] fff00000c77e6a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.754421] ================================================================== [ 37.733535] ================================================================== [ 37.733912] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 37.734171] Read of size 8 at addr fff00000c77e6978 by task kunit_try_catch/292 [ 37.734299] [ 37.734412] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.735057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.735190] Hardware name: linux,dummy-virt (DT) [ 37.735255] Call trace: [ 37.735290] show_stack+0x20/0x38 (C) [ 37.735401] dump_stack_lvl+0x8c/0xd0 [ 37.735707] print_report+0x118/0x608 [ 37.735839] kasan_report+0xdc/0x128 [ 37.735991] __asan_report_load8_noabort+0x20/0x30 [ 37.736130] copy_to_kernel_nofault+0x204/0x250 [ 37.736496] copy_to_kernel_nofault_oob+0x158/0x418 [ 37.736871] kunit_try_run_case+0x170/0x3f0 [ 37.737013] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.737227] kthread+0x328/0x630 [ 37.737346] ret_from_fork+0x10/0x20 [ 37.737489] [ 37.737543] Allocated by task 292: [ 37.737700] kasan_save_stack+0x3c/0x68 [ 37.737804] kasan_save_track+0x20/0x40 [ 37.738277] kasan_save_alloc_info+0x40/0x58 [ 37.738567] __kasan_kmalloc+0xd4/0xd8 [ 37.738695] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.738819] copy_to_kernel_nofault_oob+0xc8/0x418 [ 37.739379] kunit_try_run_case+0x170/0x3f0 [ 37.739684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.740195] kthread+0x328/0x630 [ 37.740296] ret_from_fork+0x10/0x20 [ 37.740394] [ 37.740579] The buggy address belongs to the object at fff00000c77e6900 [ 37.740579] which belongs to the cache kmalloc-128 of size 128 [ 37.740719] The buggy address is located 0 bytes to the right of [ 37.740719] allocated 120-byte region [fff00000c77e6900, fff00000c77e6978) [ 37.740937] [ 37.741092] The buggy address belongs to the physical page: [ 37.741190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.741477] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.741630] page_type: f5(slab) [ 37.741781] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.741966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.742582] page dumped because: kasan: bad access detected [ 37.742764] [ 37.742869] Memory state around the buggy address: [ 37.742994] fff00000c77e6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.743214] fff00000c77e6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.743425] >fff00000c77e6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.743564] ^ [ 37.743694] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.744365] fff00000c77e6a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.744470] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 37.642295] ================================================================== [ 37.642411] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 37.642537] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/280 [ 37.642718] [ 37.642805] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.643312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.643395] Hardware name: linux,dummy-virt (DT) [ 37.643485] Call trace: [ 37.643558] show_stack+0x20/0x38 (C) [ 37.643778] dump_stack_lvl+0x8c/0xd0 [ 37.643931] print_report+0x310/0x608 [ 37.644050] kasan_report+0xdc/0x128 [ 37.644172] __asan_report_load1_noabort+0x20/0x30 [ 37.644326] vmalloc_oob+0x51c/0x5d0 [ 37.644728] kunit_try_run_case+0x170/0x3f0 [ 37.644924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.645293] kthread+0x328/0x630 [ 37.645517] ret_from_fork+0x10/0x20 [ 37.645648] [ 37.645717] The buggy address belongs to the virtual mapping at [ 37.645717] [ffff8000800fe000, ffff800080100000) created by: [ 37.645717] vmalloc_oob+0x98/0x5d0 [ 37.645917] [ 37.646084] The buggy address belongs to the physical page: [ 37.646221] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107825 [ 37.646385] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.646783] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 37.647004] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 37.647208] page dumped because: kasan: bad access detected [ 37.647333] [ 37.647395] Memory state around the buggy address: [ 37.647491] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.647714] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.647912] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 37.648167] ^ [ 37.648436] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 37.648646] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 37.648836] ================================================================== [ 37.634139] ================================================================== [ 37.634499] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 37.634819] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/280 [ 37.634965] [ 37.635100] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.635407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.635488] Hardware name: linux,dummy-virt (DT) [ 37.635584] Call trace: [ 37.635763] show_stack+0x20/0x38 (C) [ 37.635941] dump_stack_lvl+0x8c/0xd0 [ 37.636185] print_report+0x310/0x608 [ 37.636456] kasan_report+0xdc/0x128 [ 37.636593] __asan_report_load1_noabort+0x20/0x30 [ 37.636820] vmalloc_oob+0x578/0x5d0 [ 37.636974] kunit_try_run_case+0x170/0x3f0 [ 37.637125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.637350] kthread+0x328/0x630 [ 37.637482] ret_from_fork+0x10/0x20 [ 37.637612] [ 37.637681] The buggy address belongs to the virtual mapping at [ 37.637681] [ffff8000800fe000, ffff800080100000) created by: [ 37.637681] vmalloc_oob+0x98/0x5d0 [ 37.637857] [ 37.637934] The buggy address belongs to the physical page: [ 37.638020] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107825 [ 37.638150] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.638306] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 37.638442] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 37.638547] page dumped because: kasan: bad access detected [ 37.638628] [ 37.638677] Memory state around the buggy address: [ 37.638758] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.639232] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.639608] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 37.639905] ^ [ 37.640170] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 37.640344] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 37.640484] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 37.464455] ================================================================== [ 37.465100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 37.465229] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.465410] [ 37.465543] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.466062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.466391] Hardware name: linux,dummy-virt (DT) [ 37.467027] Call trace: [ 37.467139] show_stack+0x20/0x38 (C) [ 37.467359] dump_stack_lvl+0x8c/0xd0 [ 37.467650] print_report+0x118/0x608 [ 37.467783] kasan_report+0xdc/0x128 [ 37.467987] kasan_check_range+0x100/0x1a8 [ 37.468464] __kasan_check_write+0x20/0x30 [ 37.468979] kasan_atomics_helper+0x154c/0x4858 [ 37.469438] kasan_atomics+0x198/0x2e0 [ 37.469590] kunit_try_run_case+0x170/0x3f0 [ 37.469946] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.470609] kthread+0x328/0x630 [ 37.470752] ret_from_fork+0x10/0x20 [ 37.470911] [ 37.470997] Allocated by task 276: [ 37.471080] kasan_save_stack+0x3c/0x68 [ 37.471306] kasan_save_track+0x20/0x40 [ 37.471610] kasan_save_alloc_info+0x40/0x58 [ 37.471720] __kasan_kmalloc+0xd4/0xd8 [ 37.471828] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.472017] kasan_atomics+0xb8/0x2e0 [ 37.472132] kunit_try_run_case+0x170/0x3f0 [ 37.472435] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.472704] kthread+0x328/0x630 [ 37.472873] ret_from_fork+0x10/0x20 [ 37.472985] [ 37.473044] The buggy address belongs to the object at fff00000c77ec800 [ 37.473044] which belongs to the cache kmalloc-64 of size 64 [ 37.473266] The buggy address is located 0 bytes to the right of [ 37.473266] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.473860] [ 37.473929] The buggy address belongs to the physical page: [ 37.474232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.474607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.474727] page_type: f5(slab) [ 37.475023] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.475232] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.475329] page dumped because: kasan: bad access detected [ 37.475376] [ 37.475827] Memory state around the buggy address: [ 37.476486] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.476606] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.477664] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.477767] ^ [ 37.477855] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.478879] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.479005] ================================================================== [ 37.496132] ================================================================== [ 37.496239] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 37.496373] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.496785] [ 37.497040] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.497808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.497906] Hardware name: linux,dummy-virt (DT) [ 37.497987] Call trace: [ 37.498041] show_stack+0x20/0x38 (C) [ 37.498175] dump_stack_lvl+0x8c/0xd0 [ 37.498616] print_report+0x118/0x608 [ 37.498858] kasan_report+0xdc/0x128 [ 37.499013] __asan_report_load8_noabort+0x20/0x30 [ 37.499179] kasan_atomics_helper+0x3db0/0x4858 [ 37.499494] kasan_atomics+0x198/0x2e0 [ 37.499691] kunit_try_run_case+0x170/0x3f0 [ 37.500064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.500225] kthread+0x328/0x630 [ 37.500345] ret_from_fork+0x10/0x20 [ 37.500476] [ 37.500564] Allocated by task 276: [ 37.500640] kasan_save_stack+0x3c/0x68 [ 37.500902] kasan_save_track+0x20/0x40 [ 37.501023] kasan_save_alloc_info+0x40/0x58 [ 37.501145] __kasan_kmalloc+0xd4/0xd8 [ 37.501258] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.501357] kasan_atomics+0xb8/0x2e0 [ 37.501517] kunit_try_run_case+0x170/0x3f0 [ 37.501685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.501807] kthread+0x328/0x630 [ 37.501906] ret_from_fork+0x10/0x20 [ 37.502031] [ 37.502093] The buggy address belongs to the object at fff00000c77ec800 [ 37.502093] which belongs to the cache kmalloc-64 of size 64 [ 37.502292] The buggy address is located 0 bytes to the right of [ 37.502292] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.502551] [ 37.502605] The buggy address belongs to the physical page: [ 37.502754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.503146] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.503852] page_type: f5(slab) [ 37.504142] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.504298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.504412] page dumped because: kasan: bad access detected [ 37.505807] [ 37.506141] Memory state around the buggy address: [ 37.506232] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.506364] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.507099] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.507389] ^ [ 37.508256] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.509112] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.509707] ================================================================== [ 37.285533] ================================================================== [ 37.285655] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 37.285974] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.286110] [ 37.286338] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.286562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.286633] Hardware name: linux,dummy-virt (DT) [ 37.286709] Call trace: [ 37.286775] show_stack+0x20/0x38 (C) [ 37.286917] dump_stack_lvl+0x8c/0xd0 [ 37.287036] print_report+0x118/0x608 [ 37.287838] kasan_report+0xdc/0x128 [ 37.288010] kasan_check_range+0x100/0x1a8 [ 37.288145] __kasan_check_write+0x20/0x30 [ 37.288282] kasan_atomics_helper+0xf88/0x4858 [ 37.288414] kasan_atomics+0x198/0x2e0 [ 37.288535] kunit_try_run_case+0x170/0x3f0 [ 37.290051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.290378] kthread+0x328/0x630 [ 37.290710] ret_from_fork+0x10/0x20 [ 37.290835] [ 37.290937] Allocated by task 276: [ 37.291114] kasan_save_stack+0x3c/0x68 [ 37.291229] kasan_save_track+0x20/0x40 [ 37.291487] kasan_save_alloc_info+0x40/0x58 [ 37.291613] __kasan_kmalloc+0xd4/0xd8 [ 37.291726] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.291848] kasan_atomics+0xb8/0x2e0 [ 37.292002] kunit_try_run_case+0x170/0x3f0 [ 37.292120] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.292301] kthread+0x328/0x630 [ 37.292523] ret_from_fork+0x10/0x20 [ 37.292633] [ 37.292685] The buggy address belongs to the object at fff00000c77ec800 [ 37.292685] which belongs to the cache kmalloc-64 of size 64 [ 37.292826] The buggy address is located 0 bytes to the right of [ 37.292826] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.293018] [ 37.293085] The buggy address belongs to the physical page: [ 37.293384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.293520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.293645] page_type: f5(slab) [ 37.293744] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.293866] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.293989] page dumped because: kasan: bad access detected [ 37.294083] [ 37.294216] Memory state around the buggy address: [ 37.294406] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.294587] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.294694] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.294794] ^ [ 37.294877] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.295019] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.295132] ================================================================== [ 37.125414] ================================================================== [ 37.125520] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 37.125630] Read of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.125752] [ 37.125825] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.126054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.126260] Hardware name: linux,dummy-virt (DT) [ 37.126497] Call trace: [ 37.126564] show_stack+0x20/0x38 (C) [ 37.126687] dump_stack_lvl+0x8c/0xd0 [ 37.126816] print_report+0x118/0x608 [ 37.127667] kasan_report+0xdc/0x128 [ 37.128018] __asan_report_load4_noabort+0x20/0x30 [ 37.128434] kasan_atomics_helper+0x3dd8/0x4858 [ 37.128753] kasan_atomics+0x198/0x2e0 [ 37.128919] kunit_try_run_case+0x170/0x3f0 [ 37.129149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.129299] kthread+0x328/0x630 [ 37.129414] ret_from_fork+0x10/0x20 [ 37.129596] [ 37.129663] Allocated by task 276: [ 37.129751] kasan_save_stack+0x3c/0x68 [ 37.129846] kasan_save_track+0x20/0x40 [ 37.129970] kasan_save_alloc_info+0x40/0x58 [ 37.130072] __kasan_kmalloc+0xd4/0xd8 [ 37.130440] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.130702] kasan_atomics+0xb8/0x2e0 [ 37.130932] kunit_try_run_case+0x170/0x3f0 [ 37.131044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.131218] kthread+0x328/0x630 [ 37.131787] ret_from_fork+0x10/0x20 [ 37.131947] [ 37.132011] The buggy address belongs to the object at fff00000c77ec800 [ 37.132011] which belongs to the cache kmalloc-64 of size 64 [ 37.132160] The buggy address is located 0 bytes to the right of [ 37.132160] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.132562] [ 37.132620] The buggy address belongs to the physical page: [ 37.132796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.132990] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.133210] page_type: f5(slab) [ 37.133758] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.134027] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.134139] page dumped because: kasan: bad access detected [ 37.134248] [ 37.134345] Memory state around the buggy address: [ 37.134438] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.134769] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.135012] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.135218] ^ [ 37.135320] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.135454] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.135917] ================================================================== [ 37.390318] ================================================================== [ 37.390431] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 37.390582] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.390857] [ 37.391262] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.392017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.392096] Hardware name: linux,dummy-virt (DT) [ 37.392172] Call trace: [ 37.392238] show_stack+0x20/0x38 (C) [ 37.392490] dump_stack_lvl+0x8c/0xd0 [ 37.392813] print_report+0x118/0x608 [ 37.393403] kasan_report+0xdc/0x128 [ 37.393967] kasan_check_range+0x100/0x1a8 [ 37.394588] __kasan_check_write+0x20/0x30 [ 37.394714] kasan_atomics_helper+0x12d8/0x4858 [ 37.394854] kasan_atomics+0x198/0x2e0 [ 37.395225] kunit_try_run_case+0x170/0x3f0 [ 37.395376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.396084] kthread+0x328/0x630 [ 37.397012] ret_from_fork+0x10/0x20 [ 37.397380] [ 37.397451] Allocated by task 276: [ 37.397677] kasan_save_stack+0x3c/0x68 [ 37.398182] kasan_save_track+0x20/0x40 [ 37.398667] kasan_save_alloc_info+0x40/0x58 [ 37.398799] __kasan_kmalloc+0xd4/0xd8 [ 37.398921] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.399030] kasan_atomics+0xb8/0x2e0 [ 37.399176] kunit_try_run_case+0x170/0x3f0 [ 37.399305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.399786] kthread+0x328/0x630 [ 37.399900] ret_from_fork+0x10/0x20 [ 37.400021] [ 37.400477] The buggy address belongs to the object at fff00000c77ec800 [ 37.400477] which belongs to the cache kmalloc-64 of size 64 [ 37.400751] The buggy address is located 0 bytes to the right of [ 37.400751] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.400963] [ 37.401083] The buggy address belongs to the physical page: [ 37.401272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.401477] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.401621] page_type: f5(slab) [ 37.401907] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.402053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.402172] page dumped because: kasan: bad access detected [ 37.402780] [ 37.402904] Memory state around the buggy address: [ 37.403002] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.403136] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.403248] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.403674] ^ [ 37.403790] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.404361] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.404506] ================================================================== [ 37.026279] ================================================================== [ 37.026413] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 37.026672] Write of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.026864] [ 37.026974] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.027212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.027298] Hardware name: linux,dummy-virt (DT) [ 37.027392] Call trace: [ 37.027466] show_stack+0x20/0x38 (C) [ 37.027665] dump_stack_lvl+0x8c/0xd0 [ 37.027795] print_report+0x118/0x608 [ 37.027942] kasan_report+0xdc/0x128 [ 37.028078] kasan_check_range+0x100/0x1a8 [ 37.028217] __kasan_check_write+0x20/0x30 [ 37.028349] kasan_atomics_helper+0xa6c/0x4858 [ 37.028488] kasan_atomics+0x198/0x2e0 [ 37.028738] kunit_try_run_case+0x170/0x3f0 [ 37.028855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.029090] kthread+0x328/0x630 [ 37.029243] ret_from_fork+0x10/0x20 [ 37.029371] [ 37.029417] Allocated by task 276: [ 37.029497] kasan_save_stack+0x3c/0x68 [ 37.029602] kasan_save_track+0x20/0x40 [ 37.029718] kasan_save_alloc_info+0x40/0x58 [ 37.029875] __kasan_kmalloc+0xd4/0xd8 [ 37.030013] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.030130] kasan_atomics+0xb8/0x2e0 [ 37.030256] kunit_try_run_case+0x170/0x3f0 [ 37.030381] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.030497] kthread+0x328/0x630 [ 37.030577] ret_from_fork+0x10/0x20 [ 37.030684] [ 37.030757] The buggy address belongs to the object at fff00000c77ec800 [ 37.030757] which belongs to the cache kmalloc-64 of size 64 [ 37.030963] The buggy address is located 0 bytes to the right of [ 37.030963] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.031145] [ 37.031207] The buggy address belongs to the physical page: [ 37.031275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.031409] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.031530] page_type: f5(slab) [ 37.031623] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.031767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.032119] page dumped because: kasan: bad access detected [ 37.032315] [ 37.032404] Memory state around the buggy address: [ 37.032591] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.032706] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.032973] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.033079] ^ [ 37.033243] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.033545] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.033773] ================================================================== [ 37.379922] ================================================================== [ 37.380759] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 37.381096] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.381217] [ 37.381696] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.382392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.383152] Hardware name: linux,dummy-virt (DT) [ 37.383285] Call trace: [ 37.383324] show_stack+0x20/0x38 (C) [ 37.383391] dump_stack_lvl+0x8c/0xd0 [ 37.383497] print_report+0x118/0x608 [ 37.383571] kasan_report+0xdc/0x128 [ 37.383631] kasan_check_range+0x100/0x1a8 [ 37.383693] __kasan_check_write+0x20/0x30 [ 37.383747] kasan_atomics_helper+0x126c/0x4858 [ 37.383808] kasan_atomics+0x198/0x2e0 [ 37.383865] kunit_try_run_case+0x170/0x3f0 [ 37.384063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.384260] kthread+0x328/0x630 [ 37.384650] ret_from_fork+0x10/0x20 [ 37.385386] [ 37.386299] Allocated by task 276: [ 37.386577] kasan_save_stack+0x3c/0x68 [ 37.387539] kasan_save_track+0x20/0x40 [ 37.387657] kasan_save_alloc_info+0x40/0x58 [ 37.387839] __kasan_kmalloc+0xd4/0xd8 [ 37.388494] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.388563] kasan_atomics+0xb8/0x2e0 [ 37.388661] kunit_try_run_case+0x170/0x3f0 [ 37.388717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.388775] kthread+0x328/0x630 [ 37.388818] ret_from_fork+0x10/0x20 [ 37.388865] [ 37.388920] The buggy address belongs to the object at fff00000c77ec800 [ 37.388920] which belongs to the cache kmalloc-64 of size 64 [ 37.389076] The buggy address is located 0 bytes to the right of [ 37.389076] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.389184] [ 37.389214] The buggy address belongs to the physical page: [ 37.389256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.389324] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.389384] page_type: f5(slab) [ 37.389434] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.389496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.389547] page dumped because: kasan: bad access detected [ 37.389587] [ 37.389611] Memory state around the buggy address: [ 37.389653] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.389706] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.389759] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.389806] ^ [ 37.389853] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.389935] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.389989] ================================================================== [ 37.344562] ================================================================== [ 37.345080] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 37.346044] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.346171] [ 37.346255] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.346469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.346542] Hardware name: linux,dummy-virt (DT) [ 37.348054] Call trace: [ 37.348344] show_stack+0x20/0x38 (C) [ 37.348966] dump_stack_lvl+0x8c/0xd0 [ 37.349753] print_report+0x118/0x608 [ 37.350512] kasan_report+0xdc/0x128 [ 37.351037] kasan_check_range+0x100/0x1a8 [ 37.352181] __kasan_check_write+0x20/0x30 [ 37.352526] kasan_atomics_helper+0x1128/0x4858 [ 37.353271] kasan_atomics+0x198/0x2e0 [ 37.353442] kunit_try_run_case+0x170/0x3f0 [ 37.353674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.353941] kthread+0x328/0x630 [ 37.354128] ret_from_fork+0x10/0x20 [ 37.354393] [ 37.354526] Allocated by task 276: [ 37.354672] kasan_save_stack+0x3c/0x68 [ 37.354788] kasan_save_track+0x20/0x40 [ 37.355138] kasan_save_alloc_info+0x40/0x58 [ 37.355230] __kasan_kmalloc+0xd4/0xd8 [ 37.355336] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.355397] kasan_atomics+0xb8/0x2e0 [ 37.355444] kunit_try_run_case+0x170/0x3f0 [ 37.355496] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.355555] kthread+0x328/0x630 [ 37.355595] ret_from_fork+0x10/0x20 [ 37.355644] [ 37.355670] The buggy address belongs to the object at fff00000c77ec800 [ 37.355670] which belongs to the cache kmalloc-64 of size 64 [ 37.355744] The buggy address is located 0 bytes to the right of [ 37.355744] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.355822] [ 37.355850] The buggy address belongs to the physical page: [ 37.355915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.355988] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.356053] page_type: f5(slab) [ 37.356102] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.356164] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.356213] page dumped because: kasan: bad access detected [ 37.356255] [ 37.356278] Memory state around the buggy address: [ 37.356319] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.356374] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.356429] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.356477] ^ [ 37.356523] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.356579] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.356629] ================================================================== [ 37.272575] ================================================================== [ 37.273138] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 37.273280] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.273867] [ 37.275025] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.275327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.275370] Hardware name: linux,dummy-virt (DT) [ 37.275413] Call trace: [ 37.275443] show_stack+0x20/0x38 (C) [ 37.275508] dump_stack_lvl+0x8c/0xd0 [ 37.275573] print_report+0x118/0x608 [ 37.275633] kasan_report+0xdc/0x128 [ 37.275691] kasan_check_range+0x100/0x1a8 [ 37.275751] __kasan_check_write+0x20/0x30 [ 37.275808] kasan_atomics_helper+0xf20/0x4858 [ 37.275869] kasan_atomics+0x198/0x2e0 [ 37.276002] kunit_try_run_case+0x170/0x3f0 [ 37.276135] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.276370] kthread+0x328/0x630 [ 37.276592] ret_from_fork+0x10/0x20 [ 37.277375] [ 37.277613] Allocated by task 276: [ 37.277701] kasan_save_stack+0x3c/0x68 [ 37.277827] kasan_save_track+0x20/0x40 [ 37.278175] kasan_save_alloc_info+0x40/0x58 [ 37.278623] __kasan_kmalloc+0xd4/0xd8 [ 37.278729] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.278837] kasan_atomics+0xb8/0x2e0 [ 37.278956] kunit_try_run_case+0x170/0x3f0 [ 37.279096] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.279408] kthread+0x328/0x630 [ 37.279506] ret_from_fork+0x10/0x20 [ 37.279611] [ 37.279723] The buggy address belongs to the object at fff00000c77ec800 [ 37.279723] which belongs to the cache kmalloc-64 of size 64 [ 37.279875] The buggy address is located 0 bytes to the right of [ 37.279875] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.280320] [ 37.280385] The buggy address belongs to the physical page: [ 37.280470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.280720] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.281160] page_type: f5(slab) [ 37.281276] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.281879] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.282405] page dumped because: kasan: bad access detected [ 37.282522] [ 37.282576] Memory state around the buggy address: [ 37.282657] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.283528] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.283778] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.284044] ^ [ 37.284271] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.284484] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.284586] ================================================================== [ 37.159145] ================================================================== [ 37.159255] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 37.159611] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.159743] [ 37.159848] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.160247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.160329] Hardware name: linux,dummy-virt (DT) [ 37.160524] Call trace: [ 37.160593] show_stack+0x20/0x38 (C) [ 37.161019] dump_stack_lvl+0x8c/0xd0 [ 37.161279] print_report+0x118/0x608 [ 37.161457] kasan_report+0xdc/0x128 [ 37.161748] kasan_check_range+0x100/0x1a8 [ 37.161962] __kasan_check_read+0x20/0x30 [ 37.162092] kasan_atomics_helper+0xdd4/0x4858 [ 37.162220] kasan_atomics+0x198/0x2e0 [ 37.162376] kunit_try_run_case+0x170/0x3f0 [ 37.163100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.163258] kthread+0x328/0x630 [ 37.163735] ret_from_fork+0x10/0x20 [ 37.163903] [ 37.163992] Allocated by task 276: [ 37.164072] kasan_save_stack+0x3c/0x68 [ 37.164184] kasan_save_track+0x20/0x40 [ 37.164483] kasan_save_alloc_info+0x40/0x58 [ 37.164599] __kasan_kmalloc+0xd4/0xd8 [ 37.164703] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.165019] kasan_atomics+0xb8/0x2e0 [ 37.165219] kunit_try_run_case+0x170/0x3f0 [ 37.165377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.165504] kthread+0x328/0x630 [ 37.165617] ret_from_fork+0x10/0x20 [ 37.166033] [ 37.166095] The buggy address belongs to the object at fff00000c77ec800 [ 37.166095] which belongs to the cache kmalloc-64 of size 64 [ 37.166236] The buggy address is located 0 bytes to the right of [ 37.166236] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.166411] [ 37.166485] The buggy address belongs to the physical page: [ 37.166759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.166917] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.167473] page_type: f5(slab) [ 37.167918] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.168182] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.168408] page dumped because: kasan: bad access detected [ 37.168660] [ 37.168850] Memory state around the buggy address: [ 37.168996] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.169154] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.169630] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.169936] ^ [ 37.170690] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.170840] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.170967] ================================================================== [ 37.357396] ================================================================== [ 37.357677] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 37.357797] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.357953] [ 37.358042] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.358254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.358325] Hardware name: linux,dummy-virt (DT) [ 37.358418] Call trace: [ 37.358547] show_stack+0x20/0x38 (C) [ 37.358696] dump_stack_lvl+0x8c/0xd0 [ 37.358824] print_report+0x118/0x608 [ 37.358964] kasan_report+0xdc/0x128 [ 37.359073] kasan_check_range+0x100/0x1a8 [ 37.359217] __kasan_check_write+0x20/0x30 [ 37.359329] kasan_atomics_helper+0x1190/0x4858 [ 37.359447] kasan_atomics+0x198/0x2e0 [ 37.360095] kunit_try_run_case+0x170/0x3f0 [ 37.360328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.360604] kthread+0x328/0x630 [ 37.360785] ret_from_fork+0x10/0x20 [ 37.361000] [ 37.361160] Allocated by task 276: [ 37.361356] kasan_save_stack+0x3c/0x68 [ 37.361495] kasan_save_track+0x20/0x40 [ 37.362155] kasan_save_alloc_info+0x40/0x58 [ 37.362273] __kasan_kmalloc+0xd4/0xd8 [ 37.363160] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.363288] kasan_atomics+0xb8/0x2e0 [ 37.363416] kunit_try_run_case+0x170/0x3f0 [ 37.363565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.363853] kthread+0x328/0x630 [ 37.363981] ret_from_fork+0x10/0x20 [ 37.364515] [ 37.365022] The buggy address belongs to the object at fff00000c77ec800 [ 37.365022] which belongs to the cache kmalloc-64 of size 64 [ 37.365339] The buggy address is located 0 bytes to the right of [ 37.365339] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.365572] [ 37.365693] The buggy address belongs to the physical page: [ 37.365860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.366216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.366445] page_type: f5(slab) [ 37.366631] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.366780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.366902] page dumped because: kasan: bad access detected [ 37.366987] [ 37.367035] Memory state around the buggy address: [ 37.367443] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.367582] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.368167] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.368291] ^ [ 37.368401] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.368584] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.368715] ================================================================== [ 37.416966] ================================================================== [ 37.417129] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 37.417255] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.417381] [ 37.417715] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.418109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.418228] Hardware name: linux,dummy-virt (DT) [ 37.418713] Call trace: [ 37.418930] show_stack+0x20/0x38 (C) [ 37.419205] dump_stack_lvl+0x8c/0xd0 [ 37.419356] print_report+0x118/0x608 [ 37.419547] kasan_report+0xdc/0x128 [ 37.419684] __asan_report_load8_noabort+0x20/0x30 [ 37.419810] kasan_atomics_helper+0x3f04/0x4858 [ 37.419996] kasan_atomics+0x198/0x2e0 [ 37.420122] kunit_try_run_case+0x170/0x3f0 [ 37.420244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.420438] kthread+0x328/0x630 [ 37.420555] ret_from_fork+0x10/0x20 [ 37.420713] [ 37.420771] Allocated by task 276: [ 37.421532] kasan_save_stack+0x3c/0x68 [ 37.421708] kasan_save_track+0x20/0x40 [ 37.421965] kasan_save_alloc_info+0x40/0x58 [ 37.422338] __kasan_kmalloc+0xd4/0xd8 [ 37.423147] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.423237] kasan_atomics+0xb8/0x2e0 [ 37.423328] kunit_try_run_case+0x170/0x3f0 [ 37.423383] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.423449] kthread+0x328/0x630 [ 37.423540] ret_from_fork+0x10/0x20 [ 37.423595] [ 37.423621] The buggy address belongs to the object at fff00000c77ec800 [ 37.423621] which belongs to the cache kmalloc-64 of size 64 [ 37.423694] The buggy address is located 0 bytes to the right of [ 37.423694] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.423773] [ 37.423801] The buggy address belongs to the physical page: [ 37.423840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.425275] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.425370] page_type: f5(slab) [ 37.425453] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.425519] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.425572] page dumped because: kasan: bad access detected [ 37.425612] [ 37.425635] Memory state around the buggy address: [ 37.425678] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.425735] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.425792] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.425842] ^ [ 37.425912] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.426042] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.426152] ================================================================== [ 37.437967] ================================================================== [ 37.438116] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 37.438279] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.438494] [ 37.438578] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.438807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.438877] Hardware name: linux,dummy-virt (DT) [ 37.439053] Call trace: [ 37.439190] show_stack+0x20/0x38 (C) [ 37.439479] dump_stack_lvl+0x8c/0xd0 [ 37.439604] print_report+0x118/0x608 [ 37.439759] kasan_report+0xdc/0x128 [ 37.439899] kasan_check_range+0x100/0x1a8 [ 37.440025] __kasan_check_write+0x20/0x30 [ 37.440147] kasan_atomics_helper+0x147c/0x4858 [ 37.440283] kasan_atomics+0x198/0x2e0 [ 37.440399] kunit_try_run_case+0x170/0x3f0 [ 37.441296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.441483] kthread+0x328/0x630 [ 37.441599] ret_from_fork+0x10/0x20 [ 37.442150] [ 37.442295] Allocated by task 276: [ 37.442424] kasan_save_stack+0x3c/0x68 [ 37.442527] kasan_save_track+0x20/0x40 [ 37.442718] kasan_save_alloc_info+0x40/0x58 [ 37.442822] __kasan_kmalloc+0xd4/0xd8 [ 37.442940] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.443175] kasan_atomics+0xb8/0x2e0 [ 37.444882] kunit_try_run_case+0x170/0x3f0 [ 37.445027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.445161] kthread+0x328/0x630 [ 37.445267] ret_from_fork+0x10/0x20 [ 37.445373] [ 37.445429] The buggy address belongs to the object at fff00000c77ec800 [ 37.445429] which belongs to the cache kmalloc-64 of size 64 [ 37.445506] The buggy address is located 0 bytes to the right of [ 37.445506] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.445584] [ 37.445611] The buggy address belongs to the physical page: [ 37.445651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.445715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.445772] page_type: f5(slab) [ 37.445822] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.445880] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.445960] page dumped because: kasan: bad access detected [ 37.446001] [ 37.446024] Memory state around the buggy address: [ 37.446066] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.446120] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.446174] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.446222] ^ [ 37.446267] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.446327] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.446386] ================================================================== [ 37.405326] ================================================================== [ 37.405443] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 37.405555] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.405674] [ 37.405769] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.405993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.406066] Hardware name: linux,dummy-virt (DT) [ 37.406141] Call trace: [ 37.406202] show_stack+0x20/0x38 (C) [ 37.406318] dump_stack_lvl+0x8c/0xd0 [ 37.406451] print_report+0x118/0x608 [ 37.406578] kasan_report+0xdc/0x128 [ 37.407224] kasan_check_range+0x100/0x1a8 [ 37.407795] __kasan_check_write+0x20/0x30 [ 37.408324] kasan_atomics_helper+0x1384/0x4858 [ 37.408552] kasan_atomics+0x198/0x2e0 [ 37.408795] kunit_try_run_case+0x170/0x3f0 [ 37.409145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.409351] kthread+0x328/0x630 [ 37.409846] ret_from_fork+0x10/0x20 [ 37.410127] [ 37.410208] Allocated by task 276: [ 37.410386] kasan_save_stack+0x3c/0x68 [ 37.410535] kasan_save_track+0x20/0x40 [ 37.410647] kasan_save_alloc_info+0x40/0x58 [ 37.410824] __kasan_kmalloc+0xd4/0xd8 [ 37.410951] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.411397] kasan_atomics+0xb8/0x2e0 [ 37.411692] kunit_try_run_case+0x170/0x3f0 [ 37.411848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.412186] kthread+0x328/0x630 [ 37.412331] ret_from_fork+0x10/0x20 [ 37.412846] [ 37.412925] The buggy address belongs to the object at fff00000c77ec800 [ 37.412925] which belongs to the cache kmalloc-64 of size 64 [ 37.413370] The buggy address is located 0 bytes to the right of [ 37.413370] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.413606] [ 37.413662] The buggy address belongs to the physical page: [ 37.413748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.413879] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.414032] page_type: f5(slab) [ 37.414153] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.414644] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.414812] page dumped because: kasan: bad access detected [ 37.414912] [ 37.414967] Memory state around the buggy address: [ 37.415348] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.415593] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.415858] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.415975] ^ [ 37.416064] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.416173] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.416370] ================================================================== [ 37.510146] ================================================================== [ 37.510254] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 37.510376] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.510496] [ 37.510579] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.510776] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.510845] Hardware name: linux,dummy-virt (DT) [ 37.514723] Call trace: [ 37.514794] show_stack+0x20/0x38 (C) [ 37.515996] dump_stack_lvl+0x8c/0xd0 [ 37.516487] print_report+0x118/0x608 [ 37.516977] kasan_report+0xdc/0x128 [ 37.517780] kasan_check_range+0x100/0x1a8 [ 37.518169] __kasan_check_write+0x20/0x30 [ 37.518290] kasan_atomics_helper+0x1644/0x4858 [ 37.518430] kasan_atomics+0x198/0x2e0 [ 37.518552] kunit_try_run_case+0x170/0x3f0 [ 37.519965] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.521063] kthread+0x328/0x630 [ 37.521174] ret_from_fork+0x10/0x20 [ 37.522313] [ 37.522906] Allocated by task 276: [ 37.523146] kasan_save_stack+0x3c/0x68 [ 37.524100] kasan_save_track+0x20/0x40 [ 37.524275] kasan_save_alloc_info+0x40/0x58 [ 37.524376] __kasan_kmalloc+0xd4/0xd8 [ 37.525683] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.526689] kasan_atomics+0xb8/0x2e0 [ 37.527409] kunit_try_run_case+0x170/0x3f0 [ 37.527563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.528674] kthread+0x328/0x630 [ 37.528804] ret_from_fork+0x10/0x20 [ 37.530118] [ 37.530637] The buggy address belongs to the object at fff00000c77ec800 [ 37.530637] which belongs to the cache kmalloc-64 of size 64 [ 37.530798] The buggy address is located 0 bytes to the right of [ 37.530798] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.532461] [ 37.532531] The buggy address belongs to the physical page: [ 37.532620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.533821] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.533966] page_type: f5(slab) [ 37.534579] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.534656] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.534729] page dumped because: kasan: bad access detected [ 37.534801] [ 37.534828] Memory state around the buggy address: [ 37.534873] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.534957] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.535016] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.535066] ^ [ 37.535145] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.535207] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.535258] ================================================================== [ 37.427584] ================================================================== [ 37.428242] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 37.428419] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.428585] [ 37.428680] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.429158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.429236] Hardware name: linux,dummy-virt (DT) [ 37.429318] Call trace: [ 37.429382] show_stack+0x20/0x38 (C) [ 37.429501] dump_stack_lvl+0x8c/0xd0 [ 37.429625] print_report+0x118/0x608 [ 37.429740] kasan_report+0xdc/0x128 [ 37.429856] kasan_check_range+0x100/0x1a8 [ 37.429999] __kasan_check_write+0x20/0x30 [ 37.430122] kasan_atomics_helper+0x1414/0x4858 [ 37.430476] kasan_atomics+0x198/0x2e0 [ 37.430824] kunit_try_run_case+0x170/0x3f0 [ 37.431084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.431406] kthread+0x328/0x630 [ 37.431539] ret_from_fork+0x10/0x20 [ 37.432073] [ 37.432136] Allocated by task 276: [ 37.432219] kasan_save_stack+0x3c/0x68 [ 37.432481] kasan_save_track+0x20/0x40 [ 37.432693] kasan_save_alloc_info+0x40/0x58 [ 37.432830] __kasan_kmalloc+0xd4/0xd8 [ 37.433138] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.433413] kasan_atomics+0xb8/0x2e0 [ 37.433516] kunit_try_run_case+0x170/0x3f0 [ 37.433619] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.433770] kthread+0x328/0x630 [ 37.434342] ret_from_fork+0x10/0x20 [ 37.434671] [ 37.434735] The buggy address belongs to the object at fff00000c77ec800 [ 37.434735] which belongs to the cache kmalloc-64 of size 64 [ 37.434882] The buggy address is located 0 bytes to the right of [ 37.434882] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.435077] [ 37.435137] The buggy address belongs to the physical page: [ 37.435339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.435539] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.435664] page_type: f5(slab) [ 37.435778] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.435922] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.436077] page dumped because: kasan: bad access detected [ 37.436171] [ 37.436222] Memory state around the buggy address: [ 37.436301] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.436526] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.436732] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.436874] ^ [ 37.437057] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.437290] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.437391] ================================================================== [ 37.295730] ================================================================== [ 37.295877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 37.296021] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.296180] [ 37.296329] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.296709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.296789] Hardware name: linux,dummy-virt (DT) [ 37.296865] Call trace: [ 37.296946] show_stack+0x20/0x38 (C) [ 37.297291] dump_stack_lvl+0x8c/0xd0 [ 37.297616] print_report+0x118/0x608 [ 37.297921] kasan_report+0xdc/0x128 [ 37.298059] kasan_check_range+0x100/0x1a8 [ 37.298390] __kasan_check_write+0x20/0x30 [ 37.298535] kasan_atomics_helper+0xff0/0x4858 [ 37.298664] kasan_atomics+0x198/0x2e0 [ 37.298798] kunit_try_run_case+0x170/0x3f0 [ 37.298946] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.299171] kthread+0x328/0x630 [ 37.299370] ret_from_fork+0x10/0x20 [ 37.299502] [ 37.299574] Allocated by task 276: [ 37.299735] kasan_save_stack+0x3c/0x68 [ 37.299845] kasan_save_track+0x20/0x40 [ 37.299970] kasan_save_alloc_info+0x40/0x58 [ 37.300086] __kasan_kmalloc+0xd4/0xd8 [ 37.300496] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.300646] kasan_atomics+0xb8/0x2e0 [ 37.300750] kunit_try_run_case+0x170/0x3f0 [ 37.301379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.302000] kthread+0x328/0x630 [ 37.302327] ret_from_fork+0x10/0x20 [ 37.303411] [ 37.303587] The buggy address belongs to the object at fff00000c77ec800 [ 37.303587] which belongs to the cache kmalloc-64 of size 64 [ 37.304015] The buggy address is located 0 bytes to the right of [ 37.304015] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.304415] [ 37.304593] The buggy address belongs to the physical page: [ 37.304734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.305133] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.305391] page_type: f5(slab) [ 37.306331] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.306479] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.306583] page dumped because: kasan: bad access detected [ 37.306668] [ 37.306731] Memory state around the buggy address: [ 37.306998] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.307376] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.307494] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.307607] ^ [ 37.308029] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.308236] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.308348] ================================================================== [ 37.479804] ================================================================== [ 37.479932] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 37.480290] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.480426] [ 37.481150] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.481390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.481460] Hardware name: linux,dummy-virt (DT) [ 37.481540] Call trace: [ 37.481598] show_stack+0x20/0x38 (C) [ 37.481720] dump_stack_lvl+0x8c/0xd0 [ 37.481836] print_report+0x118/0x608 [ 37.482107] kasan_report+0xdc/0x128 [ 37.482234] kasan_check_range+0x100/0x1a8 [ 37.482388] __kasan_check_write+0x20/0x30 [ 37.482511] kasan_atomics_helper+0x15b4/0x4858 [ 37.482634] kasan_atomics+0x198/0x2e0 [ 37.482744] kunit_try_run_case+0x170/0x3f0 [ 37.482898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.484289] kthread+0x328/0x630 [ 37.484754] ret_from_fork+0x10/0x20 [ 37.485247] [ 37.485310] Allocated by task 276: [ 37.485717] kasan_save_stack+0x3c/0x68 [ 37.485910] kasan_save_track+0x20/0x40 [ 37.486625] kasan_save_alloc_info+0x40/0x58 [ 37.486828] __kasan_kmalloc+0xd4/0xd8 [ 37.486958] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.487067] kasan_atomics+0xb8/0x2e0 [ 37.487863] kunit_try_run_case+0x170/0x3f0 [ 37.488221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.488972] kthread+0x328/0x630 [ 37.489076] ret_from_fork+0x10/0x20 [ 37.489375] [ 37.489507] The buggy address belongs to the object at fff00000c77ec800 [ 37.489507] which belongs to the cache kmalloc-64 of size 64 [ 37.490170] The buggy address is located 0 bytes to the right of [ 37.490170] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.490593] [ 37.490668] The buggy address belongs to the physical page: [ 37.490757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.491191] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.491321] page_type: f5(slab) [ 37.492173] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.492309] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.492759] page dumped because: kasan: bad access detected [ 37.493222] [ 37.493561] Memory state around the buggy address: [ 37.493683] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.493798] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.494279] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.494488] ^ [ 37.495026] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.495444] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.495551] ================================================================== [ 37.137035] ================================================================== [ 37.137153] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 37.137273] Write of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.137399] [ 37.137486] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.137689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.137762] Hardware name: linux,dummy-virt (DT) [ 37.137860] Call trace: [ 37.137951] show_stack+0x20/0x38 (C) [ 37.138539] dump_stack_lvl+0x8c/0xd0 [ 37.138669] print_report+0x118/0x608 [ 37.139480] kasan_report+0xdc/0x128 [ 37.140170] kasan_check_range+0x100/0x1a8 [ 37.140662] __kasan_check_write+0x20/0x30 [ 37.140803] kasan_atomics_helper+0xd3c/0x4858 [ 37.140875] kasan_atomics+0x198/0x2e0 [ 37.141010] kunit_try_run_case+0x170/0x3f0 [ 37.141081] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.141151] kthread+0x328/0x630 [ 37.141205] ret_from_fork+0x10/0x20 [ 37.141266] [ 37.141294] Allocated by task 276: [ 37.141333] kasan_save_stack+0x3c/0x68 [ 37.141387] kasan_save_track+0x20/0x40 [ 37.141434] kasan_save_alloc_info+0x40/0x58 [ 37.141482] __kasan_kmalloc+0xd4/0xd8 [ 37.141530] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.141584] kasan_atomics+0xb8/0x2e0 [ 37.141631] kunit_try_run_case+0x170/0x3f0 [ 37.141680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.141734] kthread+0x328/0x630 [ 37.141774] ret_from_fork+0x10/0x20 [ 37.141820] [ 37.141846] The buggy address belongs to the object at fff00000c77ec800 [ 37.141846] which belongs to the cache kmalloc-64 of size 64 [ 37.141964] The buggy address is located 0 bytes to the right of [ 37.141964] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.142118] [ 37.142553] The buggy address belongs to the physical page: [ 37.142676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.143012] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.143178] page_type: f5(slab) [ 37.143309] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.143480] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.143685] page dumped because: kasan: bad access detected [ 37.143768] [ 37.143816] Memory state around the buggy address: [ 37.143915] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.144032] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.144950] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.145074] ^ [ 37.145372] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.146103] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.146239] ================================================================== [ 37.446703] ================================================================== [ 37.446804] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 37.447059] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.447363] [ 37.447451] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.449037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.449118] Hardware name: linux,dummy-virt (DT) [ 37.449206] Call trace: [ 37.449265] show_stack+0x20/0x38 (C) [ 37.450954] dump_stack_lvl+0x8c/0xd0 [ 37.451108] print_report+0x118/0x608 [ 37.451317] kasan_report+0xdc/0x128 [ 37.451572] kasan_check_range+0x100/0x1a8 [ 37.451709] __kasan_check_write+0x20/0x30 [ 37.452357] kasan_atomics_helper+0x14e4/0x4858 [ 37.452618] kasan_atomics+0x198/0x2e0 [ 37.453213] kunit_try_run_case+0x170/0x3f0 [ 37.453909] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.454198] kthread+0x328/0x630 [ 37.454399] ret_from_fork+0x10/0x20 [ 37.454821] [ 37.455074] Allocated by task 276: [ 37.455216] kasan_save_stack+0x3c/0x68 [ 37.455592] kasan_save_track+0x20/0x40 [ 37.455876] kasan_save_alloc_info+0x40/0x58 [ 37.456115] __kasan_kmalloc+0xd4/0xd8 [ 37.456479] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.456834] kasan_atomics+0xb8/0x2e0 [ 37.457093] kunit_try_run_case+0x170/0x3f0 [ 37.457258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.457382] kthread+0x328/0x630 [ 37.458001] ret_from_fork+0x10/0x20 [ 37.458125] [ 37.458180] The buggy address belongs to the object at fff00000c77ec800 [ 37.458180] which belongs to the cache kmalloc-64 of size 64 [ 37.458319] The buggy address is located 0 bytes to the right of [ 37.458319] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.458603] [ 37.458658] The buggy address belongs to the physical page: [ 37.458737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.458866] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.459041] page_type: f5(slab) [ 37.459524] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.459700] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.459836] page dumped because: kasan: bad access detected [ 37.460669] [ 37.461221] Memory state around the buggy address: [ 37.461320] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.461654] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.461933] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.462149] ^ [ 37.462623] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.462909] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.463020] ================================================================== [ 37.309242] ================================================================== [ 37.309358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 37.309479] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.309598] [ 37.309682] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.309904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.309980] Hardware name: linux,dummy-virt (DT) [ 37.310054] Call trace: [ 37.310114] show_stack+0x20/0x38 (C) [ 37.310230] dump_stack_lvl+0x8c/0xd0 [ 37.310349] print_report+0x118/0x608 [ 37.310478] kasan_report+0xdc/0x128 [ 37.310590] kasan_check_range+0x100/0x1a8 [ 37.310707] __kasan_check_write+0x20/0x30 [ 37.310824] kasan_atomics_helper+0x1058/0x4858 [ 37.310995] kasan_atomics+0x198/0x2e0 [ 37.311222] kunit_try_run_case+0x170/0x3f0 [ 37.311412] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.311569] kthread+0x328/0x630 [ 37.311859] ret_from_fork+0x10/0x20 [ 37.312186] [ 37.312240] Allocated by task 276: [ 37.312315] kasan_save_stack+0x3c/0x68 [ 37.312420] kasan_save_track+0x20/0x40 [ 37.312525] kasan_save_alloc_info+0x40/0x58 [ 37.314254] __kasan_kmalloc+0xd4/0xd8 [ 37.314421] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.315193] kasan_atomics+0xb8/0x2e0 [ 37.315348] kunit_try_run_case+0x170/0x3f0 [ 37.315572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.315698] kthread+0x328/0x630 [ 37.315834] ret_from_fork+0x10/0x20 [ 37.316044] [ 37.316197] The buggy address belongs to the object at fff00000c77ec800 [ 37.316197] which belongs to the cache kmalloc-64 of size 64 [ 37.316550] The buggy address is located 0 bytes to the right of [ 37.316550] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.316776] [ 37.316896] The buggy address belongs to the physical page: [ 37.316987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.317110] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.317230] page_type: f5(slab) [ 37.317326] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.317451] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.317563] page dumped because: kasan: bad access detected [ 37.317771] [ 37.317823] Memory state around the buggy address: [ 37.318804] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.319030] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.319225] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.319337] ^ [ 37.321661] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.321728] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.321779] ================================================================== [ 37.597538] ================================================================== [ 37.597651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 37.597973] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.598322] [ 37.598411] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.598620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.598687] Hardware name: linux,dummy-virt (DT) [ 37.598801] Call trace: [ 37.598874] show_stack+0x20/0x38 (C) [ 37.599634] dump_stack_lvl+0x8c/0xd0 [ 37.599760] print_report+0x118/0x608 [ 37.599905] kasan_report+0xdc/0x128 [ 37.600040] kasan_check_range+0x100/0x1a8 [ 37.600430] __kasan_check_write+0x20/0x30 [ 37.600640] kasan_atomics_helper+0x17ec/0x4858 [ 37.600864] kasan_atomics+0x198/0x2e0 [ 37.601053] kunit_try_run_case+0x170/0x3f0 [ 37.601246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.601386] kthread+0x328/0x630 [ 37.601500] ret_from_fork+0x10/0x20 [ 37.601673] [ 37.601730] Allocated by task 276: [ 37.601830] kasan_save_stack+0x3c/0x68 [ 37.601990] kasan_save_track+0x20/0x40 [ 37.602109] kasan_save_alloc_info+0x40/0x58 [ 37.603081] __kasan_kmalloc+0xd4/0xd8 [ 37.603651] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.604019] kasan_atomics+0xb8/0x2e0 [ 37.604129] kunit_try_run_case+0x170/0x3f0 [ 37.604233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.604593] kthread+0x328/0x630 [ 37.605302] ret_from_fork+0x10/0x20 [ 37.605609] [ 37.605745] The buggy address belongs to the object at fff00000c77ec800 [ 37.605745] which belongs to the cache kmalloc-64 of size 64 [ 37.605942] The buggy address is located 0 bytes to the right of [ 37.605942] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.606101] [ 37.606166] The buggy address belongs to the physical page: [ 37.606370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.606597] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.606904] page_type: f5(slab) [ 37.607021] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.607252] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.608011] page dumped because: kasan: bad access detected [ 37.608075] [ 37.608133] Memory state around the buggy address: [ 37.608180] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.608240] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.608295] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.608344] ^ [ 37.608389] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.608443] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.608490] ================================================================== [ 36.962069] ================================================================== [ 36.962171] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 36.962276] Read of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 36.962406] [ 36.962473] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.962669] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.962790] Hardware name: linux,dummy-virt (DT) [ 36.962974] Call trace: [ 36.963633] show_stack+0x20/0x38 (C) [ 36.963950] dump_stack_lvl+0x8c/0xd0 [ 36.964850] print_report+0x118/0x608 [ 36.966854] kasan_atomics+0x198/0x2e0 [ 36.971075] kunit_try_run_case+0x170/0x3f0 [ 36.974734] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.978733] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 36.981555] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.984942] __kasan_kmalloc+0xd4/0xd8 [ 36.985043] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.985395] kasan_atomics+0xb8/0x2e0 [ 36.985517] kunit_try_run_case+0x170/0x3f0 [ 36.985619] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.985737] kthread+0x328/0x630 [ 36.985846] ret_from_fork+0x10/0x20 [ 36.986142] [ 36.986212] The buggy address belongs to the object at fff00000c77ec800 [ 36.986212] which belongs to the cache kmalloc-64 of size 64 [ 36.986377] The buggy address is located 0 bytes to the right of [ 36.986377] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 36.986772] [ 36.986936] The buggy address belongs to the physical page: [ 36.987171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 36.987508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.987743] page_type: f5(slab) [ 36.987853] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 36.988001] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.988197] page dumped because: kasan: bad access detected [ 36.988313] [ 36.988360] Memory state around the buggy address: [ 36.988443] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 36.988570] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 36.988681] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 36.988878] ^ [ 36.989098] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.989263] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.989499] ================================================================== [ 37.369748] ================================================================== [ 37.369856] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 37.369988] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.370109] [ 37.370196] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.370405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.370475] Hardware name: linux,dummy-virt (DT) [ 37.370549] Call trace: [ 37.370610] show_stack+0x20/0x38 (C) [ 37.370725] dump_stack_lvl+0x8c/0xd0 [ 37.370845] print_report+0x118/0x608 [ 37.370988] kasan_report+0xdc/0x128 [ 37.371121] kasan_check_range+0x100/0x1a8 [ 37.371247] __kasan_check_write+0x20/0x30 [ 37.371359] kasan_atomics_helper+0x11f8/0x4858 [ 37.371480] kasan_atomics+0x198/0x2e0 [ 37.371597] kunit_try_run_case+0x170/0x3f0 [ 37.371719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.371851] kthread+0x328/0x630 [ 37.372035] ret_from_fork+0x10/0x20 [ 37.372185] [ 37.372252] Allocated by task 276: [ 37.372342] kasan_save_stack+0x3c/0x68 [ 37.372464] kasan_save_track+0x20/0x40 [ 37.373231] kasan_save_alloc_info+0x40/0x58 [ 37.373482] __kasan_kmalloc+0xd4/0xd8 [ 37.374142] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.374292] kasan_atomics+0xb8/0x2e0 [ 37.374407] kunit_try_run_case+0x170/0x3f0 [ 37.375169] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.375313] kthread+0x328/0x630 [ 37.375391] ret_from_fork+0x10/0x20 [ 37.375446] [ 37.375492] The buggy address belongs to the object at fff00000c77ec800 [ 37.375492] which belongs to the cache kmalloc-64 of size 64 [ 37.375594] The buggy address is located 0 bytes to the right of [ 37.375594] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.375676] [ 37.375705] The buggy address belongs to the physical page: [ 37.375746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.375812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.375871] page_type: f5(slab) [ 37.376002] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.376239] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.376356] page dumped because: kasan: bad access detected [ 37.376609] [ 37.376855] Memory state around the buggy address: [ 37.376962] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.377318] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.377654] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.378116] ^ [ 37.378410] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.378523] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.378618] ================================================================== [ 37.171682] ================================================================== [ 37.171789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 37.171934] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.172106] [ 37.172198] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.172570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.173658] Hardware name: linux,dummy-virt (DT) [ 37.173770] Call trace: [ 37.173923] show_stack+0x20/0x38 (C) [ 37.174493] dump_stack_lvl+0x8c/0xd0 [ 37.174710] print_report+0x118/0x608 [ 37.174832] kasan_report+0xdc/0x128 [ 37.175756] __asan_report_load8_noabort+0x20/0x30 [ 37.176052] kasan_atomics_helper+0x3f58/0x4858 [ 37.176209] kasan_atomics+0x198/0x2e0 [ 37.176403] kunit_try_run_case+0x170/0x3f0 [ 37.176572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.176730] kthread+0x328/0x630 [ 37.177068] ret_from_fork+0x10/0x20 [ 37.177531] [ 37.177744] Allocated by task 276: [ 37.178017] kasan_save_stack+0x3c/0x68 [ 37.178131] kasan_save_track+0x20/0x40 [ 37.178274] kasan_save_alloc_info+0x40/0x58 [ 37.178428] __kasan_kmalloc+0xd4/0xd8 [ 37.178858] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.179463] kasan_atomics+0xb8/0x2e0 [ 37.179991] kunit_try_run_case+0x170/0x3f0 [ 37.180393] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.180544] kthread+0x328/0x630 [ 37.181766] ret_from_fork+0x10/0x20 [ 37.181925] [ 37.181985] The buggy address belongs to the object at fff00000c77ec800 [ 37.181985] which belongs to the cache kmalloc-64 of size 64 [ 37.182120] The buggy address is located 0 bytes to the right of [ 37.182120] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.182270] [ 37.182328] The buggy address belongs to the physical page: [ 37.182420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.182552] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.182675] page_type: f5(slab) [ 37.182774] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.182916] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.183020] page dumped because: kasan: bad access detected [ 37.183100] [ 37.187206] Memory state around the buggy address: [ 37.187302] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.187413] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.187578] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.187692] ^ [ 37.187796] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.187937] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.188028] ================================================================== [ 37.584936] ================================================================== [ 37.585269] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 37.585404] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.585754] [ 37.585859] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.586220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.586494] Hardware name: linux,dummy-virt (DT) [ 37.586572] Call trace: [ 37.586630] show_stack+0x20/0x38 (C) [ 37.586747] dump_stack_lvl+0x8c/0xd0 [ 37.586867] print_report+0x118/0x608 [ 37.587003] kasan_report+0xdc/0x128 [ 37.587359] __asan_report_load8_noabort+0x20/0x30 [ 37.588005] kasan_atomics_helper+0x3e20/0x4858 [ 37.588149] kasan_atomics+0x198/0x2e0 [ 37.588287] kunit_try_run_case+0x170/0x3f0 [ 37.588963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.589113] kthread+0x328/0x630 [ 37.589299] ret_from_fork+0x10/0x20 [ 37.589497] [ 37.589653] Allocated by task 276: [ 37.589786] kasan_save_stack+0x3c/0x68 [ 37.590077] kasan_save_track+0x20/0x40 [ 37.590513] kasan_save_alloc_info+0x40/0x58 [ 37.590628] __kasan_kmalloc+0xd4/0xd8 [ 37.590745] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.590956] kasan_atomics+0xb8/0x2e0 [ 37.591296] kunit_try_run_case+0x170/0x3f0 [ 37.591453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.591585] kthread+0x328/0x630 [ 37.592225] ret_from_fork+0x10/0x20 [ 37.592333] [ 37.592513] The buggy address belongs to the object at fff00000c77ec800 [ 37.592513] which belongs to the cache kmalloc-64 of size 64 [ 37.592672] The buggy address is located 0 bytes to the right of [ 37.592672] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.592829] [ 37.592877] The buggy address belongs to the physical page: [ 37.593449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.593588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.593719] page_type: f5(slab) [ 37.594026] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.594158] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.594260] page dumped because: kasan: bad access detected [ 37.594346] [ 37.594491] Memory state around the buggy address: [ 37.594735] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.594850] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.594978] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.595640] ^ [ 37.595817] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.596418] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.596564] ================================================================== [ 37.241589] ================================================================== [ 37.242571] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 37.242735] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.242856] [ 37.242960] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.245068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.246278] Hardware name: linux,dummy-virt (DT) [ 37.246573] Call trace: [ 37.246637] show_stack+0x20/0x38 (C) [ 37.247442] dump_stack_lvl+0x8c/0xd0 [ 37.247563] print_report+0x118/0x608 [ 37.247692] kasan_report+0xdc/0x128 [ 37.250103] kasan_check_range+0x100/0x1a8 [ 37.250437] __kasan_check_write+0x20/0x30 [ 37.250979] kasan_atomics_helper+0xeb8/0x4858 [ 37.251830] kasan_atomics+0x198/0x2e0 [ 37.252006] kunit_try_run_case+0x170/0x3f0 [ 37.253296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.254523] kthread+0x328/0x630 [ 37.254926] ret_from_fork+0x10/0x20 [ 37.255934] [ 37.256112] Allocated by task 276: [ 37.256329] kasan_save_stack+0x3c/0x68 [ 37.256929] kasan_save_track+0x20/0x40 [ 37.258153] kasan_save_alloc_info+0x40/0x58 [ 37.258386] __kasan_kmalloc+0xd4/0xd8 [ 37.259328] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.260490] kasan_atomics+0xb8/0x2e0 [ 37.260632] kunit_try_run_case+0x170/0x3f0 [ 37.260776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.262078] kthread+0x328/0x630 [ 37.262513] ret_from_fork+0x10/0x20 [ 37.263441] [ 37.263731] The buggy address belongs to the object at fff00000c77ec800 [ 37.263731] which belongs to the cache kmalloc-64 of size 64 [ 37.263882] The buggy address is located 0 bytes to the right of [ 37.263882] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.264062] [ 37.264119] The buggy address belongs to the physical page: [ 37.265510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.267030] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.268126] page_type: f5(slab) [ 37.268619] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.268753] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.268865] page dumped because: kasan: bad access detected [ 37.268969] [ 37.270599] Memory state around the buggy address: [ 37.270929] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.271081] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.271369] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.271517] ^ [ 37.271743] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.271855] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.271973] ================================================================== [ 37.216147] ================================================================== [ 37.216266] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 37.216390] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.216511] [ 37.216595] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.216795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.216861] Hardware name: linux,dummy-virt (DT) [ 37.216964] Call trace: [ 37.217026] show_stack+0x20/0x38 (C) [ 37.217152] dump_stack_lvl+0x8c/0xd0 [ 37.217275] print_report+0x118/0x608 [ 37.217396] kasan_report+0xdc/0x128 [ 37.217514] __asan_report_store8_noabort+0x20/0x30 [ 37.221024] kasan_atomics_helper+0x3e5c/0x4858 [ 37.221787] kasan_atomics+0x198/0x2e0 [ 37.222659] kunit_try_run_case+0x170/0x3f0 [ 37.223936] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.224636] kthread+0x328/0x630 [ 37.225870] ret_from_fork+0x10/0x20 [ 37.227065] [ 37.227337] Allocated by task 276: [ 37.227972] kasan_save_stack+0x3c/0x68 [ 37.228215] kasan_save_track+0x20/0x40 [ 37.228575] kasan_save_alloc_info+0x40/0x58 [ 37.228956] __kasan_kmalloc+0xd4/0xd8 [ 37.229832] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.230906] kasan_atomics+0xb8/0x2e0 [ 37.231035] kunit_try_run_case+0x170/0x3f0 [ 37.232095] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.232308] kthread+0x328/0x630 [ 37.233320] ret_from_fork+0x10/0x20 [ 37.234034] [ 37.234122] The buggy address belongs to the object at fff00000c77ec800 [ 37.234122] which belongs to the cache kmalloc-64 of size 64 [ 37.234715] The buggy address is located 0 bytes to the right of [ 37.234715] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.235239] [ 37.235327] The buggy address belongs to the physical page: [ 37.235418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.236465] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.236618] page_type: f5(slab) [ 37.236718] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.236840] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.237470] page dumped because: kasan: bad access detected [ 37.238121] [ 37.238279] Memory state around the buggy address: [ 37.238370] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.238486] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.238593] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.239213] ^ [ 37.239659] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239726] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239842] ================================================================== [ 36.990812] ================================================================== [ 36.990974] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 36.991299] Write of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 36.992254] [ 36.992647] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.993772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.995170] Hardware name: linux,dummy-virt (DT) [ 36.995265] Call trace: [ 36.995341] show_stack+0x20/0x38 (C) [ 36.995468] dump_stack_lvl+0x8c/0xd0 [ 36.995700] print_report+0x118/0x608 [ 36.995836] kasan_report+0xdc/0x128 [ 36.995985] kasan_check_range+0x100/0x1a8 [ 36.996162] __kasan_check_write+0x20/0x30 [ 36.996559] kasan_atomics_helper+0x99c/0x4858 [ 36.996870] kasan_atomics+0x198/0x2e0 [ 36.997013] kunit_try_run_case+0x170/0x3f0 [ 36.997430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.997576] kthread+0x328/0x630 [ 36.997684] ret_from_fork+0x10/0x20 [ 36.997810] [ 36.997868] Allocated by task 276: [ 36.997958] kasan_save_stack+0x3c/0x68 [ 36.998095] kasan_save_track+0x20/0x40 [ 36.998194] kasan_save_alloc_info+0x40/0x58 [ 36.998291] __kasan_kmalloc+0xd4/0xd8 [ 36.998406] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.998514] kasan_atomics+0xb8/0x2e0 [ 36.998635] kunit_try_run_case+0x170/0x3f0 [ 36.998740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.998881] kthread+0x328/0x630 [ 36.998993] ret_from_fork+0x10/0x20 [ 36.999497] [ 37.000088] The buggy address belongs to the object at fff00000c77ec800 [ 37.000088] which belongs to the cache kmalloc-64 of size 64 [ 37.000248] The buggy address is located 0 bytes to the right of [ 37.000248] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.001382] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.003604] ^ [ 37.007436] Write of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.017427] The buggy address is located 0 bytes to the right of [ 37.017427] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.017983] [ 37.018505] The buggy address belongs to the physical page: [ 37.018908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.019661] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.020396] page_type: f5(slab) [ 37.020507] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.020633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.020735] page dumped because: kasan: bad access detected [ 37.020817] [ 37.021550] Memory state around the buggy address: [ 37.022350] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.022503] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.022626] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.023245] ^ [ 37.023555] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.023668] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.024014] ================================================================== [ 37.548299] ================================================================== [ 37.548493] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 37.548923] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.549153] [ 37.549277] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.549490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.549561] Hardware name: linux,dummy-virt (DT) [ 37.549639] Call trace: [ 37.549693] show_stack+0x20/0x38 (C) [ 37.549832] dump_stack_lvl+0x8c/0xd0 [ 37.550037] print_report+0x118/0x608 [ 37.550180] kasan_report+0xdc/0x128 [ 37.550530] kasan_check_range+0x100/0x1a8 [ 37.550645] __kasan_check_write+0x20/0x30 [ 37.550762] kasan_atomics_helper+0x16d0/0x4858 [ 37.551078] kasan_atomics+0x198/0x2e0 [ 37.551396] kunit_try_run_case+0x170/0x3f0 [ 37.551623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.551787] kthread+0x328/0x630 [ 37.552158] ret_from_fork+0x10/0x20 [ 37.552570] [ 37.552695] Allocated by task 276: [ 37.553131] kasan_save_stack+0x3c/0x68 [ 37.553541] kasan_save_track+0x20/0x40 [ 37.553607] kasan_save_alloc_info+0x40/0x58 [ 37.553657] __kasan_kmalloc+0xd4/0xd8 [ 37.553734] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.553814] kasan_atomics+0xb8/0x2e0 [ 37.553864] kunit_try_run_case+0x170/0x3f0 [ 37.554071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.554331] kthread+0x328/0x630 [ 37.554425] ret_from_fork+0x10/0x20 [ 37.554516] [ 37.554546] The buggy address belongs to the object at fff00000c77ec800 [ 37.554546] which belongs to the cache kmalloc-64 of size 64 [ 37.554619] The buggy address is located 0 bytes to the right of [ 37.554619] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.554755] [ 37.554788] The buggy address belongs to the physical page: [ 37.554828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.554919] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.554988] page_type: f5(slab) [ 37.555036] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.555322] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.555436] page dumped because: kasan: bad access detected [ 37.555693] [ 37.555767] Memory state around the buggy address: [ 37.555960] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.556071] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.556186] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.556280] ^ [ 37.556362] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.556620] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.556771] ================================================================== [ 37.189264] ================================================================== [ 37.189386] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 37.189520] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.189657] [ 37.189747] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.189994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.190257] Hardware name: linux,dummy-virt (DT) [ 37.190439] Call trace: [ 37.190502] show_stack+0x20/0x38 (C) [ 37.191844] dump_stack_lvl+0x8c/0xd0 [ 37.192247] print_report+0x118/0x608 [ 37.192923] kasan_report+0xdc/0x128 [ 37.193689] kasan_check_range+0x100/0x1a8 [ 37.193952] __kasan_check_write+0x20/0x30 [ 37.194669] kasan_atomics_helper+0xe44/0x4858 [ 37.195363] kasan_atomics+0x198/0x2e0 [ 37.195498] kunit_try_run_case+0x170/0x3f0 [ 37.195635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.197779] kthread+0x328/0x630 [ 37.198504] ret_from_fork+0x10/0x20 [ 37.198921] [ 37.198980] Allocated by task 276: [ 37.199378] kasan_save_stack+0x3c/0x68 [ 37.201073] kasan_save_track+0x20/0x40 [ 37.201516] kasan_save_alloc_info+0x40/0x58 [ 37.201785] __kasan_kmalloc+0xd4/0xd8 [ 37.202958] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.203308] kasan_atomics+0xb8/0x2e0 [ 37.203600] kunit_try_run_case+0x170/0x3f0 [ 37.203792] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.204131] kthread+0x328/0x630 [ 37.204277] ret_from_fork+0x10/0x20 [ 37.204397] [ 37.204460] The buggy address belongs to the object at fff00000c77ec800 [ 37.204460] which belongs to the cache kmalloc-64 of size 64 [ 37.204618] The buggy address is located 0 bytes to the right of [ 37.204618] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.204785] [ 37.204847] The buggy address belongs to the physical page: [ 37.204952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.205539] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.205669] page_type: f5(slab) [ 37.205772] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.205951] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.206157] page dumped because: kasan: bad access detected [ 37.206246] [ 37.206364] Memory state around the buggy address: [ 37.206541] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.206809] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.208536] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.208869] ^ [ 37.209495] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.209610] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.209706] ================================================================== [ 37.147919] ================================================================== [ 37.148028] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 37.148147] Read of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.148273] [ 37.148364] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.148925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.149129] Hardware name: linux,dummy-virt (DT) [ 37.149355] Call trace: [ 37.149415] show_stack+0x20/0x38 (C) [ 37.149539] dump_stack_lvl+0x8c/0xd0 [ 37.149661] print_report+0x118/0x608 [ 37.149780] kasan_report+0xdc/0x128 [ 37.149917] __asan_report_load4_noabort+0x20/0x30 [ 37.150059] kasan_atomics_helper+0x3e04/0x4858 [ 37.151385] kasan_atomics+0x198/0x2e0 [ 37.151585] kunit_try_run_case+0x170/0x3f0 [ 37.151722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.151867] kthread+0x328/0x630 [ 37.152052] ret_from_fork+0x10/0x20 [ 37.152406] [ 37.152458] Allocated by task 276: [ 37.152648] kasan_save_stack+0x3c/0x68 [ 37.152856] kasan_save_track+0x20/0x40 [ 37.153029] kasan_save_alloc_info+0x40/0x58 [ 37.153379] __kasan_kmalloc+0xd4/0xd8 [ 37.153721] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.154024] kasan_atomics+0xb8/0x2e0 [ 37.154136] kunit_try_run_case+0x170/0x3f0 [ 37.154318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.154461] kthread+0x328/0x630 [ 37.154620] ret_from_fork+0x10/0x20 [ 37.154718] [ 37.154780] The buggy address belongs to the object at fff00000c77ec800 [ 37.154780] which belongs to the cache kmalloc-64 of size 64 [ 37.155147] The buggy address is located 0 bytes to the right of [ 37.155147] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.155546] [ 37.155688] The buggy address belongs to the physical page: [ 37.155796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.155943] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.156077] page_type: f5(slab) [ 37.156232] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.156379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.156494] page dumped because: kasan: bad access detected [ 37.156578] [ 37.156628] Memory state around the buggy address: [ 37.156963] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.157175] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.157477] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.157920] ^ [ 37.158053] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.158168] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.158283] ================================================================== [ 37.536685] ================================================================== [ 37.536801] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 37.536939] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.537061] [ 37.537161] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.537574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.537653] Hardware name: linux,dummy-virt (DT) [ 37.537736] Call trace: [ 37.537794] show_stack+0x20/0x38 (C) [ 37.537963] dump_stack_lvl+0x8c/0xd0 [ 37.538327] print_report+0x118/0x608 [ 37.538794] kasan_report+0xdc/0x128 [ 37.538955] __asan_report_load8_noabort+0x20/0x30 [ 37.539092] kasan_atomics_helper+0x3df4/0x4858 [ 37.540382] kasan_atomics+0x198/0x2e0 [ 37.540520] kunit_try_run_case+0x170/0x3f0 [ 37.540667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.541064] kthread+0x328/0x630 [ 37.541189] ret_from_fork+0x10/0x20 [ 37.541417] [ 37.541478] Allocated by task 276: [ 37.541580] kasan_save_stack+0x3c/0x68 [ 37.541779] kasan_save_track+0x20/0x40 [ 37.541979] kasan_save_alloc_info+0x40/0x58 [ 37.542095] __kasan_kmalloc+0xd4/0xd8 [ 37.542435] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.542552] kasan_atomics+0xb8/0x2e0 [ 37.542676] kunit_try_run_case+0x170/0x3f0 [ 37.542932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.543071] kthread+0x328/0x630 [ 37.543178] ret_from_fork+0x10/0x20 [ 37.543338] [ 37.543395] The buggy address belongs to the object at fff00000c77ec800 [ 37.543395] which belongs to the cache kmalloc-64 of size 64 [ 37.543790] The buggy address is located 0 bytes to the right of [ 37.543790] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.543972] [ 37.544050] The buggy address belongs to the physical page: [ 37.544331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.544522] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.544651] page_type: f5(slab) [ 37.544765] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.545203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.545451] page dumped because: kasan: bad access detected [ 37.545573] [ 37.545669] Memory state around the buggy address: [ 37.545791] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.545917] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.546187] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.546295] ^ [ 37.546547] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.546661] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.546761] ================================================================== [ 37.323657] ================================================================== [ 37.323804] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 37.324309] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.324630] [ 37.324685] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.324796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.324834] Hardware name: linux,dummy-virt (DT) [ 37.324873] Call trace: [ 37.324946] show_stack+0x20/0x38 (C) [ 37.325163] dump_stack_lvl+0x8c/0xd0 [ 37.325432] print_report+0x118/0x608 [ 37.325584] kasan_report+0xdc/0x128 [ 37.325700] kasan_check_range+0x100/0x1a8 [ 37.325818] __kasan_check_write+0x20/0x30 [ 37.325954] kasan_atomics_helper+0x10c0/0x4858 [ 37.326137] kasan_atomics+0x198/0x2e0 [ 37.326290] kunit_try_run_case+0x170/0x3f0 [ 37.326439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.326578] kthread+0x328/0x630 [ 37.326692] ret_from_fork+0x10/0x20 [ 37.326815] [ 37.326866] Allocated by task 276: [ 37.327655] kasan_save_stack+0x3c/0x68 [ 37.327880] kasan_save_track+0x20/0x40 [ 37.328116] kasan_save_alloc_info+0x40/0x58 [ 37.328228] __kasan_kmalloc+0xd4/0xd8 [ 37.328348] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.328917] kasan_atomics+0xb8/0x2e0 [ 37.329626] kunit_try_run_case+0x170/0x3f0 [ 37.330318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.331553] kthread+0x328/0x630 [ 37.331951] ret_from_fork+0x10/0x20 [ 37.332517] [ 37.332575] The buggy address belongs to the object at fff00000c77ec800 [ 37.332575] which belongs to the cache kmalloc-64 of size 64 [ 37.333506] The buggy address is located 0 bytes to the right of [ 37.333506] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.335041] [ 37.335349] The buggy address belongs to the physical page: [ 37.335756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.336252] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.336384] page_type: f5(slab) [ 37.336481] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.336607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.338309] page dumped because: kasan: bad access detected [ 37.338704] [ 37.339002] Memory state around the buggy address: [ 37.339114] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.339813] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.340118] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.340492] ^ [ 37.341399] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.341518] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.341616] ================================================================== [ 37.572702] ================================================================== [ 37.572999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 37.573300] Write of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.573573] [ 37.573691] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.573956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.574029] Hardware name: linux,dummy-virt (DT) [ 37.574113] Call trace: [ 37.574294] show_stack+0x20/0x38 (C) [ 37.574643] dump_stack_lvl+0x8c/0xd0 [ 37.574822] print_report+0x118/0x608 [ 37.574968] kasan_report+0xdc/0x128 [ 37.575162] kasan_check_range+0x100/0x1a8 [ 37.575543] __kasan_check_write+0x20/0x30 [ 37.575924] kasan_atomics_helper+0x175c/0x4858 [ 37.576253] kasan_atomics+0x198/0x2e0 [ 37.576380] kunit_try_run_case+0x170/0x3f0 [ 37.577235] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.577384] kthread+0x328/0x630 [ 37.577495] ret_from_fork+0x10/0x20 [ 37.577658] [ 37.577825] Allocated by task 276: [ 37.577959] kasan_save_stack+0x3c/0x68 [ 37.578081] kasan_save_track+0x20/0x40 [ 37.578232] kasan_save_alloc_info+0x40/0x58 [ 37.578346] __kasan_kmalloc+0xd4/0xd8 [ 37.578456] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.578562] kasan_atomics+0xb8/0x2e0 [ 37.579312] kunit_try_run_case+0x170/0x3f0 [ 37.579608] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.579755] kthread+0x328/0x630 [ 37.579981] ret_from_fork+0x10/0x20 [ 37.580122] [ 37.580184] The buggy address belongs to the object at fff00000c77ec800 [ 37.580184] which belongs to the cache kmalloc-64 of size 64 [ 37.580440] The buggy address is located 0 bytes to the right of [ 37.580440] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.580597] [ 37.580681] The buggy address belongs to the physical page: [ 37.580855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.581008] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.581150] page_type: f5(slab) [ 37.581260] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.581785] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.581910] page dumped because: kasan: bad access detected [ 37.582009] [ 37.582065] Memory state around the buggy address: [ 37.582145] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.582255] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.583584] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.583922] ^ [ 37.584041] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.584247] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.584395] ================================================================== [ 37.034733] ================================================================== [ 37.034855] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xad4/0x4858 [ 37.035005] Write of size 4 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.035130] [ 37.035231] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.035445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.035535] Hardware name: linux,dummy-virt (DT) [ 37.037622] ret_from_fork+0x10/0x20 [ 37.039622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.039755] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.039879] page_type: f5(slab) [ 37.039991] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.040189] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.040322] page dumped because: kasan: bad access detected [ 37.040438] [ 37.041469] ================================================================== [ 37.557434] ================================================================== [ 37.557550] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 37.557675] Read of size 8 at addr fff00000c77ec830 by task kunit_try_catch/276 [ 37.557862] [ 37.557965] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.558277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.558427] Hardware name: linux,dummy-virt (DT) [ 37.558585] Call trace: [ 37.558663] show_stack+0x20/0x38 (C) [ 37.558877] dump_stack_lvl+0x8c/0xd0 [ 37.559040] print_report+0x118/0x608 [ 37.560419] kasan_report+0xdc/0x128 [ 37.560588] __asan_report_load8_noabort+0x20/0x30 [ 37.560723] kasan_atomics_helper+0x3e10/0x4858 [ 37.560959] kasan_atomics+0x198/0x2e0 [ 37.561118] kunit_try_run_case+0x170/0x3f0 [ 37.561265] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.561423] kthread+0x328/0x630 [ 37.561541] ret_from_fork+0x10/0x20 [ 37.561662] [ 37.561747] Allocated by task 276: [ 37.561823] kasan_save_stack+0x3c/0x68 [ 37.561976] kasan_save_track+0x20/0x40 [ 37.562080] kasan_save_alloc_info+0x40/0x58 [ 37.562176] __kasan_kmalloc+0xd4/0xd8 [ 37.562276] __kmalloc_cache_noprof+0x16c/0x3c0 [ 37.562386] kasan_atomics+0xb8/0x2e0 [ 37.562483] kunit_try_run_case+0x170/0x3f0 [ 37.562582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.562687] kthread+0x328/0x630 [ 37.562785] ret_from_fork+0x10/0x20 [ 37.563133] [ 37.563198] The buggy address belongs to the object at fff00000c77ec800 [ 37.563198] which belongs to the cache kmalloc-64 of size 64 [ 37.563844] The buggy address is located 0 bytes to the right of [ 37.563844] allocated 48-byte region [fff00000c77ec800, fff00000c77ec830) [ 37.564689] [ 37.565227] The buggy address belongs to the physical page: [ 37.565312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077ec [ 37.565678] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.565940] page_type: f5(slab) [ 37.566350] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 37.566791] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 37.566933] page dumped because: kasan: bad access detected [ 37.567018] [ 37.567447] Memory state around the buggy address: [ 37.567551] fff00000c77ec700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.568241] fff00000c77ec780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.568476] >fff00000c77ec800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 37.568689] ^ [ 37.569039] fff00000c77ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.569375] fff00000c77ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.570451] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 36.505933] ================================================================== [ 36.506000] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 36.506064] Write of size 8 at addr fff00000c5757348 by task kunit_try_catch/272 [ 36.506128] [ 36.506166] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.506347] Call trace: [ 36.506696] __kasan_check_write+0x20/0x30 [ 36.506755] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 36.506826] kasan_bitops_generic+0x11c/0x1c8 [ 36.506912] kunit_try_run_case+0x170/0x3f0 [ 36.507186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.507597] kthread+0x328/0x630 [ 36.507714] ret_from_fork+0x10/0x20 [ 36.507851] [ 36.507925] Allocated by task 272: [ 36.508004] kasan_save_stack+0x3c/0x68 [ 36.508109] kasan_save_track+0x20/0x40 [ 36.508267] kasan_save_alloc_info+0x40/0x58 [ 36.508375] __kasan_kmalloc+0xd4/0xd8 [ 36.508637] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.508747] kasan_bitops_generic+0xa0/0x1c8 [ 36.508847] kunit_try_run_case+0x170/0x3f0 [ 36.508993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.509124] kthread+0x328/0x630 [ 36.509535] The buggy address belongs to the object at fff00000c5757340 [ 36.509535] which belongs to the cache kmalloc-16 of size 16 [ 36.511569] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 36.513334] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 36.026346] ================================================================== [ 36.026474] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 36.026586] Free of addr fff00000c77e6501 by task kunit_try_catch/252 [ 36.026687] [ 36.026756] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.026970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.027038] Hardware name: linux,dummy-virt (DT) [ 36.027169] Call trace: [ 36.027240] show_stack+0x20/0x38 (C) [ 36.027379] dump_stack_lvl+0x8c/0xd0 [ 36.027542] print_report+0x118/0x608 [ 36.027699] kasan_report_invalid_free+0xc0/0xe8 [ 36.027844] check_slab_allocation+0xfc/0x108 [ 36.027997] __kasan_mempool_poison_object+0x78/0x150 [ 36.028256] mempool_free+0x28c/0x328 [ 36.028478] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 36.028744] mempool_kmalloc_invalid_free+0xc0/0x118 [ 36.028868] kunit_try_run_case+0x170/0x3f0 [ 36.029067] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.029438] kthread+0x328/0x630 [ 36.029719] ret_from_fork+0x10/0x20 [ 36.029931] [ 36.029980] Allocated by task 252: [ 36.030058] kasan_save_stack+0x3c/0x68 [ 36.030196] kasan_save_track+0x20/0x40 [ 36.030310] kasan_save_alloc_info+0x40/0x58 [ 36.030426] __kasan_mempool_unpoison_object+0x11c/0x180 [ 36.030553] remove_element+0x130/0x1f8 [ 36.030649] mempool_alloc_preallocated+0x58/0xc0 [ 36.030751] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 36.030901] mempool_kmalloc_invalid_free+0xc0/0x118 [ 36.031036] kunit_try_run_case+0x170/0x3f0 [ 36.031155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.031336] kthread+0x328/0x630 [ 36.031651] ret_from_fork+0x10/0x20 [ 36.031841] [ 36.031915] The buggy address belongs to the object at fff00000c77e6500 [ 36.031915] which belongs to the cache kmalloc-128 of size 128 [ 36.032085] The buggy address is located 1 bytes inside of [ 36.032085] 128-byte region [fff00000c77e6500, fff00000c77e6580) [ 36.033219] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.034156] page dumped because: kasan: bad access detected [ 36.035472] fff00000c77e6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.047402] Free of addr fff00000c781c001 by task kunit_try_catch/254 [ 36.049753] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 36.051050] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.051303] page_type: f8(unknown) [ 36.051431] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.051732] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 36.051851] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 36.052109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 36.052282] [ 36.052330] Memory state around the buggy address: [ 36.052462] fff00000c781bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.052770] >fff00000c781c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.062003] ok 54 mempool_kmalloc_large_invalid_free [ 36.073823] Read of size 1 at addr ffffac8ac84c668d by task kunit_try_catch/256 [ 36.074148] Hardware name: linux,dummy-virt (DT) [ 36.074336] print_report+0x310/0x608 [ 36.074575] kunit_try_run_case+0x170/0x3f0 [ 36.075086] global_array+0xd/0x40 [ 36.075212] [ 36.075350] The buggy address belongs to the virtual mapping at [ 36.075350] [ffffac8ac6660000, ffffac8ac8581000) created by: [ 36.075350] paging_init+0x66c/0x7d0 [ 36.075544] [ 36.075809] The buggy address belongs to the physical page: [ 36.075909] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47cc6 [ 36.076045] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 36.109468] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 35.954475] ================================================================== [ 35.955081] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 35.955482] Free of addr fff00000c77e6100 by task kunit_try_catch/246 [ 35.955725] [ 35.955800] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.956017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.956083] Hardware name: linux,dummy-virt (DT) [ 35.956164] Call trace: [ 35.956224] show_stack+0x20/0x38 (C) [ 35.956355] dump_stack_lvl+0x8c/0xd0 [ 35.956529] print_report+0x118/0x608 [ 35.956669] kasan_report_invalid_free+0xc0/0xe8 [ 35.957329] check_slab_allocation+0xd4/0x108 [ 35.957632] __kasan_mempool_poison_object+0x78/0x150 [ 35.957834] mempool_free+0x28c/0x328 [ 35.958071] mempool_double_free_helper+0x150/0x2e8 [ 35.958222] mempool_kmalloc_double_free+0xc0/0x118 [ 35.958363] kunit_try_run_case+0x170/0x3f0 [ 35.958484] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.958619] kthread+0x328/0x630 [ 35.958733] ret_from_fork+0x10/0x20 [ 35.958851] [ 35.958913] Allocated by task 246: [ 35.959006] kasan_save_stack+0x3c/0x68 [ 35.959462] kasan_save_track+0x20/0x40 [ 35.959598] kasan_save_alloc_info+0x40/0x58 [ 35.959752] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.959869] remove_element+0x130/0x1f8 [ 35.959979] mempool_alloc_preallocated+0x58/0xc0 [ 35.960098] mempool_double_free_helper+0x94/0x2e8 [ 35.960234] mempool_kmalloc_double_free+0xc0/0x118 [ 35.960344] kunit_try_run_case+0x170/0x3f0 [ 35.960453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.960803] kthread+0x328/0x630 [ 35.960977] ret_from_fork+0x10/0x20 [ 35.961360] [ 35.961676] Freed by task 246: [ 35.961850] kasan_save_stack+0x3c/0x68 [ 35.962218] kasan_save_track+0x20/0x40 [ 35.962338] kasan_save_free_info+0x4c/0x78 [ 35.962443] __kasan_mempool_poison_object+0xc0/0x150 [ 35.963397] mempool_free+0x28c/0x328 [ 35.963490] mempool_double_free_helper+0x100/0x2e8 [ 35.963605] mempool_kmalloc_double_free+0xc0/0x118 [ 35.963708] kunit_try_run_case+0x170/0x3f0 [ 35.963826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.964064] kthread+0x328/0x630 [ 35.964163] ret_from_fork+0x10/0x20 [ 35.964600] [ 35.964655] The buggy address belongs to the object at fff00000c77e6100 [ 35.964655] which belongs to the cache kmalloc-128 of size 128 [ 35.964816] The buggy address is located 0 bytes inside of [ 35.964816] 128-byte region [fff00000c77e6100, fff00000c77e6180) [ 35.965065] [ 35.965425] The buggy address belongs to the physical page: [ 35.965770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 35.966117] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.966244] page_type: f5(slab) [ 35.966343] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.966869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.967244] page dumped because: kasan: bad access detected [ 35.967363] [ 35.967516] Memory state around the buggy address: [ 35.967603] fff00000c77e6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.967835] fff00000c77e6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.968137] >fff00000c77e6100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.968292] ^ [ 35.968371] fff00000c77e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.968485] fff00000c77e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.968592] ================================================================== [ 36.007749] ================================================================== [ 36.007954] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 36.008086] Free of addr fff00000c781c000 by task kunit_try_catch/250 [ 36.008186] [ 36.008306] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 36.008744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.008937] Hardware name: linux,dummy-virt (DT) [ 36.009039] Call trace: [ 36.009133] show_stack+0x20/0x38 (C) [ 36.009263] dump_stack_lvl+0x8c/0xd0 [ 36.009378] print_report+0x118/0x608 [ 36.009493] kasan_report_invalid_free+0xc0/0xe8 [ 36.009622] __kasan_mempool_poison_pages+0xe0/0xe8 [ 36.009933] mempool_free+0x24c/0x328 [ 36.010073] mempool_double_free_helper+0x150/0x2e8 [ 36.010215] mempool_page_alloc_double_free+0xbc/0x118 [ 36.010416] kunit_try_run_case+0x170/0x3f0 [ 36.010564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.010710] kthread+0x328/0x630 [ 36.010897] ret_from_fork+0x10/0x20 [ 36.011128] [ 36.011172] The buggy address belongs to the physical page: [ 36.011236] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10781c [ 36.011346] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.011430] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 36.011544] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 36.011600] page dumped because: kasan: bad access detected [ 36.011639] [ 36.011661] Memory state around the buggy address: [ 36.011702] fff00000c781bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.011756] fff00000c781bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.011809] >fff00000c781c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.011856] ^ [ 36.011970] fff00000c781c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.012097] fff00000c781c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.012641] ================================================================== [ 35.980351] ================================================================== [ 35.980482] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 35.980614] Free of addr fff00000c781c000 by task kunit_try_catch/248 [ 35.980739] [ 35.980783] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.980909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.980980] Hardware name: linux,dummy-virt (DT) [ 35.981065] Call trace: [ 35.981118] show_stack+0x20/0x38 (C) [ 35.981345] dump_stack_lvl+0x8c/0xd0 [ 35.981566] print_report+0x118/0x608 [ 35.981701] kasan_report_invalid_free+0xc0/0xe8 [ 35.981826] __kasan_mempool_poison_object+0x14c/0x150 [ 35.981975] mempool_free+0x28c/0x328 [ 35.982086] mempool_double_free_helper+0x150/0x2e8 [ 35.982216] mempool_kmalloc_large_double_free+0xc0/0x118 [ 35.982338] kunit_try_run_case+0x170/0x3f0 [ 35.982463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.982593] kthread+0x328/0x630 [ 35.982695] ret_from_fork+0x10/0x20 [ 35.982833] [ 35.982915] The buggy address belongs to the physical page: [ 35.982999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10781c [ 35.983154] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.983282] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.983429] page_type: f8(unknown) [ 35.983622] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.983859] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.984112] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.984285] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.984415] head: 0bfffe0000000002 ffffc1ffc31e0701 00000000ffffffff 00000000ffffffff [ 35.985726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 35.986284] page dumped because: kasan: bad access detected [ 35.986375] [ 35.986462] Memory state around the buggy address: [ 35.986649] fff00000c781bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.986758] fff00000c781bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.986921] >fff00000c781c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.987029] ^ [ 35.987174] fff00000c781c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.987386] fff00000c781c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.987545] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 33.054921] ================================================================== [ 33.055062] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 33.055340] Write of size 8 at addr fff00000c7732371 by task kunit_try_catch/187 [ 33.055553] [ 33.055647] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.055929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.055996] Hardware name: linux,dummy-virt (DT) [ 33.056074] Call trace: [ 33.056128] show_stack+0x20/0x38 (C) [ 33.056253] dump_stack_lvl+0x8c/0xd0 [ 33.056371] print_report+0x118/0x608 [ 33.056486] kasan_report+0xdc/0x128 [ 33.056647] kasan_check_range+0x100/0x1a8 [ 33.056787] __asan_memset+0x34/0x78 [ 33.056931] kmalloc_oob_memset_8+0x150/0x2f8 [ 33.057058] kunit_try_run_case+0x170/0x3f0 [ 33.057261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.057397] kthread+0x328/0x630 [ 33.057526] ret_from_fork+0x10/0x20 [ 33.057737] [ 33.057801] Allocated by task 187: [ 33.057873] kasan_save_stack+0x3c/0x68 [ 33.057992] kasan_save_track+0x20/0x40 [ 33.058087] kasan_save_alloc_info+0x40/0x58 [ 33.058189] __kasan_kmalloc+0xd4/0xd8 [ 33.058472] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.058607] kmalloc_oob_memset_8+0xb0/0x2f8 [ 33.058700] kunit_try_run_case+0x170/0x3f0 [ 33.058813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.058958] kthread+0x328/0x630 [ 33.059123] ret_from_fork+0x10/0x20 [ 33.059234] [ 33.059350] The buggy address belongs to the object at fff00000c7732300 [ 33.059350] which belongs to the cache kmalloc-128 of size 128 [ 33.059698] The buggy address is located 113 bytes inside of [ 33.059698] allocated 120-byte region [fff00000c7732300, fff00000c7732378) [ 33.059986] [ 33.060041] The buggy address belongs to the physical page: [ 33.060122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.060244] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.060374] page_type: f5(slab) [ 33.060483] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.060612] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.060716] page dumped because: kasan: bad access detected [ 33.060800] [ 33.060853] Memory state around the buggy address: [ 33.060958] fff00000c7732200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.061070] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061179] >fff00000c7732300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.061278] ^ [ 33.061386] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061520] fff00000c7732400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061624] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 35.791769] ================================================================== [ 35.792075] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 35.792849] Read of size 1 at addr fff00000c7818000 by task kunit_try_catch/240 [ 35.793812] [ 35.794105] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.795117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.795395] Hardware name: linux,dummy-virt (DT) [ 35.795483] Call trace: [ 35.795551] show_stack+0x20/0x38 (C) [ 35.796778] dump_stack_lvl+0x8c/0xd0 [ 35.797134] print_report+0x118/0x608 [ 35.797246] kasan_report+0xdc/0x128 [ 35.797850] __asan_report_load1_noabort+0x20/0x30 [ 35.798995] mempool_uaf_helper+0x314/0x340 [ 35.799509] mempool_kmalloc_large_uaf+0xc4/0x120 [ 35.800337] kunit_try_run_case+0x170/0x3f0 [ 35.801259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.801972] kthread+0x328/0x630 [ 35.802606] ret_from_fork+0x10/0x20 [ 35.803227] [ 35.803497] The buggy address belongs to the physical page: [ 35.803584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818 [ 35.803707] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.803815] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.805626] page_type: f8(unknown) [ 35.806047] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.806177] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.806295] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.806436] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.807518] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff [ 35.807780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 35.807879] page dumped because: kasan: bad access detected [ 35.808155] [ 35.808214] Memory state around the buggy address: [ 35.808301] fff00000c7817f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.808410] fff00000c7817f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.808762] >fff00000c7818000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.808979] ^ [ 35.809113] fff00000c7818080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.809346] fff00000c7818100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.809516] ================================================================== [ 35.923528] ================================================================== [ 35.923648] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 35.923783] Read of size 1 at addr fff00000c781c000 by task kunit_try_catch/244 [ 35.924315] [ 35.924406] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.924609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.925021] Hardware name: linux,dummy-virt (DT) [ 35.925216] Call trace: [ 35.925291] show_stack+0x20/0x38 (C) [ 35.925646] dump_stack_lvl+0x8c/0xd0 [ 35.925920] print_report+0x118/0x608 [ 35.926163] kasan_report+0xdc/0x128 [ 35.926573] __asan_report_load1_noabort+0x20/0x30 [ 35.926864] mempool_uaf_helper+0x314/0x340 [ 35.927385] mempool_page_alloc_uaf+0xc0/0x118 [ 35.927614] kunit_try_run_case+0x170/0x3f0 [ 35.927748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.928084] kthread+0x328/0x630 [ 35.928256] ret_from_fork+0x10/0x20 [ 35.928382] [ 35.928441] The buggy address belongs to the physical page: [ 35.928521] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10781c [ 35.928647] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.928798] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 35.930564] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 35.930879] page dumped because: kasan: bad access detected [ 35.931406] [ 35.931528] Memory state around the buggy address: [ 35.931863] fff00000c781bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.932282] fff00000c781bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.932674] >fff00000c781c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.932772] ^ [ 35.933156] fff00000c781c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.933547] fff00000c781c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.933701] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 35.752653] ================================================================== [ 35.752817] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 35.752995] Read of size 1 at addr fff00000c7732d00 by task kunit_try_catch/238 [ 35.753129] [ 35.753229] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.753572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.753686] Hardware name: linux,dummy-virt (DT) [ 35.753996] Call trace: [ 35.754152] show_stack+0x20/0x38 (C) [ 35.754341] dump_stack_lvl+0x8c/0xd0 [ 35.754510] print_report+0x118/0x608 [ 35.754708] kasan_report+0xdc/0x128 [ 35.754829] __asan_report_load1_noabort+0x20/0x30 [ 35.755034] mempool_uaf_helper+0x314/0x340 [ 35.755189] mempool_kmalloc_uaf+0xc4/0x120 [ 35.755555] kunit_try_run_case+0x170/0x3f0 [ 35.755997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.756255] kthread+0x328/0x630 [ 35.756682] ret_from_fork+0x10/0x20 [ 35.757454] [ 35.757639] Allocated by task 238: [ 35.757755] kasan_save_stack+0x3c/0x68 [ 35.758689] kasan_save_track+0x20/0x40 [ 35.759027] kasan_save_alloc_info+0x40/0x58 [ 35.759487] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.759630] remove_element+0x130/0x1f8 [ 35.759877] mempool_alloc_preallocated+0x58/0xc0 [ 35.760003] mempool_uaf_helper+0xa4/0x340 [ 35.760158] mempool_kmalloc_uaf+0xc4/0x120 [ 35.760369] kunit_try_run_case+0x170/0x3f0 [ 35.760487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.760997] kthread+0x328/0x630 [ 35.761181] ret_from_fork+0x10/0x20 [ 35.761294] [ 35.761375] Freed by task 238: [ 35.761477] kasan_save_stack+0x3c/0x68 [ 35.761586] kasan_save_track+0x20/0x40 [ 35.761683] kasan_save_free_info+0x4c/0x78 [ 35.761772] __kasan_mempool_poison_object+0xc0/0x150 [ 35.761875] mempool_free+0x28c/0x328 [ 35.761983] mempool_uaf_helper+0x104/0x340 [ 35.762093] mempool_kmalloc_uaf+0xc4/0x120 [ 35.762211] kunit_try_run_case+0x170/0x3f0 [ 35.762319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.762449] kthread+0x328/0x630 [ 35.762548] ret_from_fork+0x10/0x20 [ 35.762659] [ 35.762739] The buggy address belongs to the object at fff00000c7732d00 [ 35.762739] which belongs to the cache kmalloc-128 of size 128 [ 35.762880] The buggy address is located 0 bytes inside of [ 35.762880] freed 128-byte region [fff00000c7732d00, fff00000c7732d80) [ 35.763399] [ 35.763534] The buggy address belongs to the physical page: [ 35.763622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 35.765068] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.765349] page_type: f5(slab) [ 35.765470] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.766171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.766576] page dumped because: kasan: bad access detected [ 35.766906] [ 35.767271] Memory state around the buggy address: [ 35.767699] fff00000c7732c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.767862] fff00000c7732c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.768065] >fff00000c7732d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.768223] ^ [ 35.768380] fff00000c7732d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.768968] fff00000c7732e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.769344] ================================================================== [ 35.846052] ================================================================== [ 35.846214] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 35.846544] Read of size 1 at addr fff00000c77e5240 by task kunit_try_catch/242 [ 35.846719] [ 35.846803] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.847764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.848119] Hardware name: linux,dummy-virt (DT) [ 35.848211] Call trace: [ 35.848277] show_stack+0x20/0x38 (C) [ 35.848411] dump_stack_lvl+0x8c/0xd0 [ 35.848908] print_report+0x118/0x608 [ 35.849202] kasan_report+0xdc/0x128 [ 35.849323] __asan_report_load1_noabort+0x20/0x30 [ 35.850400] mempool_uaf_helper+0x314/0x340 [ 35.851232] mempool_slab_uaf+0xc0/0x118 [ 35.852002] kunit_try_run_case+0x170/0x3f0 [ 35.852424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.852860] kthread+0x328/0x630 [ 35.854081] ret_from_fork+0x10/0x20 [ 35.854533] [ 35.854946] Allocated by task 242: [ 35.855033] kasan_save_stack+0x3c/0x68 [ 35.855525] kasan_save_track+0x20/0x40 [ 35.856160] kasan_save_alloc_info+0x40/0x58 [ 35.856634] __kasan_mempool_unpoison_object+0xbc/0x180 [ 35.857035] remove_element+0x16c/0x1f8 [ 35.857488] mempool_alloc_preallocated+0x58/0xc0 [ 35.857735] mempool_uaf_helper+0xa4/0x340 [ 35.858460] mempool_slab_uaf+0xc0/0x118 [ 35.859403] kunit_try_run_case+0x170/0x3f0 [ 35.859520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.860261] kthread+0x328/0x630 [ 35.860355] ret_from_fork+0x10/0x20 [ 35.860454] [ 35.860500] Freed by task 242: [ 35.862035] kasan_save_stack+0x3c/0x68 [ 35.862514] kasan_save_track+0x20/0x40 [ 35.862617] kasan_save_free_info+0x4c/0x78 [ 35.863291] __kasan_mempool_poison_object+0xc0/0x150 [ 35.863575] mempool_free+0x28c/0x328 [ 35.863670] mempool_uaf_helper+0x104/0x340 [ 35.863767] mempool_slab_uaf+0xc0/0x118 [ 35.863875] kunit_try_run_case+0x170/0x3f0 [ 35.865992] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.866917] kthread+0x328/0x630 [ 35.867010] ret_from_fork+0x10/0x20 [ 35.867768] [ 35.867822] The buggy address belongs to the object at fff00000c77e5240 [ 35.867822] which belongs to the cache test_cache of size 123 [ 35.868865] The buggy address is located 0 bytes inside of [ 35.868865] freed 123-byte region [fff00000c77e5240, fff00000c77e52bb) [ 35.869585] [ 35.870136] The buggy address belongs to the physical page: [ 35.870285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e5 [ 35.871240] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.871465] page_type: f5(slab) [ 35.871572] raw: 0bfffe0000000000 fff00000c77d6640 dead000000000122 0000000000000000 [ 35.871699] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 35.871801] page dumped because: kasan: bad access detected [ 35.873797] [ 35.873948] Memory state around the buggy address: [ 35.874319] fff00000c77e5100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.874442] fff00000c77e5180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.874548] >fff00000c77e5200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 35.875265] ^ [ 35.875666] fff00000c77e5280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.875770] fff00000c77e5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.875869] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 35.607068] ================================================================== [ 35.607242] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.607401] Read of size 1 at addr fff00000c7732973 by task kunit_try_catch/232 [ 35.608560] [ 35.608678] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.608913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.609000] Hardware name: linux,dummy-virt (DT) [ 35.609125] Call trace: [ 35.609490] show_stack+0x20/0x38 (C) [ 35.609625] dump_stack_lvl+0x8c/0xd0 [ 35.609752] print_report+0x118/0x608 [ 35.610211] kasan_report+0xdc/0x128 [ 35.611782] __asan_report_load1_noabort+0x20/0x30 [ 35.612442] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.612570] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.612695] kunit_try_run_case+0x170/0x3f0 [ 35.614640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.615366] kthread+0x328/0x630 [ 35.616224] ret_from_fork+0x10/0x20 [ 35.617075] [ 35.617155] Allocated by task 232: [ 35.617239] kasan_save_stack+0x3c/0x68 [ 35.617342] kasan_save_track+0x20/0x40 [ 35.617435] kasan_save_alloc_info+0x40/0x58 [ 35.618762] __kasan_mempool_unpoison_object+0x11c/0x180 [ 35.618994] remove_element+0x130/0x1f8 [ 35.619100] mempool_alloc_preallocated+0x58/0xc0 [ 35.619215] mempool_oob_right_helper+0x98/0x2f0 [ 35.619317] mempool_kmalloc_oob_right+0xc4/0x120 [ 35.619427] kunit_try_run_case+0x170/0x3f0 [ 35.620485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.622689] kthread+0x328/0x630 [ 35.622910] ret_from_fork+0x10/0x20 [ 35.623768] [ 35.624220] The buggy address belongs to the object at fff00000c7732900 [ 35.624220] which belongs to the cache kmalloc-128 of size 128 [ 35.624584] The buggy address is located 0 bytes to the right of [ 35.624584] allocated 115-byte region [fff00000c7732900, fff00000c7732973) [ 35.625065] [ 35.625591] The buggy address belongs to the physical page: [ 35.625678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 35.625812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.625954] page_type: f5(slab) [ 35.626056] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.628796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.629540] page dumped because: kasan: bad access detected [ 35.630173] [ 35.630227] Memory state around the buggy address: [ 35.630770] fff00000c7732800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.630899] fff00000c7732880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.631013] >fff00000c7732900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.632696] ^ [ 35.633194] fff00000c7732980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.634098] fff00000c7732a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 35.634286] ================================================================== [ 35.700462] ================================================================== [ 35.700623] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.700767] Read of size 1 at addr fff00000c77e22bb by task kunit_try_catch/236 [ 35.700913] [ 35.701034] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.701272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.701725] Hardware name: linux,dummy-virt (DT) [ 35.701820] Call trace: [ 35.701881] show_stack+0x20/0x38 (C) [ 35.702033] dump_stack_lvl+0x8c/0xd0 [ 35.702232] print_report+0x118/0x608 [ 35.702419] kasan_report+0xdc/0x128 [ 35.702641] __asan_report_load1_noabort+0x20/0x30 [ 35.703051] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.703291] mempool_slab_oob_right+0xc0/0x118 [ 35.703428] kunit_try_run_case+0x170/0x3f0 [ 35.703728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.703809] kthread+0x328/0x630 [ 35.703916] ret_from_fork+0x10/0x20 [ 35.704002] [ 35.704026] Allocated by task 236: [ 35.704060] kasan_save_stack+0x3c/0x68 [ 35.704115] kasan_save_track+0x20/0x40 [ 35.704160] kasan_save_alloc_info+0x40/0x58 [ 35.704206] __kasan_mempool_unpoison_object+0xbc/0x180 [ 35.704257] remove_element+0x16c/0x1f8 [ 35.704304] mempool_alloc_preallocated+0x58/0xc0 [ 35.704349] mempool_oob_right_helper+0x98/0x2f0 [ 35.704397] mempool_slab_oob_right+0xc0/0x118 [ 35.704442] kunit_try_run_case+0x170/0x3f0 [ 35.704489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.704539] kthread+0x328/0x630 [ 35.704578] ret_from_fork+0x10/0x20 [ 35.704620] [ 35.704642] The buggy address belongs to the object at fff00000c77e2240 [ 35.704642] which belongs to the cache test_cache of size 123 [ 35.704709] The buggy address is located 0 bytes to the right of [ 35.704709] allocated 123-byte region [fff00000c77e2240, fff00000c77e22bb) [ 35.704783] [ 35.704806] The buggy address belongs to the physical page: [ 35.704846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e2 [ 35.707264] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.707339] page_type: f5(slab) [ 35.707390] raw: 0bfffe0000000000 fff00000c77d6500 dead000000000122 0000000000000000 [ 35.707456] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 35.707505] page dumped because: kasan: bad access detected [ 35.707541] [ 35.707566] Memory state around the buggy address: [ 35.707604] fff00000c77e2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.707657] fff00000c77e2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 35.707707] >fff00000c77e2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 35.707753] ^ [ 35.707795] fff00000c77e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.707846] fff00000c77e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.707967] ================================================================== [ 35.653412] ================================================================== [ 35.653898] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 35.654040] Read of size 1 at addr fff00000c781a001 by task kunit_try_catch/234 [ 35.654516] [ 35.654679] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 35.654970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.655044] Hardware name: linux,dummy-virt (DT) [ 35.655132] Call trace: [ 35.655619] show_stack+0x20/0x38 (C) [ 35.656114] dump_stack_lvl+0x8c/0xd0 [ 35.656374] print_report+0x118/0x608 [ 35.656877] kasan_report+0xdc/0x128 [ 35.657052] __asan_report_load1_noabort+0x20/0x30 [ 35.657270] mempool_oob_right_helper+0x2ac/0x2f0 [ 35.657466] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 35.657610] kunit_try_run_case+0x170/0x3f0 [ 35.657915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.658069] kthread+0x328/0x630 [ 35.658176] ret_from_fork+0x10/0x20 [ 35.658289] [ 35.658341] The buggy address belongs to the physical page: [ 35.658437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818 [ 35.658566] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.658673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 35.658800] page_type: f8(unknown) [ 35.659100] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.659515] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.659682] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 35.659997] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 35.660130] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff [ 35.660267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 35.660372] page dumped because: kasan: bad access detected [ 35.660455] [ 35.660509] Memory state around the buggy address: [ 35.660814] fff00000c7819f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.661000] fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.661138] >fff00000c781a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661232] ^ [ 35.661310] fff00000c781a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661412] fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 35.661505] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 34.914711] ================================================================== [ 34.915232] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 34.915565] Read of size 1 at addr fff00000c77d6140 by task kunit_try_catch/226 [ 34.916125] [ 34.916253] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 34.916617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.916785] Hardware name: linux,dummy-virt (DT) [ 34.917065] Call trace: [ 34.917633] show_stack+0x20/0x38 (C) [ 34.918074] dump_stack_lvl+0x8c/0xd0 [ 34.918571] print_report+0x118/0x608 [ 34.918837] kasan_report+0xdc/0x128 [ 34.919292] __kasan_check_byte+0x54/0x70 [ 34.919784] kmem_cache_destroy+0x34/0x218 [ 34.920176] kmem_cache_double_destroy+0x174/0x300 [ 34.920323] kunit_try_run_case+0x170/0x3f0 [ 34.920457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.920603] kthread+0x328/0x630 [ 34.921136] ret_from_fork+0x10/0x20 [ 34.921263] [ 34.921310] Allocated by task 226: [ 34.921385] kasan_save_stack+0x3c/0x68 [ 34.921488] kasan_save_track+0x20/0x40 [ 34.921584] kasan_save_alloc_info+0x40/0x58 [ 34.921674] __kasan_slab_alloc+0xa8/0xb0 [ 34.922422] kmem_cache_alloc_noprof+0x10c/0x398 [ 34.923128] __kmem_cache_create_args+0x178/0x280 [ 34.923912] kmem_cache_double_destroy+0xc0/0x300 [ 34.924294] kunit_try_run_case+0x170/0x3f0 [ 34.924614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.925088] kthread+0x328/0x630 [ 34.925846] ret_from_fork+0x10/0x20 [ 34.926308] [ 34.926538] Freed by task 226: [ 34.926608] kasan_save_stack+0x3c/0x68 [ 34.926936] kasan_save_track+0x20/0x40 [ 34.927511] kasan_save_free_info+0x4c/0x78 [ 34.927626] __kasan_slab_free+0x6c/0x98 [ 34.928029] kmem_cache_free+0x260/0x468 [ 34.928419] slab_kmem_cache_release+0x38/0x50 [ 34.928988] kmem_cache_release+0x1c/0x30 [ 34.929277] kobject_put+0x17c/0x420 [ 34.929472] sysfs_slab_release+0x1c/0x30 [ 34.929567] kmem_cache_destroy+0x118/0x218 [ 34.930453] kmem_cache_double_destroy+0x128/0x300 [ 34.930916] kunit_try_run_case+0x170/0x3f0 [ 34.931223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.931448] kthread+0x328/0x630 [ 34.931719] ret_from_fork+0x10/0x20 [ 34.932049] [ 34.932411] The buggy address belongs to the object at fff00000c77d6140 [ 34.932411] which belongs to the cache kmem_cache of size 208 [ 34.932556] The buggy address is located 0 bytes inside of [ 34.932556] freed 208-byte region [fff00000c77d6140, fff00000c77d6210) [ 34.933319] [ 34.933502] The buggy address belongs to the physical page: [ 34.933803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d6 [ 34.934387] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.934792] page_type: f5(slab) [ 34.935132] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 34.935653] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 34.935760] page dumped because: kasan: bad access detected [ 34.935843] [ 34.936314] Memory state around the buggy address: [ 34.936791] fff00000c77d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.937088] fff00000c77d6080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 34.937640] >fff00000c77d6100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 34.937734] ^ [ 34.938235] fff00000c77d6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.938594] fff00000c77d6200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.938746] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 34.557555] ================================================================== [ 34.557660] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 34.557749] Read of size 1 at addr fff00000c77d9000 by task kunit_try_catch/224 [ 34.557809] [ 34.557854] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 34.558671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.558907] Hardware name: linux,dummy-virt (DT) [ 34.558997] Call trace: [ 34.559057] show_stack+0x20/0x38 (C) [ 34.559190] dump_stack_lvl+0x8c/0xd0 [ 34.559314] print_report+0x118/0x608 [ 34.559430] kasan_report+0xdc/0x128 [ 34.559544] __asan_report_load1_noabort+0x20/0x30 [ 34.559664] kmem_cache_rcu_uaf+0x388/0x468 [ 34.559780] kunit_try_run_case+0x170/0x3f0 [ 34.560460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.560626] kthread+0x328/0x630 [ 34.560753] ret_from_fork+0x10/0x20 [ 34.560911] [ 34.560960] Allocated by task 224: [ 34.561394] kasan_save_stack+0x3c/0x68 [ 34.561614] kasan_save_track+0x20/0x40 [ 34.562250] kasan_save_alloc_info+0x40/0x58 [ 34.562363] __kasan_slab_alloc+0xa8/0xb0 [ 34.562459] kmem_cache_alloc_noprof+0x10c/0x398 [ 34.562565] kmem_cache_rcu_uaf+0x12c/0x468 [ 34.562655] kunit_try_run_case+0x170/0x3f0 [ 34.562767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.562878] kthread+0x328/0x630 [ 34.562980] ret_from_fork+0x10/0x20 [ 34.563090] [ 34.563227] Freed by task 0: [ 34.563296] kasan_save_stack+0x3c/0x68 [ 34.563396] kasan_save_track+0x20/0x40 [ 34.563495] kasan_save_free_info+0x4c/0x78 [ 34.563776] __kasan_slab_free+0x6c/0x98 [ 34.563878] slab_free_after_rcu_debug+0xd4/0x2f8 [ 34.564197] rcu_core+0x9f4/0x1e20 [ 34.564387] rcu_core_si+0x18/0x30 [ 34.564491] handle_softirqs+0x374/0xb28 [ 34.564639] __do_softirq+0x1c/0x28 [ 34.564749] [ 34.564802] Last potentially related work creation: [ 34.564865] kasan_save_stack+0x3c/0x68 [ 34.564985] kasan_record_aux_stack+0xb4/0xc8 [ 34.565830] kmem_cache_free+0x120/0x468 [ 34.565947] kmem_cache_rcu_uaf+0x16c/0x468 [ 34.566079] kunit_try_run_case+0x170/0x3f0 [ 34.566180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.566487] kthread+0x328/0x630 [ 34.566626] ret_from_fork+0x10/0x20 [ 34.566777] [ 34.566824] The buggy address belongs to the object at fff00000c77d9000 [ 34.566824] which belongs to the cache test_cache of size 200 [ 34.567015] The buggy address is located 0 bytes inside of [ 34.567015] freed 200-byte region [fff00000c77d9000, fff00000c77d90c8) [ 34.567221] [ 34.567515] The buggy address belongs to the physical page: [ 34.567899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d9 [ 34.568192] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.568333] page_type: f5(slab) [ 34.568607] raw: 0bfffe0000000000 fff00000c77d6000 dead000000000122 0000000000000000 [ 34.568765] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 34.568869] page dumped because: kasan: bad access detected [ 34.568969] [ 34.569013] Memory state around the buggy address: [ 34.569119] fff00000c77d8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.569242] fff00000c77d8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.569384] >fff00000c77d9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.569780] ^ [ 34.570010] fff00000c77d9080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 34.570216] fff00000c77d9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.570326] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 34.015585] ================================================================== [ 34.016151] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 34.016523] Free of addr fff00000c77d6001 by task kunit_try_catch/222 [ 34.016624] [ 34.016706] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 34.016941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.017011] Hardware name: linux,dummy-virt (DT) [ 34.017089] Call trace: [ 34.017164] show_stack+0x20/0x38 (C) [ 34.017707] dump_stack_lvl+0x8c/0xd0 [ 34.018008] print_report+0x118/0x608 [ 34.018824] kasan_report_invalid_free+0xc0/0xe8 [ 34.019265] check_slab_allocation+0xfc/0x108 [ 34.019722] __kasan_slab_pre_free+0x2c/0x48 [ 34.020092] kmem_cache_free+0xf0/0x468 [ 34.020415] kmem_cache_invalid_free+0x184/0x3c8 [ 34.021025] kunit_try_run_case+0x170/0x3f0 [ 34.021180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.021550] kthread+0x328/0x630 [ 34.021682] ret_from_fork+0x10/0x20 [ 34.021807] [ 34.022072] Allocated by task 222: [ 34.022170] kasan_save_stack+0x3c/0x68 [ 34.022370] kasan_save_track+0x20/0x40 [ 34.022488] kasan_save_alloc_info+0x40/0x58 [ 34.022754] __kasan_slab_alloc+0xa8/0xb0 [ 34.023151] kmem_cache_alloc_noprof+0x10c/0x398 [ 34.023555] kmem_cache_invalid_free+0x12c/0x3c8 [ 34.023678] kunit_try_run_case+0x170/0x3f0 [ 34.023995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024184] kthread+0x328/0x630 [ 34.024286] ret_from_fork+0x10/0x20 [ 34.024468] [ 34.024516] The buggy address belongs to the object at fff00000c77d6000 [ 34.024516] which belongs to the cache test_cache of size 200 [ 34.025058] The buggy address is located 1 bytes inside of [ 34.025058] 200-byte region [fff00000c77d6000, fff00000c77d60c8) [ 34.025229] [ 34.025288] The buggy address belongs to the physical page: [ 34.025566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d6 [ 34.025837] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.025977] page_type: f5(slab) [ 34.026454] raw: 0bfffe0000000000 fff00000c11b8dc0 dead000000000122 0000000000000000 [ 34.027048] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 34.027162] page dumped because: kasan: bad access detected [ 34.027265] [ 34.027316] Memory state around the buggy address: [ 34.027788] fff00000c77d5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.027916] fff00000c77d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.028679] >fff00000c77d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.028782] ^ [ 34.028906] fff00000c77d6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 34.029089] fff00000c77d6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.029286] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 33.944859] ================================================================== [ 33.945126] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 33.945272] Free of addr fff00000c77d4000 by task kunit_try_catch/220 [ 33.945372] [ 33.945465] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.945670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.945732] Hardware name: linux,dummy-virt (DT) [ 33.945811] Call trace: [ 33.945867] show_stack+0x20/0x38 (C) [ 33.946015] dump_stack_lvl+0x8c/0xd0 [ 33.946145] print_report+0x118/0x608 [ 33.946488] kasan_report_invalid_free+0xc0/0xe8 [ 33.946643] check_slab_allocation+0xd4/0x108 [ 33.946944] __kasan_slab_pre_free+0x2c/0x48 [ 33.947373] kmem_cache_free+0xf0/0x468 [ 33.947912] kmem_cache_double_free+0x190/0x3c8 [ 33.948218] kunit_try_run_case+0x170/0x3f0 [ 33.948353] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.948559] kthread+0x328/0x630 [ 33.948694] ret_from_fork+0x10/0x20 [ 33.950226] [ 33.950285] Allocated by task 220: [ 33.950384] kasan_save_stack+0x3c/0x68 [ 33.950493] kasan_save_track+0x20/0x40 [ 33.950605] kasan_save_alloc_info+0x40/0x58 [ 33.950829] __kasan_slab_alloc+0xa8/0xb0 [ 33.951139] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.951284] kmem_cache_double_free+0x12c/0x3c8 [ 33.951444] kunit_try_run_case+0x170/0x3f0 [ 33.951550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.951671] kthread+0x328/0x630 [ 33.951769] ret_from_fork+0x10/0x20 [ 33.951864] [ 33.951967] Freed by task 220: [ 33.952047] kasan_save_stack+0x3c/0x68 [ 33.952155] kasan_save_track+0x20/0x40 [ 33.952344] kasan_save_free_info+0x4c/0x78 [ 33.952445] __kasan_slab_free+0x6c/0x98 [ 33.952575] kmem_cache_free+0x260/0x468 [ 33.952806] kmem_cache_double_free+0x140/0x3c8 [ 33.953072] kunit_try_run_case+0x170/0x3f0 [ 33.953171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.953275] kthread+0x328/0x630 [ 33.953359] ret_from_fork+0x10/0x20 [ 33.953457] [ 33.953509] The buggy address belongs to the object at fff00000c77d4000 [ 33.953509] which belongs to the cache test_cache of size 200 [ 33.953758] The buggy address is located 0 bytes inside of [ 33.953758] 200-byte region [fff00000c77d4000, fff00000c77d40c8) [ 33.953919] [ 33.954035] The buggy address belongs to the physical page: [ 33.954117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d4 [ 33.954285] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.954431] page_type: f5(slab) [ 33.955915] raw: 0bfffe0000000000 fff00000c11b8c80 dead000000000122 0000000000000000 [ 33.956118] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.956515] page dumped because: kasan: bad access detected [ 33.956859] [ 33.956923] Memory state around the buggy address: [ 33.957006] fff00000c77d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.957112] fff00000c77d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.957216] >fff00000c77d4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.957924] ^ [ 33.958013] fff00000c77d4080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 33.958133] fff00000c77d4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.958240] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 33.689071] ================================================================== [ 33.689219] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 33.689360] Read of size 1 at addr fff00000c77d20c8 by task kunit_try_catch/218 [ 33.689497] [ 33.689582] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.689780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.689842] Hardware name: linux,dummy-virt (DT) [ 33.690567] Call trace: [ 33.690707] show_stack+0x20/0x38 (C) [ 33.690928] dump_stack_lvl+0x8c/0xd0 [ 33.691355] print_report+0x118/0x608 [ 33.691823] kasan_report+0xdc/0x128 [ 33.691968] __asan_report_load1_noabort+0x20/0x30 [ 33.692086] kmem_cache_oob+0x344/0x430 [ 33.692258] kunit_try_run_case+0x170/0x3f0 [ 33.692680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.692930] kthread+0x328/0x630 [ 33.693089] ret_from_fork+0x10/0x20 [ 33.693215] [ 33.693280] Allocated by task 218: [ 33.693396] kasan_save_stack+0x3c/0x68 [ 33.693509] kasan_save_track+0x20/0x40 [ 33.693667] kasan_save_alloc_info+0x40/0x58 [ 33.694114] __kasan_slab_alloc+0xa8/0xb0 [ 33.694234] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.694369] kmem_cache_oob+0x12c/0x430 [ 33.694576] kunit_try_run_case+0x170/0x3f0 [ 33.695022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.695417] kthread+0x328/0x630 [ 33.695935] ret_from_fork+0x10/0x20 [ 33.696170] [ 33.696223] The buggy address belongs to the object at fff00000c77d2000 [ 33.696223] which belongs to the cache test_cache of size 200 [ 33.696359] The buggy address is located 0 bytes to the right of [ 33.696359] allocated 200-byte region [fff00000c77d2000, fff00000c77d20c8) [ 33.696507] [ 33.697988] The buggy address belongs to the physical page: [ 33.698071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d2 [ 33.698199] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.698313] page_type: f5(slab) [ 33.699702] raw: 0bfffe0000000000 fff00000c11b8b40 dead000000000122 0000000000000000 [ 33.699836] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.699949] page dumped because: kasan: bad access detected [ 33.700030] [ 33.700081] Memory state around the buggy address: [ 33.702049] fff00000c77d1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.702220] fff00000c77d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.703273] >fff00000c77d2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 33.703390] ^ [ 33.704172] fff00000c77d2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.704645] fff00000c77d2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.704753] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 33.307462] ================================================================== [ 33.307594] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 33.307710] Free of addr fff00000c5757320 by task kunit_try_catch/203 [ 33.307813] [ 33.307902] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.308098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.308165] Hardware name: linux,dummy-virt (DT) [ 33.308237] Call trace: [ 33.308286] show_stack+0x20/0x38 (C) [ 33.308399] dump_stack_lvl+0x8c/0xd0 [ 33.308510] print_report+0x118/0x608 [ 33.308616] kasan_report_invalid_free+0xc0/0xe8 [ 33.308734] check_slab_allocation+0xd4/0x108 [ 33.308853] __kasan_slab_pre_free+0x2c/0x48 [ 33.309002] kfree+0xe8/0x3c8 [ 33.309819] kfree_sensitive+0x3c/0xb0 [ 33.310072] kmalloc_double_kzfree+0x168/0x308 [ 33.310253] kunit_try_run_case+0x170/0x3f0 [ 33.310636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.311001] kthread+0x328/0x630 [ 33.311242] ret_from_fork+0x10/0x20 [ 33.311514] [ 33.311997] Allocated by task 203: [ 33.312090] kasan_save_stack+0x3c/0x68 [ 33.312253] kasan_save_track+0x20/0x40 [ 33.312352] kasan_save_alloc_info+0x40/0x58 [ 33.312862] __kasan_kmalloc+0xd4/0xd8 [ 33.313050] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.313177] kmalloc_double_kzfree+0xb8/0x308 [ 33.313387] kunit_try_run_case+0x170/0x3f0 [ 33.313640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.313848] kthread+0x328/0x630 [ 33.314004] ret_from_fork+0x10/0x20 [ 33.314105] [ 33.314605] Freed by task 203: [ 33.314688] kasan_save_stack+0x3c/0x68 [ 33.314876] kasan_save_track+0x20/0x40 [ 33.315101] kasan_save_free_info+0x4c/0x78 [ 33.315526] __kasan_slab_free+0x6c/0x98 [ 33.315653] kfree+0x214/0x3c8 [ 33.315949] kfree_sensitive+0x80/0xb0 [ 33.316141] kmalloc_double_kzfree+0x11c/0x308 [ 33.316289] kunit_try_run_case+0x170/0x3f0 [ 33.316518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.316738] kthread+0x328/0x630 [ 33.316992] ret_from_fork+0x10/0x20 [ 33.317135] [ 33.317616] The buggy address belongs to the object at fff00000c5757320 [ 33.317616] which belongs to the cache kmalloc-16 of size 16 [ 33.317839] The buggy address is located 0 bytes inside of [ 33.317839] 16-byte region [fff00000c5757320, fff00000c5757330) [ 33.318145] [ 33.318249] The buggy address belongs to the physical page: [ 33.318468] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 33.319149] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.319585] page_type: f5(slab) [ 33.319830] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.320073] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 33.320229] page dumped because: kasan: bad access detected [ 33.320792] [ 33.320958] Memory state around the buggy address: [ 33.321126] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 33.321496] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.321853] >fff00000c5757300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 33.322396] ^ [ 33.322516] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.323184] fff00000c5757400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.323502] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 33.286681] ================================================================== [ 33.286860] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 33.287804] Read of size 1 at addr fff00000c5757320 by task kunit_try_catch/203 [ 33.288055] [ 33.288285] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.289936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.290146] Hardware name: linux,dummy-virt (DT) [ 33.290929] Call trace: [ 33.291138] show_stack+0x20/0x38 (C) [ 33.292188] dump_stack_lvl+0x8c/0xd0 [ 33.292436] print_report+0x118/0x608 [ 33.292697] kasan_report+0xdc/0x128 [ 33.293037] __kasan_check_byte+0x54/0x70 [ 33.293330] kfree_sensitive+0x30/0xb0 [ 33.293796] kmalloc_double_kzfree+0x168/0x308 [ 33.294271] kunit_try_run_case+0x170/0x3f0 [ 33.295478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.296080] kthread+0x328/0x630 [ 33.296460] ret_from_fork+0x10/0x20 [ 33.296907] [ 33.297036] Allocated by task 203: [ 33.297197] kasan_save_stack+0x3c/0x68 [ 33.297453] kasan_save_track+0x20/0x40 [ 33.297630] kasan_save_alloc_info+0x40/0x58 [ 33.298127] __kasan_kmalloc+0xd4/0xd8 [ 33.298263] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.298380] kmalloc_double_kzfree+0xb8/0x308 [ 33.298483] kunit_try_run_case+0x170/0x3f0 [ 33.298573] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.298678] kthread+0x328/0x630 [ 33.298763] ret_from_fork+0x10/0x20 [ 33.298849] [ 33.298912] Freed by task 203: [ 33.299599] kasan_save_stack+0x3c/0x68 [ 33.299769] kasan_save_track+0x20/0x40 [ 33.299925] kasan_save_free_info+0x4c/0x78 [ 33.300263] __kasan_slab_free+0x6c/0x98 [ 33.300751] kfree+0x214/0x3c8 [ 33.301127] kfree_sensitive+0x80/0xb0 [ 33.301435] kmalloc_double_kzfree+0x11c/0x308 [ 33.301770] kunit_try_run_case+0x170/0x3f0 [ 33.302273] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.302686] kthread+0x328/0x630 [ 33.303185] ret_from_fork+0x10/0x20 [ 33.303371] [ 33.303427] The buggy address belongs to the object at fff00000c5757320 [ 33.303427] which belongs to the cache kmalloc-16 of size 16 [ 33.303737] The buggy address is located 0 bytes inside of [ 33.303737] freed 16-byte region [fff00000c5757320, fff00000c5757330) [ 33.304134] [ 33.304225] The buggy address belongs to the physical page: [ 33.304410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 33.304770] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.304988] page_type: f5(slab) [ 33.305320] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.305953] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 33.306013] page dumped because: kasan: bad access detected [ 33.306055] [ 33.306086] Memory state around the buggy address: [ 33.306170] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 33.306230] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.306285] >fff00000c5757300: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 33.306331] ^ [ 33.306384] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.306437] fff00000c5757400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.306482] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 33.249483] ================================================================== [ 33.249558] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 33.249625] Read of size 1 at addr fff00000c77357a8 by task kunit_try_catch/199 [ 33.249687] [ 33.249728] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.249829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.249862] Hardware name: linux,dummy-virt (DT) [ 33.249957] Call trace: [ 33.250015] show_stack+0x20/0x38 (C) [ 33.250268] dump_stack_lvl+0x8c/0xd0 [ 33.250439] print_report+0x118/0x608 [ 33.250554] kasan_report+0xdc/0x128 [ 33.250856] __asan_report_load1_noabort+0x20/0x30 [ 33.251142] kmalloc_uaf2+0x3f4/0x468 [ 33.251222] kunit_try_run_case+0x170/0x3f0 [ 33.251345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.251608] kthread+0x328/0x630 [ 33.251747] ret_from_fork+0x10/0x20 [ 33.251932] [ 33.251986] Allocated by task 199: [ 33.252057] kasan_save_stack+0x3c/0x68 [ 33.252159] kasan_save_track+0x20/0x40 [ 33.252324] kasan_save_alloc_info+0x40/0x58 [ 33.252435] __kasan_kmalloc+0xd4/0xd8 [ 33.252642] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.252777] kmalloc_uaf2+0xc4/0x468 [ 33.253044] kunit_try_run_case+0x170/0x3f0 [ 33.253290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.253402] kthread+0x328/0x630 [ 33.253487] ret_from_fork+0x10/0x20 [ 33.253622] [ 33.253673] Freed by task 199: [ 33.253736] kasan_save_stack+0x3c/0x68 [ 33.253845] kasan_save_track+0x20/0x40 [ 33.254412] kasan_save_free_info+0x4c/0x78 [ 33.254529] __kasan_slab_free+0x6c/0x98 [ 33.254636] kfree+0x214/0x3c8 [ 33.254781] kmalloc_uaf2+0x134/0x468 [ 33.254910] kunit_try_run_case+0x170/0x3f0 [ 33.255012] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.255138] kthread+0x328/0x630 [ 33.255410] ret_from_fork+0x10/0x20 [ 33.255527] [ 33.255577] The buggy address belongs to the object at fff00000c7735780 [ 33.255577] which belongs to the cache kmalloc-64 of size 64 [ 33.255715] The buggy address is located 40 bytes inside of [ 33.255715] freed 64-byte region [fff00000c7735780, fff00000c77357c0) [ 33.255863] [ 33.256452] The buggy address belongs to the physical page: [ 33.256990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 33.257647] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.259062] page_type: f5(slab) [ 33.259418] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.259649] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.259793] page dumped because: kasan: bad access detected [ 33.259878] [ 33.259949] Memory state around the buggy address: [ 33.260301] fff00000c7735680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.260423] fff00000c7735700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.260531] >fff00000c7735780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.260654] ^ [ 33.260903] fff00000c7735800: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 33.261157] fff00000c7735880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.261251] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 33.222757] ================================================================== [ 33.222916] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 33.223085] Write of size 33 at addr fff00000c7735600 by task kunit_try_catch/197 [ 33.223242] [ 33.223473] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.224027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.224145] Hardware name: linux,dummy-virt (DT) [ 33.224226] Call trace: [ 33.224285] show_stack+0x20/0x38 (C) [ 33.224449] dump_stack_lvl+0x8c/0xd0 [ 33.224797] print_report+0x118/0x608 [ 33.224959] kasan_report+0xdc/0x128 [ 33.225096] kasan_check_range+0x100/0x1a8 [ 33.225384] __asan_memset+0x34/0x78 [ 33.225521] kmalloc_uaf_memset+0x170/0x310 [ 33.225701] kunit_try_run_case+0x170/0x3f0 [ 33.225967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.226307] kthread+0x328/0x630 [ 33.226623] ret_from_fork+0x10/0x20 [ 33.226863] [ 33.227023] Allocated by task 197: [ 33.227431] kasan_save_stack+0x3c/0x68 [ 33.228100] kasan_save_track+0x20/0x40 [ 33.228272] kasan_save_alloc_info+0x40/0x58 [ 33.228652] __kasan_kmalloc+0xd4/0xd8 [ 33.228755] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.229178] kmalloc_uaf_memset+0xb8/0x310 [ 33.229355] kunit_try_run_case+0x170/0x3f0 [ 33.230094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.230229] kthread+0x328/0x630 [ 33.230369] ret_from_fork+0x10/0x20 [ 33.230488] [ 33.230567] Freed by task 197: [ 33.230774] kasan_save_stack+0x3c/0x68 [ 33.230874] kasan_save_track+0x20/0x40 [ 33.230987] kasan_save_free_info+0x4c/0x78 [ 33.231077] __kasan_slab_free+0x6c/0x98 [ 33.231604] kfree+0x214/0x3c8 [ 33.231738] kmalloc_uaf_memset+0x11c/0x310 [ 33.231904] kunit_try_run_case+0x170/0x3f0 [ 33.232236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.232776] kthread+0x328/0x630 [ 33.232972] ret_from_fork+0x10/0x20 [ 33.233307] [ 33.233515] The buggy address belongs to the object at fff00000c7735600 [ 33.233515] which belongs to the cache kmalloc-64 of size 64 [ 33.233656] The buggy address is located 0 bytes inside of [ 33.233656] freed 64-byte region [fff00000c7735600, fff00000c7735640) [ 33.234440] [ 33.234580] The buggy address belongs to the physical page: [ 33.234696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 33.234926] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.235058] page_type: f5(slab) [ 33.235246] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.235382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.235785] page dumped because: kasan: bad access detected [ 33.235990] [ 33.236038] Memory state around the buggy address: [ 33.236117] fff00000c7735500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.236272] fff00000c7735580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.236394] >fff00000c7735600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.236497] ^ [ 33.236580] fff00000c7735680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.236685] fff00000c7735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.237162] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 33.187040] ================================================================== [ 33.187329] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 33.188196] Read of size 1 at addr fff00000c5757308 by task kunit_try_catch/195 [ 33.189566] [ 33.190453] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.191260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.191801] Hardware name: linux,dummy-virt (DT) [ 33.191928] Call trace: [ 33.191993] show_stack+0x20/0x38 (C) [ 33.192123] dump_stack_lvl+0x8c/0xd0 [ 33.192250] print_report+0x118/0x608 [ 33.192855] kasan_report+0xdc/0x128 [ 33.193019] __asan_report_load1_noabort+0x20/0x30 [ 33.193140] kmalloc_uaf+0x300/0x338 [ 33.193246] kunit_try_run_case+0x170/0x3f0 [ 33.193364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.193871] kthread+0x328/0x630 [ 33.194838] ret_from_fork+0x10/0x20 [ 33.195063] [ 33.195174] Allocated by task 195: [ 33.195306] kasan_save_stack+0x3c/0x68 [ 33.195412] kasan_save_track+0x20/0x40 [ 33.195533] kasan_save_alloc_info+0x40/0x58 [ 33.195800] __kasan_kmalloc+0xd4/0xd8 [ 33.195946] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.196041] kmalloc_uaf+0xb8/0x338 [ 33.196131] kunit_try_run_case+0x170/0x3f0 [ 33.196276] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.196502] kthread+0x328/0x630 [ 33.196589] ret_from_fork+0x10/0x20 [ 33.196676] [ 33.196777] Freed by task 195: [ 33.196931] kasan_save_stack+0x3c/0x68 [ 33.197080] kasan_save_track+0x20/0x40 [ 33.197195] kasan_save_free_info+0x4c/0x78 [ 33.197305] __kasan_slab_free+0x6c/0x98 [ 33.197467] kfree+0x214/0x3c8 [ 33.197559] kmalloc_uaf+0x11c/0x338 [ 33.197669] kunit_try_run_case+0x170/0x3f0 [ 33.197821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.197968] kthread+0x328/0x630 [ 33.198066] ret_from_fork+0x10/0x20 [ 33.198161] [ 33.198231] The buggy address belongs to the object at fff00000c5757300 [ 33.198231] which belongs to the cache kmalloc-16 of size 16 [ 33.198505] The buggy address is located 8 bytes inside of [ 33.198505] freed 16-byte region [fff00000c5757300, fff00000c5757310) [ 33.198754] [ 33.198808] The buggy address belongs to the physical page: [ 33.198907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 33.199035] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.199358] page_type: f5(slab) [ 33.199547] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.199741] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 33.199850] page dumped because: kasan: bad access detected [ 33.199962] [ 33.200016] Memory state around the buggy address: [ 33.200110] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 33.200229] fff00000c5757280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.200402] >fff00000c5757300: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.200499] ^ [ 33.200606] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.200724] fff00000c5757400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.200921] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 33.147147] ================================================================== [ 33.148215] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 33.148380] Read of size 64 at addr fff00000c7735304 by task kunit_try_catch/193 [ 33.148877] [ 33.149875] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.151313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.151403] Hardware name: linux,dummy-virt (DT) [ 33.151500] Call trace: [ 33.151564] show_stack+0x20/0x38 (C) [ 33.152346] dump_stack_lvl+0x8c/0xd0 [ 33.152843] print_report+0x118/0x608 [ 33.153225] kasan_report+0xdc/0x128 [ 33.153341] kasan_check_range+0x100/0x1a8 [ 33.153459] __asan_memmove+0x3c/0x98 [ 33.153564] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 33.153684] kunit_try_run_case+0x170/0x3f0 [ 33.154072] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.155246] kthread+0x328/0x630 [ 33.155517] ret_from_fork+0x10/0x20 [ 33.156413] [ 33.156656] Allocated by task 193: [ 33.157042] kasan_save_stack+0x3c/0x68 [ 33.157179] kasan_save_track+0x20/0x40 [ 33.157553] kasan_save_alloc_info+0x40/0x58 [ 33.157959] __kasan_kmalloc+0xd4/0xd8 [ 33.158323] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.158491] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 33.158594] kunit_try_run_case+0x170/0x3f0 [ 33.158694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.159295] kthread+0x328/0x630 [ 33.159421] ret_from_fork+0x10/0x20 [ 33.160002] [ 33.160056] The buggy address belongs to the object at fff00000c7735300 [ 33.160056] which belongs to the cache kmalloc-64 of size 64 [ 33.160457] The buggy address is located 4 bytes inside of [ 33.160457] allocated 64-byte region [fff00000c7735300, fff00000c7735340) [ 33.161115] [ 33.161427] The buggy address belongs to the physical page: [ 33.161636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 33.162033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.162168] page_type: f5(slab) [ 33.162743] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.162898] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.163241] page dumped because: kasan: bad access detected [ 33.163442] [ 33.163563] Memory state around the buggy address: [ 33.163650] fff00000c7735200: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 33.163769] fff00000c7735280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.163874] >fff00000c7735300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.164060] ^ [ 33.164153] fff00000c7735380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164254] fff00000c7735400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164991] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 33.116918] ================================================================== [ 33.117291] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 33.117438] Read of size 18446744073709551614 at addr fff00000c7735104 by task kunit_try_catch/191 [ 33.117627] [ 33.117715] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.117949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.118144] Hardware name: linux,dummy-virt (DT) [ 33.118297] Call trace: [ 33.118374] show_stack+0x20/0x38 (C) [ 33.118685] dump_stack_lvl+0x8c/0xd0 [ 33.118915] print_report+0x118/0x608 [ 33.119669] kasan_report+0xdc/0x128 [ 33.120011] kasan_check_range+0x100/0x1a8 [ 33.120230] __asan_memmove+0x3c/0x98 [ 33.120590] kmalloc_memmove_negative_size+0x154/0x2e0 [ 33.120846] kunit_try_run_case+0x170/0x3f0 [ 33.121074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.121757] kthread+0x328/0x630 [ 33.122053] ret_from_fork+0x10/0x20 [ 33.122400] [ 33.122500] Allocated by task 191: [ 33.122638] kasan_save_stack+0x3c/0x68 [ 33.123014] kasan_save_track+0x20/0x40 [ 33.123316] kasan_save_alloc_info+0x40/0x58 [ 33.123513] __kasan_kmalloc+0xd4/0xd8 [ 33.123817] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.124215] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 33.125594] kunit_try_run_case+0x170/0x3f0 [ 33.125949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.126221] kthread+0x328/0x630 [ 33.126377] ret_from_fork+0x10/0x20 [ 33.126482] [ 33.127058] The buggy address belongs to the object at fff00000c7735100 [ 33.127058] which belongs to the cache kmalloc-64 of size 64 [ 33.127314] The buggy address is located 4 bytes inside of [ 33.127314] 64-byte region [fff00000c7735100, fff00000c7735140) [ 33.127827] [ 33.128003] The buggy address belongs to the physical page: [ 33.128190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 33.128316] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.128436] page_type: f5(slab) [ 33.128639] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.129168] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.129439] page dumped because: kasan: bad access detected [ 33.129769] [ 33.129966] Memory state around the buggy address: [ 33.130152] fff00000c7735000: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 33.130436] fff00000c7735080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.130543] >fff00000c7735100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.130640] ^ [ 33.130709] fff00000c7735180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.131658] fff00000c7735200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.131722] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 33.074708] ================================================================== [ 33.074824] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 33.075032] Write of size 16 at addr fff00000c7732469 by task kunit_try_catch/189 [ 33.075778] [ 33.075863] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.076104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.076295] Hardware name: linux,dummy-virt (DT) [ 33.076503] Call trace: [ 33.076659] show_stack+0x20/0x38 (C) [ 33.076824] dump_stack_lvl+0x8c/0xd0 [ 33.077510] print_report+0x118/0x608 [ 33.077955] kasan_report+0xdc/0x128 [ 33.078167] kasan_check_range+0x100/0x1a8 [ 33.078529] __asan_memset+0x34/0x78 [ 33.078737] kmalloc_oob_memset_16+0x150/0x2f8 [ 33.079438] kunit_try_run_case+0x170/0x3f0 [ 33.081121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.081224] kthread+0x328/0x630 [ 33.081309] ret_from_fork+0x10/0x20 [ 33.081371] [ 33.081394] Allocated by task 189: [ 33.081428] kasan_save_stack+0x3c/0x68 [ 33.081479] kasan_save_track+0x20/0x40 [ 33.081525] kasan_save_alloc_info+0x40/0x58 [ 33.081568] __kasan_kmalloc+0xd4/0xd8 [ 33.081611] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.081658] kmalloc_oob_memset_16+0xb0/0x2f8 [ 33.081702] kunit_try_run_case+0x170/0x3f0 [ 33.081747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.081798] kthread+0x328/0x630 [ 33.081836] ret_from_fork+0x10/0x20 [ 33.081878] [ 33.082089] The buggy address belongs to the object at fff00000c7732400 [ 33.082089] which belongs to the cache kmalloc-128 of size 128 [ 33.082237] The buggy address is located 105 bytes inside of [ 33.082237] allocated 120-byte region [fff00000c7732400, fff00000c7732478) [ 33.082385] [ 33.082432] The buggy address belongs to the physical page: [ 33.082505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.082622] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.082733] page_type: f5(slab) [ 33.082823] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.082969] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.083063] page dumped because: kasan: bad access detected [ 33.083138] [ 33.083194] Memory state around the buggy address: [ 33.083313] fff00000c7732300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.083748] fff00000c7732380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.083902] >fff00000c7732400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.084046] ^ [ 33.084225] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.084508] fff00000c7732500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.084622] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 33.032034] ================================================================== [ 33.032149] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 33.032263] Write of size 4 at addr fff00000c7732275 by task kunit_try_catch/185 [ 33.032378] [ 33.032449] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.032645] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.032708] Hardware name: linux,dummy-virt (DT) [ 33.032775] Call trace: [ 33.032825] show_stack+0x20/0x38 (C) [ 33.032995] dump_stack_lvl+0x8c/0xd0 [ 33.033191] print_report+0x118/0x608 [ 33.033326] kasan_report+0xdc/0x128 [ 33.033493] kasan_check_range+0x100/0x1a8 [ 33.033620] __asan_memset+0x34/0x78 [ 33.033735] kmalloc_oob_memset_4+0x150/0x300 [ 33.033849] kunit_try_run_case+0x170/0x3f0 [ 33.033982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.034110] kthread+0x328/0x630 [ 33.034218] ret_from_fork+0x10/0x20 [ 33.034328] [ 33.034387] Allocated by task 185: [ 33.034452] kasan_save_stack+0x3c/0x68 [ 33.034545] kasan_save_track+0x20/0x40 [ 33.034633] kasan_save_alloc_info+0x40/0x58 [ 33.034735] __kasan_kmalloc+0xd4/0xd8 [ 33.034847] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.035183] kmalloc_oob_memset_4+0xb0/0x300 [ 33.035387] kunit_try_run_case+0x170/0x3f0 [ 33.035577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.035748] kthread+0x328/0x630 [ 33.035843] ret_from_fork+0x10/0x20 [ 33.036030] [ 33.036091] The buggy address belongs to the object at fff00000c7732200 [ 33.036091] which belongs to the cache kmalloc-128 of size 128 [ 33.036225] The buggy address is located 117 bytes inside of [ 33.036225] allocated 120-byte region [fff00000c7732200, fff00000c7732278) [ 33.036372] [ 33.036420] The buggy address belongs to the physical page: [ 33.036497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.036648] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.036880] page_type: f5(slab) [ 33.037054] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.037192] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.037436] page dumped because: kasan: bad access detected [ 33.037637] [ 33.037767] Memory state around the buggy address: [ 33.037849] fff00000c7732100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.038008] fff00000c7732180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.038137] >fff00000c7732200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.038238] ^ [ 33.038544] fff00000c7732280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.038649] fff00000c7732300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.038748] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 33.006054] ================================================================== [ 33.006502] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 33.006645] Write of size 2 at addr fff00000c7732177 by task kunit_try_catch/183 [ 33.007184] [ 33.007554] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.007944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.008020] Hardware name: linux,dummy-virt (DT) [ 33.008312] Call trace: [ 33.008375] show_stack+0x20/0x38 (C) [ 33.008497] dump_stack_lvl+0x8c/0xd0 [ 33.008618] print_report+0x118/0x608 [ 33.008982] kasan_report+0xdc/0x128 [ 33.009201] kasan_check_range+0x100/0x1a8 [ 33.009396] __asan_memset+0x34/0x78 [ 33.009513] kmalloc_oob_memset_2+0x150/0x2f8 [ 33.009628] kunit_try_run_case+0x170/0x3f0 [ 33.009769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.009915] kthread+0x328/0x630 [ 33.010042] ret_from_fork+0x10/0x20 [ 33.010162] [ 33.010239] Allocated by task 183: [ 33.010309] kasan_save_stack+0x3c/0x68 [ 33.010449] kasan_save_track+0x20/0x40 [ 33.010544] kasan_save_alloc_info+0x40/0x58 [ 33.010631] __kasan_kmalloc+0xd4/0xd8 [ 33.010719] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.010814] kmalloc_oob_memset_2+0xb0/0x2f8 [ 33.011511] kunit_try_run_case+0x170/0x3f0 [ 33.011916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.012243] kthread+0x328/0x630 [ 33.012342] ret_from_fork+0x10/0x20 [ 33.012435] [ 33.012485] The buggy address belongs to the object at fff00000c7732100 [ 33.012485] which belongs to the cache kmalloc-128 of size 128 [ 33.012663] The buggy address is located 119 bytes inside of [ 33.012663] allocated 120-byte region [fff00000c7732100, fff00000c7732178) [ 33.012874] [ 33.012985] The buggy address belongs to the physical page: [ 33.013158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.013279] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.013391] page_type: f5(slab) [ 33.013484] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.013599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.013743] page dumped because: kasan: bad access detected [ 33.013844] [ 33.013904] Memory state around the buggy address: [ 33.013982] fff00000c7732000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.014082] fff00000c7732080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.014189] >fff00000c7732100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.014310] ^ [ 33.014535] fff00000c7732180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.014746] fff00000c7732200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.014835] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 32.965241] ================================================================== [ 32.965378] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 32.965620] Write of size 128 at addr fff00000c7732000 by task kunit_try_catch/181 [ 32.965799] [ 32.965906] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.966205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.966390] Hardware name: linux,dummy-virt (DT) [ 32.966493] Call trace: [ 32.966549] show_stack+0x20/0x38 (C) [ 32.966667] dump_stack_lvl+0x8c/0xd0 [ 32.966779] print_report+0x118/0x608 [ 32.966907] kasan_report+0xdc/0x128 [ 32.967023] kasan_check_range+0x100/0x1a8 [ 32.969025] __asan_memset+0x34/0x78 [ 32.969559] kmalloc_oob_in_memset+0x144/0x2d0 [ 32.969794] kunit_try_run_case+0x170/0x3f0 [ 32.969955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.970640] kthread+0x328/0x630 [ 32.970862] ret_from_fork+0x10/0x20 [ 32.971809] [ 32.971955] Allocated by task 181: [ 32.972533] kasan_save_stack+0x3c/0x68 [ 32.973018] kasan_save_track+0x20/0x40 [ 32.973390] kasan_save_alloc_info+0x40/0x58 [ 32.974136] __kasan_kmalloc+0xd4/0xd8 [ 32.974416] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.975424] kmalloc_oob_in_memset+0xb0/0x2d0 [ 32.975561] kunit_try_run_case+0x170/0x3f0 [ 32.976371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.976483] kthread+0x328/0x630 [ 32.976944] ret_from_fork+0x10/0x20 [ 32.977461] [ 32.977647] The buggy address belongs to the object at fff00000c7732000 [ 32.977647] which belongs to the cache kmalloc-128 of size 128 [ 32.977778] The buggy address is located 0 bytes inside of [ 32.977778] allocated 120-byte region [fff00000c7732000, fff00000c7732078) [ 32.978396] [ 32.978771] The buggy address belongs to the physical page: [ 32.978847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 32.980089] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.980564] page_type: f5(slab) [ 32.981201] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.981644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.981741] page dumped because: kasan: bad access detected [ 32.982780] [ 32.982958] Memory state around the buggy address: [ 32.983328] fff00000c7731f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.983518] fff00000c7731f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.983618] >fff00000c7732000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.983709] ^ [ 32.983813] fff00000c7732080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.983933] fff00000c7732100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.984021] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 32.919165] ================================================================== [ 32.919857] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 32.920185] Read of size 16 at addr fff00000c57572e0 by task kunit_try_catch/179 [ 32.920620] [ 32.920718] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.921413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.921609] Hardware name: linux,dummy-virt (DT) [ 32.921833] Call trace: [ 32.922142] show_stack+0x20/0x38 (C) [ 32.922481] dump_stack_lvl+0x8c/0xd0 [ 32.922911] print_report+0x118/0x608 [ 32.923926] kasan_report+0xdc/0x128 [ 32.924262] __asan_report_load16_noabort+0x20/0x30 [ 32.924553] kmalloc_uaf_16+0x3bc/0x438 [ 32.924683] kunit_try_run_case+0x170/0x3f0 [ 32.924805] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.925080] kthread+0x328/0x630 [ 32.925413] ret_from_fork+0x10/0x20 [ 32.925569] [ 32.925618] Allocated by task 179: [ 32.925682] kasan_save_stack+0x3c/0x68 [ 32.925776] kasan_save_track+0x20/0x40 [ 32.925872] kasan_save_alloc_info+0x40/0x58 [ 32.926381] __kasan_kmalloc+0xd4/0xd8 [ 32.926485] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.926598] kmalloc_uaf_16+0x140/0x438 [ 32.926698] kunit_try_run_case+0x170/0x3f0 [ 32.926843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.927173] kthread+0x328/0x630 [ 32.927265] ret_from_fork+0x10/0x20 [ 32.927356] [ 32.927427] Freed by task 179: [ 32.927588] kasan_save_stack+0x3c/0x68 [ 32.927728] kasan_save_track+0x20/0x40 [ 32.927871] kasan_save_free_info+0x4c/0x78 [ 32.928063] __kasan_slab_free+0x6c/0x98 [ 32.928236] kfree+0x214/0x3c8 [ 32.928448] kmalloc_uaf_16+0x190/0x438 [ 32.928650] kunit_try_run_case+0x170/0x3f0 [ 32.928841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.928972] kthread+0x328/0x630 [ 32.929513] ret_from_fork+0x10/0x20 [ 32.929702] [ 32.929784] The buggy address belongs to the object at fff00000c57572e0 [ 32.929784] which belongs to the cache kmalloc-16 of size 16 [ 32.929929] The buggy address is located 0 bytes inside of [ 32.929929] freed 16-byte region [fff00000c57572e0, fff00000c57572f0) [ 32.930076] [ 32.930143] The buggy address belongs to the physical page: [ 32.930218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 32.930338] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.930462] page_type: f5(slab) [ 32.930554] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 32.930699] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.930795] page dumped because: kasan: bad access detected [ 32.930865] [ 32.930943] Memory state around the buggy address: [ 32.931029] fff00000c5757180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.931496] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.931629] >fff00000c5757280: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 32.931881] ^ [ 32.932658] fff00000c5757300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.932936] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.933034] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 32.895631] ================================================================== [ 32.895786] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 32.895931] Write of size 16 at addr fff00000c5757280 by task kunit_try_catch/177 [ 32.896081] [ 32.896178] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.896530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.896602] Hardware name: linux,dummy-virt (DT) [ 32.896690] Call trace: [ 32.896820] show_stack+0x20/0x38 (C) [ 32.897040] dump_stack_lvl+0x8c/0xd0 [ 32.897179] print_report+0x118/0x608 [ 32.897321] kasan_report+0xdc/0x128 [ 32.897615] __asan_report_store16_noabort+0x20/0x30 [ 32.897875] kmalloc_oob_16+0x3a0/0x3f8 [ 32.898015] kunit_try_run_case+0x170/0x3f0 [ 32.898150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.898489] kthread+0x328/0x630 [ 32.898775] ret_from_fork+0x10/0x20 [ 32.898914] [ 32.898967] Allocated by task 177: [ 32.899035] kasan_save_stack+0x3c/0x68 [ 32.899208] kasan_save_track+0x20/0x40 [ 32.899312] kasan_save_alloc_info+0x40/0x58 [ 32.899453] __kasan_kmalloc+0xd4/0xd8 [ 32.899633] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.900147] kmalloc_oob_16+0xb4/0x3f8 [ 32.900366] kunit_try_run_case+0x170/0x3f0 [ 32.900592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.900695] kthread+0x328/0x630 [ 32.901717] ret_from_fork+0x10/0x20 [ 32.901883] [ 32.901958] The buggy address belongs to the object at fff00000c5757280 [ 32.901958] which belongs to the cache kmalloc-16 of size 16 [ 32.902116] The buggy address is located 0 bytes inside of [ 32.902116] allocated 13-byte region [fff00000c5757280, fff00000c575728d) [ 32.902334] [ 32.902395] The buggy address belongs to the physical page: [ 32.902468] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 32.902605] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.902740] page_type: f5(slab) [ 32.902866] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 32.903015] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.903139] page dumped because: kasan: bad access detected [ 32.903223] [ 32.903276] Memory state around the buggy address: [ 32.903360] fff00000c5757180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.903468] fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 32.903568] >fff00000c5757280: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.904109] ^ [ 32.904200] fff00000c5757300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.904309] fff00000c5757380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.904722] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 32.868501] ================================================================== [ 32.868564] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 32.868625] Read of size 1 at addr fff00000c4633a00 by task kunit_try_catch/175 [ 32.868683] [ 32.868724] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.868822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.868853] Hardware name: linux,dummy-virt (DT) [ 32.868913] Call trace: [ 32.868988] show_stack+0x20/0x38 (C) [ 32.869106] dump_stack_lvl+0x8c/0xd0 [ 32.869219] print_report+0x118/0x608 [ 32.869334] kasan_report+0xdc/0x128 [ 32.869458] __asan_report_load1_noabort+0x20/0x30 [ 32.869576] krealloc_uaf+0x4c8/0x520 [ 32.869683] kunit_try_run_case+0x170/0x3f0 [ 32.869795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.869937] kthread+0x328/0x630 [ 32.870043] ret_from_fork+0x10/0x20 [ 32.870155] [ 32.870197] Allocated by task 175: [ 32.870261] kasan_save_stack+0x3c/0x68 [ 32.870371] kasan_save_track+0x20/0x40 [ 32.870477] kasan_save_alloc_info+0x40/0x58 [ 32.870667] __kasan_kmalloc+0xd4/0xd8 [ 32.870950] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.871143] krealloc_uaf+0xc8/0x520 [ 32.871282] kunit_try_run_case+0x170/0x3f0 [ 32.871382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.871503] kthread+0x328/0x630 [ 32.871597] ret_from_fork+0x10/0x20 [ 32.871815] [ 32.871865] Freed by task 175: [ 32.871983] kasan_save_stack+0x3c/0x68 [ 32.872134] kasan_save_track+0x20/0x40 [ 32.872328] kasan_save_free_info+0x4c/0x78 [ 32.872430] __kasan_slab_free+0x6c/0x98 [ 32.872656] kfree+0x214/0x3c8 [ 32.872899] krealloc_uaf+0x12c/0x520 [ 32.873079] kunit_try_run_case+0x170/0x3f0 [ 32.873218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.873336] kthread+0x328/0x630 [ 32.873477] ret_from_fork+0x10/0x20 [ 32.873576] [ 32.873629] The buggy address belongs to the object at fff00000c4633a00 [ 32.873629] which belongs to the cache kmalloc-256 of size 256 [ 32.873771] The buggy address is located 0 bytes inside of [ 32.873771] freed 256-byte region [fff00000c4633a00, fff00000c4633b00) [ 32.873972] [ 32.874025] The buggy address belongs to the physical page: [ 32.874134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.874328] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.874461] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.874777] page_type: f5(slab) [ 32.874976] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.875244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.875370] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.875537] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.875667] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.875797] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.875944] page dumped because: kasan: bad access detected [ 32.876088] [ 32.876136] Memory state around the buggy address: [ 32.876223] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.876328] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.876430] >fff00000c4633a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.877483] ^ [ 32.878162] fff00000c4633a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.878465] fff00000c4633b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.878590] ================================================================== [ 32.850203] ================================================================== [ 32.850390] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 32.850505] Read of size 1 at addr fff00000c4633a00 by task kunit_try_catch/175 [ 32.850615] [ 32.850683] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.850876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.850957] Hardware name: linux,dummy-virt (DT) [ 32.851043] Call trace: [ 32.851110] show_stack+0x20/0x38 (C) [ 32.851285] dump_stack_lvl+0x8c/0xd0 [ 32.851511] print_report+0x118/0x608 [ 32.851644] kasan_report+0xdc/0x128 [ 32.851792] __kasan_check_byte+0x54/0x70 [ 32.852069] krealloc_noprof+0x44/0x360 [ 32.852191] krealloc_uaf+0x180/0x520 [ 32.852317] kunit_try_run_case+0x170/0x3f0 [ 32.852540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.852793] kthread+0x328/0x630 [ 32.852929] ret_from_fork+0x10/0x20 [ 32.853242] [ 32.853293] Allocated by task 175: [ 32.853417] kasan_save_stack+0x3c/0x68 [ 32.853561] kasan_save_track+0x20/0x40 [ 32.853861] kasan_save_alloc_info+0x40/0x58 [ 32.854009] __kasan_kmalloc+0xd4/0xd8 [ 32.854107] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.854226] krealloc_uaf+0xc8/0x520 [ 32.854476] kunit_try_run_case+0x170/0x3f0 [ 32.854643] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.855014] kthread+0x328/0x630 [ 32.855151] ret_from_fork+0x10/0x20 [ 32.855308] [ 32.855512] Freed by task 175: [ 32.855623] kasan_save_stack+0x3c/0x68 [ 32.855841] kasan_save_track+0x20/0x40 [ 32.856159] kasan_save_free_info+0x4c/0x78 [ 32.856273] __kasan_slab_free+0x6c/0x98 [ 32.856871] kfree+0x214/0x3c8 [ 32.857047] krealloc_uaf+0x12c/0x520 [ 32.857172] kunit_try_run_case+0x170/0x3f0 [ 32.857426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.857691] kthread+0x328/0x630 [ 32.857877] ret_from_fork+0x10/0x20 [ 32.858045] [ 32.858165] The buggy address belongs to the object at fff00000c4633a00 [ 32.858165] which belongs to the cache kmalloc-256 of size 256 [ 32.858691] The buggy address is located 0 bytes inside of [ 32.858691] freed 256-byte region [fff00000c4633a00, fff00000c4633b00) [ 32.859179] [ 32.859876] The buggy address belongs to the physical page: [ 32.860023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.860560] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.861466] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.861856] page_type: f5(slab) [ 32.861995] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.862384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.862618] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.862852] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.862994] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.863578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.863981] page dumped because: kasan: bad access detected [ 32.864097] [ 32.864174] Memory state around the buggy address: [ 32.864348] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.864510] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.864797] >fff00000c4633a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.865097] ^ [ 32.865263] fff00000c4633a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.866044] fff00000c4633b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.867059] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 32.819229] ================================================================== [ 32.819320] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.819994] Write of size 1 at addr fff00000c775e0ea by task kunit_try_catch/173 [ 32.820343] [ 32.820493] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.820772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.821072] Hardware name: linux,dummy-virt (DT) [ 32.821177] Call trace: [ 32.821287] show_stack+0x20/0x38 (C) [ 32.821402] dump_stack_lvl+0x8c/0xd0 [ 32.821512] print_report+0x118/0x608 [ 32.821626] kasan_report+0xdc/0x128 [ 32.821791] __asan_report_store1_noabort+0x20/0x30 [ 32.822139] krealloc_less_oob_helper+0xae4/0xc50 [ 32.822300] krealloc_large_less_oob+0x20/0x38 [ 32.822615] kunit_try_run_case+0x170/0x3f0 [ 32.822795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.822961] kthread+0x328/0x630 [ 32.823087] ret_from_fork+0x10/0x20 [ 32.823267] [ 32.823565] The buggy address belongs to the physical page: [ 32.823793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c [ 32.823932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.824040] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.824152] page_type: f8(unknown) [ 32.824237] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.824360] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.824481] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.824597] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.824710] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff [ 32.825617] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.825739] page dumped because: kasan: bad access detected [ 32.825817] [ 32.825908] Memory state around the buggy address: [ 32.826117] fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.826321] fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.826457] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.826614] ^ [ 32.826757] fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.827313] fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.827565] ================================================================== [ 32.680307] ================================================================== [ 32.680413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.680525] Write of size 1 at addr fff00000c46338d0 by task kunit_try_catch/169 [ 32.680637] [ 32.680724] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.681166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.681230] Hardware name: linux,dummy-virt (DT) [ 32.681438] Call trace: [ 32.681590] show_stack+0x20/0x38 (C) [ 32.681856] dump_stack_lvl+0x8c/0xd0 [ 32.682007] print_report+0x118/0x608 [ 32.682210] kasan_report+0xdc/0x128 [ 32.682389] __asan_report_store1_noabort+0x20/0x30 [ 32.682527] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.682663] krealloc_less_oob+0x20/0x38 [ 32.682791] kunit_try_run_case+0x170/0x3f0 [ 32.683012] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.683256] kthread+0x328/0x630 [ 32.683370] ret_from_fork+0x10/0x20 [ 32.683434] [ 32.683457] Allocated by task 169: [ 32.683505] kasan_save_stack+0x3c/0x68 [ 32.683586] kasan_save_track+0x20/0x40 [ 32.683634] kasan_save_alloc_info+0x40/0x58 [ 32.683677] __kasan_krealloc+0x118/0x178 [ 32.683721] krealloc_noprof+0x128/0x360 [ 32.683766] krealloc_less_oob_helper+0x168/0xc50 [ 32.683812] krealloc_less_oob+0x20/0x38 [ 32.683854] kunit_try_run_case+0x170/0x3f0 [ 32.683989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.684116] kthread+0x328/0x630 [ 32.684291] ret_from_fork+0x10/0x20 [ 32.684480] [ 32.684604] The buggy address belongs to the object at fff00000c4633800 [ 32.684604] which belongs to the cache kmalloc-256 of size 256 [ 32.684740] The buggy address is located 7 bytes to the right of [ 32.684740] allocated 201-byte region [fff00000c4633800, fff00000c46338c9) [ 32.684908] [ 32.684959] The buggy address belongs to the physical page: [ 32.685075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.685268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.685397] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.685535] page_type: f5(slab) [ 32.685787] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.686046] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.686371] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.686546] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.686801] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.687160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.687271] page dumped because: kasan: bad access detected [ 32.687391] [ 32.687443] Memory state around the buggy address: [ 32.687524] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.687680] fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.688016] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.688365] ^ [ 32.688637] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.688757] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.689300] ================================================================== [ 32.692935] ================================================================== [ 32.693036] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.693137] Write of size 1 at addr fff00000c46338da by task kunit_try_catch/169 [ 32.693249] [ 32.693316] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.693501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.693561] Hardware name: linux,dummy-virt (DT) [ 32.693629] Call trace: [ 32.693677] show_stack+0x20/0x38 (C) [ 32.693791] dump_stack_lvl+0x8c/0xd0 [ 32.693921] print_report+0x118/0x608 [ 32.694058] kasan_report+0xdc/0x128 [ 32.694193] __asan_report_store1_noabort+0x20/0x30 [ 32.694332] krealloc_less_oob_helper+0xa80/0xc50 [ 32.694491] krealloc_less_oob+0x20/0x38 [ 32.694629] kunit_try_run_case+0x170/0x3f0 [ 32.694765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.694926] kthread+0x328/0x630 [ 32.695054] ret_from_fork+0x10/0x20 [ 32.695279] [ 32.695464] Allocated by task 169: [ 32.695596] kasan_save_stack+0x3c/0x68 [ 32.695707] kasan_save_track+0x20/0x40 [ 32.695815] kasan_save_alloc_info+0x40/0x58 [ 32.695939] __kasan_krealloc+0x118/0x178 [ 32.696045] krealloc_noprof+0x128/0x360 [ 32.696174] krealloc_less_oob_helper+0x168/0xc50 [ 32.696284] krealloc_less_oob+0x20/0x38 [ 32.696377] kunit_try_run_case+0x170/0x3f0 [ 32.696460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.696559] kthread+0x328/0x630 [ 32.696668] ret_from_fork+0x10/0x20 [ 32.696763] [ 32.696808] The buggy address belongs to the object at fff00000c4633800 [ 32.696808] which belongs to the cache kmalloc-256 of size 256 [ 32.696972] The buggy address is located 17 bytes to the right of [ 32.696972] allocated 201-byte region [fff00000c4633800, fff00000c46338c9) [ 32.697234] [ 32.697294] The buggy address belongs to the physical page: [ 32.697451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.697620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.697852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.698154] page_type: f5(slab) [ 32.698253] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.698475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.698656] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.699441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.699680] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.699800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.699909] page dumped because: kasan: bad access detected [ 32.699989] [ 32.700039] Memory state around the buggy address: [ 32.700110] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.700202] fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.700298] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.700385] ^ [ 32.700479] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.700578] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.700663] ================================================================== [ 32.788658] ================================================================== [ 32.789140] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.790384] Write of size 1 at addr fff00000c775e0c9 by task kunit_try_catch/173 [ 32.790692] [ 32.790947] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.791217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.791293] Hardware name: linux,dummy-virt (DT) [ 32.791549] Call trace: [ 32.791942] show_stack+0x20/0x38 (C) [ 32.792103] dump_stack_lvl+0x8c/0xd0 [ 32.792233] print_report+0x118/0x608 [ 32.792972] kasan_report+0xdc/0x128 [ 32.793593] __asan_report_store1_noabort+0x20/0x30 [ 32.793754] krealloc_less_oob_helper+0xa48/0xc50 [ 32.794045] krealloc_large_less_oob+0x20/0x38 [ 32.794169] kunit_try_run_case+0x170/0x3f0 [ 32.794283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.794421] kthread+0x328/0x630 [ 32.794969] ret_from_fork+0x10/0x20 [ 32.795211] [ 32.795398] The buggy address belongs to the physical page: [ 32.795709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c [ 32.796333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.796450] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.796581] page_type: f8(unknown) [ 32.796674] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.797966] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.798134] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.798790] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.798927] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff [ 32.799043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.799178] page dumped because: kasan: bad access detected [ 32.799640] [ 32.799722] Memory state around the buggy address: [ 32.799940] fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.800207] fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.800328] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.800417] ^ [ 32.801307] fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.801457] fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.801909] ================================================================== [ 32.702102] ================================================================== [ 32.702249] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.702370] Write of size 1 at addr fff00000c46338ea by task kunit_try_catch/169 [ 32.702490] [ 32.702560] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.702751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.702817] Hardware name: linux,dummy-virt (DT) [ 32.702956] Call trace: [ 32.703052] show_stack+0x20/0x38 (C) [ 32.703234] dump_stack_lvl+0x8c/0xd0 [ 32.703439] print_report+0x118/0x608 [ 32.703569] kasan_report+0xdc/0x128 [ 32.703733] __asan_report_store1_noabort+0x20/0x30 [ 32.703866] krealloc_less_oob_helper+0xae4/0xc50 [ 32.704043] krealloc_less_oob+0x20/0x38 [ 32.704179] kunit_try_run_case+0x170/0x3f0 [ 32.704403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.704536] kthread+0x328/0x630 [ 32.704650] ret_from_fork+0x10/0x20 [ 32.704856] [ 32.704944] Allocated by task 169: [ 32.705019] kasan_save_stack+0x3c/0x68 [ 32.705124] kasan_save_track+0x20/0x40 [ 32.705290] kasan_save_alloc_info+0x40/0x58 [ 32.705387] __kasan_krealloc+0x118/0x178 [ 32.705487] krealloc_noprof+0x128/0x360 [ 32.705580] krealloc_less_oob_helper+0x168/0xc50 [ 32.705693] krealloc_less_oob+0x20/0x38 [ 32.705805] kunit_try_run_case+0x170/0x3f0 [ 32.705998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.706200] kthread+0x328/0x630 [ 32.706429] ret_from_fork+0x10/0x20 [ 32.706521] [ 32.706566] The buggy address belongs to the object at fff00000c4633800 [ 32.706566] which belongs to the cache kmalloc-256 of size 256 [ 32.706693] The buggy address is located 33 bytes to the right of [ 32.706693] allocated 201-byte region [fff00000c4633800, fff00000c46338c9) [ 32.706850] [ 32.707310] The buggy address belongs to the physical page: [ 32.707387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.707690] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.709994] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.710126] page_type: f5(slab) [ 32.710228] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.710369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.710506] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.710600] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.710682] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.710743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.710790] page dumped because: kasan: bad access detected [ 32.710827] [ 32.710847] Memory state around the buggy address: [ 32.710915] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.710976] fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.711029] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.711072] ^ [ 32.711153] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.711208] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.711253] ================================================================== [ 32.714143] ================================================================== [ 32.714242] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.714342] Write of size 1 at addr fff00000c46338eb by task kunit_try_catch/169 [ 32.714464] [ 32.714531] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.714717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.714779] Hardware name: linux,dummy-virt (DT) [ 32.714847] Call trace: [ 32.714912] show_stack+0x20/0x38 (C) [ 32.715042] dump_stack_lvl+0x8c/0xd0 [ 32.715161] print_report+0x118/0x608 [ 32.715275] kasan_report+0xdc/0x128 [ 32.715385] __asan_report_store1_noabort+0x20/0x30 [ 32.715497] krealloc_less_oob_helper+0xa58/0xc50 [ 32.715610] krealloc_less_oob+0x20/0x38 [ 32.715717] kunit_try_run_case+0x170/0x3f0 [ 32.715837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.716021] kthread+0x328/0x630 [ 32.716149] ret_from_fork+0x10/0x20 [ 32.716285] [ 32.716362] Allocated by task 169: [ 32.716442] kasan_save_stack+0x3c/0x68 [ 32.716545] kasan_save_track+0x20/0x40 [ 32.716651] kasan_save_alloc_info+0x40/0x58 [ 32.716754] __kasan_krealloc+0x118/0x178 [ 32.716877] krealloc_noprof+0x128/0x360 [ 32.717088] krealloc_less_oob_helper+0x168/0xc50 [ 32.717259] krealloc_less_oob+0x20/0x38 [ 32.717392] kunit_try_run_case+0x170/0x3f0 [ 32.717490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.717703] kthread+0x328/0x630 [ 32.717872] ret_from_fork+0x10/0x20 [ 32.718461] [ 32.718577] The buggy address belongs to the object at fff00000c4633800 [ 32.718577] which belongs to the cache kmalloc-256 of size 256 [ 32.718754] The buggy address is located 34 bytes to the right of [ 32.718754] allocated 201-byte region [fff00000c4633800, fff00000c46338c9) [ 32.718918] [ 32.718965] The buggy address belongs to the physical page: [ 32.719032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.719512] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.719727] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.719854] page_type: f5(slab) [ 32.719964] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.720292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.720478] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.720732] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.722974] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.723095] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.723995] page dumped because: kasan: bad access detected [ 32.724061] [ 32.724090] Memory state around the buggy address: [ 32.724129] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.724183] fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.724234] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.724282] ^ [ 32.724334] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.724385] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.724429] ================================================================== [ 32.810736] ================================================================== [ 32.810825] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.810947] Write of size 1 at addr fff00000c775e0da by task kunit_try_catch/173 [ 32.811076] [ 32.811170] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.811517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.811594] Hardware name: linux,dummy-virt (DT) [ 32.811800] Call trace: [ 32.812096] show_stack+0x20/0x38 (C) [ 32.812217] dump_stack_lvl+0x8c/0xd0 [ 32.812742] print_report+0x118/0x608 [ 32.813032] kasan_report+0xdc/0x128 [ 32.813157] __asan_report_store1_noabort+0x20/0x30 [ 32.813339] krealloc_less_oob_helper+0xa80/0xc50 [ 32.813514] krealloc_large_less_oob+0x20/0x38 [ 32.814172] kunit_try_run_case+0x170/0x3f0 [ 32.814550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.814700] kthread+0x328/0x630 [ 32.815157] ret_from_fork+0x10/0x20 [ 32.815272] [ 32.815326] The buggy address belongs to the physical page: [ 32.815384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c [ 32.815448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.815512] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.815603] page_type: f8(unknown) [ 32.815651] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.815710] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.815767] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.815822] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.815878] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff [ 32.816240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.816729] page dumped because: kasan: bad access detected [ 32.816824] [ 32.817249] Memory state around the buggy address: [ 32.817381] fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.817533] fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.817663] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.817836] ^ [ 32.818000] fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.818100] fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.818246] ================================================================== [ 32.659156] ================================================================== [ 32.659429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.659560] Write of size 1 at addr fff00000c46338c9 by task kunit_try_catch/169 [ 32.659691] [ 32.659771] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.660328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.660901] Hardware name: linux,dummy-virt (DT) [ 32.660990] Call trace: [ 32.661223] show_stack+0x20/0x38 (C) [ 32.661426] dump_stack_lvl+0x8c/0xd0 [ 32.661569] print_report+0x118/0x608 [ 32.661873] kasan_report+0xdc/0x128 [ 32.662230] __asan_report_store1_noabort+0x20/0x30 [ 32.662379] krealloc_less_oob_helper+0xa48/0xc50 [ 32.662500] krealloc_less_oob+0x20/0x38 [ 32.662614] kunit_try_run_case+0x170/0x3f0 [ 32.662728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.663577] kthread+0x328/0x630 [ 32.663736] ret_from_fork+0x10/0x20 [ 32.664133] [ 32.664351] Allocated by task 169: [ 32.664840] kasan_save_stack+0x3c/0x68 [ 32.664974] kasan_save_track+0x20/0x40 [ 32.665486] kasan_save_alloc_info+0x40/0x58 [ 32.665602] __kasan_krealloc+0x118/0x178 [ 32.666320] krealloc_noprof+0x128/0x360 [ 32.666719] krealloc_less_oob_helper+0x168/0xc50 [ 32.666959] krealloc_less_oob+0x20/0x38 [ 32.667053] kunit_try_run_case+0x170/0x3f0 [ 32.667517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.668003] kthread+0x328/0x630 [ 32.668375] ret_from_fork+0x10/0x20 [ 32.668749] [ 32.668958] The buggy address belongs to the object at fff00000c4633800 [ 32.668958] which belongs to the cache kmalloc-256 of size 256 [ 32.669557] The buggy address is located 0 bytes to the right of [ 32.669557] allocated 201-byte region [fff00000c4633800, fff00000c46338c9) [ 32.669709] [ 32.669759] The buggy address belongs to the physical page: [ 32.670133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.670569] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.671279] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.671426] page_type: f5(slab) [ 32.671947] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.672294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.672435] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.672570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.672694] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.672823] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.672937] page dumped because: kasan: bad access detected [ 32.674342] [ 32.674412] Memory state around the buggy address: [ 32.674858] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.674981] fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.675484] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.675587] ^ [ 32.676278] fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676397] fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676489] ================================================================== [ 32.803718] ================================================================== [ 32.803824] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.803961] Write of size 1 at addr fff00000c775e0d0 by task kunit_try_catch/173 [ 32.804085] [ 32.804182] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.804420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.804492] Hardware name: linux,dummy-virt (DT) [ 32.804573] Call trace: [ 32.804663] show_stack+0x20/0x38 (C) [ 32.804985] dump_stack_lvl+0x8c/0xd0 [ 32.805208] print_report+0x118/0x608 [ 32.805474] kasan_report+0xdc/0x128 [ 32.805660] __asan_report_store1_noabort+0x20/0x30 [ 32.805779] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.805919] krealloc_large_less_oob+0x20/0x38 [ 32.806087] kunit_try_run_case+0x170/0x3f0 [ 32.806330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.806579] kthread+0x328/0x630 [ 32.806800] ret_from_fork+0x10/0x20 [ 32.807083] [ 32.807159] The buggy address belongs to the physical page: [ 32.807327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c [ 32.807540] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.807753] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.807906] page_type: f8(unknown) [ 32.808013] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.808139] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.808260] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.808368] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.808482] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff [ 32.808675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.808807] page dumped because: kasan: bad access detected [ 32.808981] [ 32.809090] Memory state around the buggy address: [ 32.809170] fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.809279] fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.809378] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.809485] ^ [ 32.810008] fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.810126] fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.810318] ================================================================== [ 32.830675] ================================================================== [ 32.830771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.830914] Write of size 1 at addr fff00000c775e0eb by task kunit_try_catch/173 [ 32.831049] [ 32.831357] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.831502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.831558] Hardware name: linux,dummy-virt (DT) [ 32.831597] Call trace: [ 32.831623] show_stack+0x20/0x38 (C) [ 32.831685] dump_stack_lvl+0x8c/0xd0 [ 32.831742] print_report+0x118/0x608 [ 32.831798] kasan_report+0xdc/0x128 [ 32.831852] __asan_report_store1_noabort+0x20/0x30 [ 32.831974] krealloc_less_oob_helper+0xa58/0xc50 [ 32.832097] krealloc_large_less_oob+0x20/0x38 [ 32.832440] kunit_try_run_case+0x170/0x3f0 [ 32.832609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.832704] kthread+0x328/0x630 [ 32.832757] ret_from_fork+0x10/0x20 [ 32.832814] [ 32.832838] The buggy address belongs to the physical page: [ 32.832873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c [ 32.832961] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.833017] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.833075] page_type: f8(unknown) [ 32.833119] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.833179] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.833238] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.833293] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.833348] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff [ 32.833404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.833449] page dumped because: kasan: bad access detected [ 32.833485] [ 32.833505] Memory state around the buggy address: [ 32.833541] fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.833594] fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.833645] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.833688] ^ [ 32.833737] fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.833786] fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.833830] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 32.756764] ================================================================== [ 32.757057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.757167] Write of size 1 at addr fff00000c775a0f0 by task kunit_try_catch/171 [ 32.757277] [ 32.757346] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.757532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.757595] Hardware name: linux,dummy-virt (DT) [ 32.759485] Call trace: [ 32.759552] show_stack+0x20/0x38 (C) [ 32.760609] dump_stack_lvl+0x8c/0xd0 [ 32.761186] print_report+0x118/0x608 [ 32.761306] kasan_report+0xdc/0x128 [ 32.761420] __asan_report_store1_noabort+0x20/0x30 [ 32.761533] krealloc_more_oob_helper+0x5c0/0x678 [ 32.762618] krealloc_large_more_oob+0x20/0x38 [ 32.763355] kunit_try_run_case+0x170/0x3f0 [ 32.763478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.764782] kthread+0x328/0x630 [ 32.765801] ret_from_fork+0x10/0x20 [ 32.766412] [ 32.766468] The buggy address belongs to the physical page: [ 32.767145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107758 [ 32.768274] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.768954] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.769905] page_type: f8(unknown) [ 32.770324] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.770455] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.770571] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.770686] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.770799] head: 0bfffe0000000002 ffffc1ffc31dd601 00000000ffffffff 00000000ffffffff [ 32.773076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.773534] page dumped because: kasan: bad access detected [ 32.774294] [ 32.774441] Memory state around the buggy address: [ 32.774656] fff00000c7759f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.775770] fff00000c775a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.776464] >fff00000c775a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.776633] ^ [ 32.777216] fff00000c775a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.777421] fff00000c775a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.777521] ================================================================== [ 32.618081] ================================================================== [ 32.618211] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.618336] Write of size 1 at addr fff00000c46336eb by task kunit_try_catch/167 [ 32.618460] [ 32.618538] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.618726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618791] Hardware name: linux,dummy-virt (DT) [ 32.618861] Call trace: [ 32.618954] show_stack+0x20/0x38 (C) [ 32.619138] dump_stack_lvl+0x8c/0xd0 [ 32.619307] print_report+0x118/0x608 [ 32.622280] kasan_report+0xdc/0x128 [ 32.622441] __asan_report_store1_noabort+0x20/0x30 [ 32.622579] krealloc_more_oob_helper+0x60c/0x678 [ 32.622678] krealloc_more_oob+0x20/0x38 [ 32.622738] kunit_try_run_case+0x170/0x3f0 [ 32.622799] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.622863] kthread+0x328/0x630 [ 32.622980] ret_from_fork+0x10/0x20 [ 32.623187] [ 32.623496] Allocated by task 167: [ 32.623925] kasan_save_stack+0x3c/0x68 [ 32.624193] kasan_save_track+0x20/0x40 [ 32.624325] kasan_save_alloc_info+0x40/0x58 [ 32.624487] __kasan_krealloc+0x118/0x178 [ 32.624582] krealloc_noprof+0x128/0x360 [ 32.624685] krealloc_more_oob_helper+0x168/0x678 [ 32.624922] krealloc_more_oob+0x20/0x38 [ 32.625069] kunit_try_run_case+0x170/0x3f0 [ 32.625229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.625667] kthread+0x328/0x630 [ 32.625905] ret_from_fork+0x10/0x20 [ 32.626032] [ 32.626164] The buggy address belongs to the object at fff00000c4633600 [ 32.626164] which belongs to the cache kmalloc-256 of size 256 [ 32.626331] The buggy address is located 0 bytes to the right of [ 32.626331] allocated 235-byte region [fff00000c4633600, fff00000c46336eb) [ 32.626743] [ 32.626865] The buggy address belongs to the physical page: [ 32.626971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.627156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.627456] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.627719] page_type: f5(slab) [ 32.627820] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.628018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.628328] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.628515] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.629058] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.629180] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.629276] page dumped because: kasan: bad access detected [ 32.629347] [ 32.629389] Memory state around the buggy address: [ 32.629534] fff00000c4633580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.630490] fff00000c4633600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.630614] >fff00000c4633680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.630766] ^ [ 32.630871] fff00000c4633700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.631175] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.631275] ================================================================== [ 32.633111] ================================================================== [ 32.633242] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.633428] Write of size 1 at addr fff00000c46336f0 by task kunit_try_catch/167 [ 32.633716] [ 32.633960] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.634327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.634408] Hardware name: linux,dummy-virt (DT) [ 32.634564] Call trace: [ 32.634622] show_stack+0x20/0x38 (C) [ 32.634738] dump_stack_lvl+0x8c/0xd0 [ 32.634850] print_report+0x118/0x608 [ 32.634981] kasan_report+0xdc/0x128 [ 32.635163] __asan_report_store1_noabort+0x20/0x30 [ 32.635433] krealloc_more_oob_helper+0x5c0/0x678 [ 32.636183] krealloc_more_oob+0x20/0x38 [ 32.636524] kunit_try_run_case+0x170/0x3f0 [ 32.636680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.636939] kthread+0x328/0x630 [ 32.637069] ret_from_fork+0x10/0x20 [ 32.637691] [ 32.637988] Allocated by task 167: [ 32.638059] kasan_save_stack+0x3c/0x68 [ 32.638487] kasan_save_track+0x20/0x40 [ 32.638667] kasan_save_alloc_info+0x40/0x58 [ 32.638764] __kasan_krealloc+0x118/0x178 [ 32.638904] krealloc_noprof+0x128/0x360 [ 32.639004] krealloc_more_oob_helper+0x168/0x678 [ 32.639151] krealloc_more_oob+0x20/0x38 [ 32.639248] kunit_try_run_case+0x170/0x3f0 [ 32.639339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.639466] kthread+0x328/0x630 [ 32.639641] ret_from_fork+0x10/0x20 [ 32.639772] [ 32.639829] The buggy address belongs to the object at fff00000c4633600 [ 32.639829] which belongs to the cache kmalloc-256 of size 256 [ 32.640048] The buggy address is located 5 bytes to the right of [ 32.640048] allocated 235-byte region [fff00000c4633600, fff00000c46336eb) [ 32.640202] [ 32.640256] The buggy address belongs to the physical page: [ 32.640330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632 [ 32.640452] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.640558] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.640677] page_type: f5(slab) [ 32.640765] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.640990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.641503] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 32.641624] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.641740] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff [ 32.642146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.642396] page dumped because: kasan: bad access detected [ 32.642471] [ 32.642600] Memory state around the buggy address: [ 32.642697] fff00000c4633580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.642843] fff00000c4633600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.642961] >fff00000c4633680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.643057] ^ [ 32.643817] fff00000c4633700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.643943] fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.644046] ================================================================== [ 32.746255] ================================================================== [ 32.746484] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.746855] Write of size 1 at addr fff00000c775a0eb by task kunit_try_catch/171 [ 32.747296] [ 32.747450] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.747793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.747973] Hardware name: linux,dummy-virt (DT) [ 32.748187] Call trace: [ 32.748337] show_stack+0x20/0x38 (C) [ 32.748603] dump_stack_lvl+0x8c/0xd0 [ 32.749269] print_report+0x118/0x608 [ 32.749488] kasan_report+0xdc/0x128 [ 32.749720] __asan_report_store1_noabort+0x20/0x30 [ 32.749866] krealloc_more_oob_helper+0x60c/0x678 [ 32.750004] krealloc_large_more_oob+0x20/0x38 [ 32.750119] kunit_try_run_case+0x170/0x3f0 [ 32.751374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.751545] kthread+0x328/0x630 [ 32.751703] ret_from_fork+0x10/0x20 [ 32.751825] [ 32.751955] The buggy address belongs to the physical page: [ 32.752036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107758 [ 32.752171] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.752428] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.752552] page_type: f8(unknown) [ 32.752647] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.752854] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.753038] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.753238] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.753400] head: 0bfffe0000000002 ffffc1ffc31dd601 00000000ffffffff 00000000ffffffff [ 32.753532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.753638] page dumped because: kasan: bad access detected [ 32.753721] [ 32.753771] Memory state around the buggy address: [ 32.753854] fff00000c7759f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.753972] fff00000c775a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.754071] >fff00000c775a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.754159] ^ [ 32.754274] fff00000c775a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.754404] fff00000c775a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.754542] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 32.591395] ================================================================== [ 32.591516] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 32.591643] Read of size 1 at addr fff00000c7770000 by task kunit_try_catch/165 [ 32.591754] [ 32.591830] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.592041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.592107] Hardware name: linux,dummy-virt (DT) [ 32.592181] Call trace: [ 32.592233] show_stack+0x20/0x38 (C) [ 32.592351] dump_stack_lvl+0x8c/0xd0 [ 32.592468] print_report+0x118/0x608 [ 32.592579] kasan_report+0xdc/0x128 [ 32.594477] __asan_report_load1_noabort+0x20/0x30 [ 32.595453] page_alloc_uaf+0x328/0x350 [ 32.595583] kunit_try_run_case+0x170/0x3f0 [ 32.595717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.596308] kthread+0x328/0x630 [ 32.596525] ret_from_fork+0x10/0x20 [ 32.596661] [ 32.596718] The buggy address belongs to the physical page: [ 32.596797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107770 [ 32.598253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.599022] page_type: f0(buddy) [ 32.599229] raw: 0bfffe0000000000 fff00000ff6160a0 fff00000ff6160a0 0000000000000000 [ 32.599334] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 32.599389] page dumped because: kasan: bad access detected [ 32.599426] [ 32.599447] Memory state around the buggy address: [ 32.599519] fff00000c776ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.599586] fff00000c776ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.599637] >fff00000c7770000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.599680] ^ [ 32.599717] fff00000c7770080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.599767] fff00000c7770100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.599810] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 32.552677] ================================================================== [ 32.552807] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 32.552937] Free of addr fff00000c7758001 by task kunit_try_catch/161 [ 32.553049] [ 32.553132] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.553331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.553394] Hardware name: linux,dummy-virt (DT) [ 32.553466] Call trace: [ 32.553530] show_stack+0x20/0x38 (C) [ 32.553652] dump_stack_lvl+0x8c/0xd0 [ 32.553787] print_report+0x118/0x608 [ 32.553922] kasan_report_invalid_free+0xc0/0xe8 [ 32.554044] __kasan_kfree_large+0x5c/0xa8 [ 32.554160] free_large_kmalloc+0x68/0x150 [ 32.554272] kfree+0x270/0x3c8 [ 32.554386] kmalloc_large_invalid_free+0x108/0x270 [ 32.554513] kunit_try_run_case+0x170/0x3f0 [ 32.554630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.554755] kthread+0x328/0x630 [ 32.554864] ret_from_fork+0x10/0x20 [ 32.555017] [ 32.555075] The buggy address belongs to the physical page: [ 32.555208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107758 [ 32.555343] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.555465] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.555607] page_type: f8(unknown) [ 32.555751] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.555869] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.556023] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.556154] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.556282] head: 0bfffe0000000002 ffffc1ffc31dd601 00000000ffffffff 00000000ffffffff [ 32.556406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.556529] page dumped because: kasan: bad access detected [ 32.556683] [ 32.556798] Memory state around the buggy address: [ 32.556964] fff00000c7757f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.557071] fff00000c7757f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.557186] >fff00000c7758000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.557355] ^ [ 32.557435] fff00000c7758080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.557540] fff00000c7758100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.557698] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 32.485218] ================================================================== [ 32.485355] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 32.485483] Read of size 1 at addr fff00000c773c000 by task kunit_try_catch/159 [ 32.485593] [ 32.485671] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.485900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.485979] Hardware name: linux,dummy-virt (DT) [ 32.486065] Call trace: [ 32.486129] show_stack+0x20/0x38 (C) [ 32.486267] dump_stack_lvl+0x8c/0xd0 [ 32.486545] print_report+0x118/0x608 [ 32.487219] kasan_report+0xdc/0x128 [ 32.487532] __asan_report_load1_noabort+0x20/0x30 [ 32.487989] kmalloc_large_uaf+0x2cc/0x2f8 [ 32.488123] kunit_try_run_case+0x170/0x3f0 [ 32.488849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.489002] kthread+0x328/0x630 [ 32.489109] ret_from_fork+0x10/0x20 [ 32.489235] [ 32.489291] The buggy address belongs to the physical page: [ 32.489701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10773c [ 32.489829] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.490191] raw: 0bfffe0000000000 ffffc1ffc31dd608 fff00000da466c80 0000000000000000 [ 32.490313] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 32.490422] page dumped because: kasan: bad access detected [ 32.490496] [ 32.490559] Memory state around the buggy address: [ 32.490731] fff00000c773bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.490901] fff00000c773bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.491090] >fff00000c773c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.491192] ^ [ 32.491332] fff00000c773c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.491442] fff00000c773c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.491639] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 32.458698] ================================================================== [ 32.458974] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 32.459166] Write of size 1 at addr fff00000c773e00a by task kunit_try_catch/157 [ 32.459294] [ 32.459389] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.459707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.459851] Hardware name: linux,dummy-virt (DT) [ 32.459953] Call trace: [ 32.460012] show_stack+0x20/0x38 (C) [ 32.460151] dump_stack_lvl+0x8c/0xd0 [ 32.460368] print_report+0x118/0x608 [ 32.460544] kasan_report+0xdc/0x128 [ 32.460749] __asan_report_store1_noabort+0x20/0x30 [ 32.460930] kmalloc_large_oob_right+0x278/0x2b8 [ 32.461102] kunit_try_run_case+0x170/0x3f0 [ 32.461176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.461242] kthread+0x328/0x630 [ 32.461296] ret_from_fork+0x10/0x20 [ 32.461354] [ 32.461398] The buggy address belongs to the physical page: [ 32.461442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10773c [ 32.461504] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.461560] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.461632] page_type: f8(unknown) [ 32.461686] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.461744] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.461801] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.461856] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.461965] head: 0bfffe0000000002 ffffc1ffc31dcf01 00000000ffffffff 00000000ffffffff [ 32.462208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.462327] page dumped because: kasan: bad access detected [ 32.462528] [ 32.462608] Memory state around the buggy address: [ 32.462749] fff00000c773df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.462944] fff00000c773df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.463444] >fff00000c773e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.463562] ^ [ 32.463708] fff00000c773e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.463979] fff00000c773e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.464076] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 32.427136] ================================================================== [ 32.427421] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.427737] Write of size 1 at addr fff00000c640df00 by task kunit_try_catch/155 [ 32.427979] [ 32.428079] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.428538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.428620] Hardware name: linux,dummy-virt (DT) [ 32.428808] Call trace: [ 32.429072] show_stack+0x20/0x38 (C) [ 32.429354] dump_stack_lvl+0x8c/0xd0 [ 32.429616] print_report+0x118/0x608 [ 32.429751] kasan_report+0xdc/0x128 [ 32.430237] __asan_report_store1_noabort+0x20/0x30 [ 32.430387] kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.430983] kunit_try_run_case+0x170/0x3f0 [ 32.431354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.431549] kthread+0x328/0x630 [ 32.431772] ret_from_fork+0x10/0x20 [ 32.432132] [ 32.432321] Allocated by task 155: [ 32.432398] kasan_save_stack+0x3c/0x68 [ 32.432520] kasan_save_track+0x20/0x40 [ 32.432623] kasan_save_alloc_info+0x40/0x58 [ 32.433095] __kasan_kmalloc+0xd4/0xd8 [ 32.433472] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.433691] kmalloc_big_oob_right+0xb8/0x2f0 [ 32.433997] kunit_try_run_case+0x170/0x3f0 [ 32.434145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.434396] kthread+0x328/0x630 [ 32.434488] ret_from_fork+0x10/0x20 [ 32.434844] [ 32.435173] The buggy address belongs to the object at fff00000c640c000 [ 32.435173] which belongs to the cache kmalloc-8k of size 8192 [ 32.435326] The buggy address is located 0 bytes to the right of [ 32.435326] allocated 7936-byte region [fff00000c640c000, fff00000c640df00) [ 32.435586] [ 32.435687] The buggy address belongs to the physical page: [ 32.436033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408 [ 32.436173] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.436760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.437131] page_type: f5(slab) [ 32.437302] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 32.437582] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.437721] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 32.437840] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.437970] head: 0bfffe0000000003 ffffc1ffc3190201 00000000ffffffff 00000000ffffffff [ 32.438189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 32.438294] page dumped because: kasan: bad access detected [ 32.438397] [ 32.438469] Memory state around the buggy address: [ 32.438545] fff00000c640de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.438650] fff00000c640de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.438750] >fff00000c640df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.438837] ^ [ 32.439123] fff00000c640df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.439601] fff00000c640e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.439959] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 32.387008] ================================================================== [ 32.387254] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.387400] Write of size 1 at addr fff00000c56d3f78 by task kunit_try_catch/153 [ 32.388241] [ 32.388336] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.388484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.388518] Hardware name: linux,dummy-virt (DT) [ 32.388554] Call trace: [ 32.388579] show_stack+0x20/0x38 (C) [ 32.388644] dump_stack_lvl+0x8c/0xd0 [ 32.388703] print_report+0x118/0x608 [ 32.388758] kasan_report+0xdc/0x128 [ 32.388811] __asan_report_store1_noabort+0x20/0x30 [ 32.388867] kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.389000] kunit_try_run_case+0x170/0x3f0 [ 32.389234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.389376] kthread+0x328/0x630 [ 32.389497] ret_from_fork+0x10/0x20 [ 32.389801] [ 32.389925] Allocated by task 153: [ 32.390004] kasan_save_stack+0x3c/0x68 [ 32.390256] kasan_save_track+0x20/0x40 [ 32.390384] kasan_save_alloc_info+0x40/0x58 [ 32.390473] __kasan_kmalloc+0xd4/0xd8 [ 32.390560] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.390661] kmalloc_track_caller_oob_right+0xa8/0x488 [ 32.390759] kunit_try_run_case+0x170/0x3f0 [ 32.390855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.390985] kthread+0x328/0x630 [ 32.391068] ret_from_fork+0x10/0x20 [ 32.391221] [ 32.391276] The buggy address belongs to the object at fff00000c56d3f00 [ 32.391276] which belongs to the cache kmalloc-128 of size 128 [ 32.391787] The buggy address is located 0 bytes to the right of [ 32.391787] allocated 120-byte region [fff00000c56d3f00, fff00000c56d3f78) [ 32.391963] [ 32.392021] The buggy address belongs to the physical page: [ 32.392103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.392243] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.393916] page_type: f5(slab) [ 32.394023] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.394138] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.394263] page dumped because: kasan: bad access detected [ 32.394406] [ 32.394452] Memory state around the buggy address: [ 32.394639] fff00000c56d3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.394910] fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395026] >fff00000c56d3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.395170] ^ [ 32.395329] fff00000c56d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395478] fff00000c56d4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.395577] ================================================================== [ 32.398833] ================================================================== [ 32.398952] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 32.399060] Write of size 1 at addr fff00000c56d3878 by task kunit_try_catch/153 [ 32.399361] [ 32.399453] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.399839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.399922] Hardware name: linux,dummy-virt (DT) [ 32.399997] Call trace: [ 32.400075] show_stack+0x20/0x38 (C) [ 32.400191] dump_stack_lvl+0x8c/0xd0 [ 32.400313] print_report+0x118/0x608 [ 32.400434] kasan_report+0xdc/0x128 [ 32.400548] __asan_report_store1_noabort+0x20/0x30 [ 32.400665] kmalloc_track_caller_oob_right+0x418/0x488 [ 32.400815] kunit_try_run_case+0x170/0x3f0 [ 32.400982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.401113] kthread+0x328/0x630 [ 32.401217] ret_from_fork+0x10/0x20 [ 32.401331] [ 32.401375] Allocated by task 153: [ 32.401438] kasan_save_stack+0x3c/0x68 [ 32.401564] kasan_save_track+0x20/0x40 [ 32.401661] kasan_save_alloc_info+0x40/0x58 [ 32.401751] __kasan_kmalloc+0xd4/0xd8 [ 32.401848] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.401978] kmalloc_track_caller_oob_right+0x184/0x488 [ 32.402096] kunit_try_run_case+0x170/0x3f0 [ 32.402206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.402449] kthread+0x328/0x630 [ 32.402937] ret_from_fork+0x10/0x20 [ 32.403057] [ 32.403201] The buggy address belongs to the object at fff00000c56d3800 [ 32.403201] which belongs to the cache kmalloc-128 of size 128 [ 32.403418] The buggy address is located 0 bytes to the right of [ 32.403418] allocated 120-byte region [fff00000c56d3800, fff00000c56d3878) [ 32.403651] [ 32.403706] The buggy address belongs to the physical page: [ 32.403780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056d3 [ 32.403930] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.404128] page_type: f5(slab) [ 32.404225] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.404345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.404436] page dumped because: kasan: bad access detected [ 32.404506] [ 32.404547] Memory state around the buggy address: [ 32.404615] fff00000c56d3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.404714] fff00000c56d3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.404813] >fff00000c56d3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.405356] ^ [ 32.405491] fff00000c56d3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.405656] fff00000c56d3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.405792] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 32.355069] ================================================================== [ 32.355215] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 32.355358] Read of size 1 at addr fff00000c751d000 by task kunit_try_catch/151 [ 32.355570] [ 32.355694] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.356024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.356154] Hardware name: linux,dummy-virt (DT) [ 32.356373] Call trace: [ 32.356435] show_stack+0x20/0x38 (C) [ 32.356580] dump_stack_lvl+0x8c/0xd0 [ 32.356832] print_report+0x118/0x608 [ 32.356985] kasan_report+0xdc/0x128 [ 32.357152] __asan_report_load1_noabort+0x20/0x30 [ 32.357279] kmalloc_node_oob_right+0x2f4/0x330 [ 32.357407] kunit_try_run_case+0x170/0x3f0 [ 32.357529] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.357955] kthread+0x328/0x630 [ 32.358184] ret_from_fork+0x10/0x20 [ 32.358457] [ 32.358577] Allocated by task 151: [ 32.358788] kasan_save_stack+0x3c/0x68 [ 32.359005] kasan_save_track+0x20/0x40 [ 32.359107] kasan_save_alloc_info+0x40/0x58 [ 32.359260] __kasan_kmalloc+0xd4/0xd8 [ 32.359370] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 32.359711] kmalloc_node_oob_right+0xbc/0x330 [ 32.359937] kunit_try_run_case+0x170/0x3f0 [ 32.360157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.360374] kthread+0x328/0x630 [ 32.360518] ret_from_fork+0x10/0x20 [ 32.360721] [ 32.360850] The buggy address belongs to the object at fff00000c751c000 [ 32.360850] which belongs to the cache kmalloc-4k of size 4096 [ 32.361011] The buggy address is located 0 bytes to the right of [ 32.361011] allocated 4096-byte region [fff00000c751c000, fff00000c751d000) [ 32.361312] [ 32.361699] The buggy address belongs to the physical page: [ 32.361855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107518 [ 32.363193] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.363835] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.364023] page_type: f5(slab) [ 32.364113] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 32.364176] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 32.364298] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 32.364364] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 32.364422] head: 0bfffe0000000003 ffffc1ffc31d4601 00000000ffffffff 00000000ffffffff [ 32.364479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 32.364534] page dumped because: kasan: bad access detected [ 32.364571] [ 32.364592] Memory state around the buggy address: [ 32.364631] fff00000c751cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.364681] fff00000c751cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.364731] >fff00000c751d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.364774] ^ [ 32.364810] fff00000c751d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.364859] fff00000c751d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.364943] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 32.332985] ================================================================== [ 32.333106] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 32.333220] Read of size 1 at addr fff00000c575725f by task kunit_try_catch/149 [ 32.333331] [ 32.333405] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.333595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.333659] Hardware name: linux,dummy-virt (DT) [ 32.333729] Call trace: [ 32.333777] show_stack+0x20/0x38 (C) [ 32.334179] dump_stack_lvl+0x8c/0xd0 [ 32.334372] print_report+0x118/0x608 [ 32.334942] kasan_report+0xdc/0x128 [ 32.335080] __asan_report_load1_noabort+0x20/0x30 [ 32.335263] kmalloc_oob_left+0x2ec/0x320 [ 32.335394] kunit_try_run_case+0x170/0x3f0 [ 32.335590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.336513] kthread+0x328/0x630 [ 32.336651] ret_from_fork+0x10/0x20 [ 32.336925] [ 32.336980] Allocated by task 11: [ 32.337056] kasan_save_stack+0x3c/0x68 [ 32.337295] kasan_save_track+0x20/0x40 [ 32.337389] kasan_save_alloc_info+0x40/0x58 [ 32.337478] __kasan_kmalloc+0xd4/0xd8 [ 32.337603] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.337908] kvasprintf+0xe0/0x180 [ 32.338297] __kthread_create_on_node+0x16c/0x350 [ 32.338456] kthread_create_on_node+0xe4/0x130 [ 32.338570] create_worker+0x380/0x6b8 [ 32.338674] worker_thread+0x808/0xf38 [ 32.338774] kthread+0x328/0x630 [ 32.338864] ret_from_fork+0x10/0x20 [ 32.338995] [ 32.339096] The buggy address belongs to the object at fff00000c5757240 [ 32.339096] which belongs to the cache kmalloc-16 of size 16 [ 32.339272] The buggy address is located 19 bytes to the right of [ 32.339272] allocated 12-byte region [fff00000c5757240, fff00000c575724c) [ 32.339497] [ 32.339550] The buggy address belongs to the physical page: [ 32.339686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 32.339812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.339954] page_type: f5(slab) [ 32.340050] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 32.340261] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.340514] page dumped because: kasan: bad access detected [ 32.340694] [ 32.340767] Memory state around the buggy address: [ 32.340843] fff00000c5757100: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 32.340983] fff00000c5757180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.341135] >fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc [ 32.341263] ^ [ 32.341368] fff00000c5757280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.341483] fff00000c5757300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.341582] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 32.307070] ================================================================== [ 32.307188] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 32.307308] Write of size 1 at addr fff00000c56d3e78 by task kunit_try_catch/147 [ 32.307428] [ 32.307536] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.307725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.307789] Hardware name: linux,dummy-virt (DT) [ 32.307861] Call trace: [ 32.307933] show_stack+0x20/0x38 (C) [ 32.308048] dump_stack_lvl+0x8c/0xd0 [ 32.308164] print_report+0x118/0x608 [ 32.308471] kasan_report+0xdc/0x128 [ 32.308767] __asan_report_store1_noabort+0x20/0x30 [ 32.308962] kmalloc_oob_right+0x538/0x660 [ 32.309172] kunit_try_run_case+0x170/0x3f0 [ 32.309321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.309453] kthread+0x328/0x630 [ 32.309562] ret_from_fork+0x10/0x20 [ 32.309675] [ 32.309718] Allocated by task 147: [ 32.309782] kasan_save_stack+0x3c/0x68 [ 32.309874] kasan_save_track+0x20/0x40 [ 32.310001] kasan_save_alloc_info+0x40/0x58 [ 32.310109] __kasan_kmalloc+0xd4/0xd8 [ 32.310215] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.310328] kmalloc_oob_right+0xb0/0x660 [ 32.310447] kunit_try_run_case+0x170/0x3f0 [ 32.310552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.310757] kthread+0x328/0x630 [ 32.310882] ret_from_fork+0x10/0x20 [ 32.310992] [ 32.311037] The buggy address belongs to the object at fff00000c56d3e00 [ 32.311037] which belongs to the cache kmalloc-128 of size 128 [ 32.311162] The buggy address is located 5 bytes to the right of [ 32.311162] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.311309] [ 32.311357] The buggy address belongs to the physical page: [ 32.311447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.311710] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.311954] page_type: f5(slab) [ 32.312191] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.312465] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.312567] page dumped because: kasan: bad access detected [ 32.312648] [ 32.312735] Memory state around the buggy address: [ 32.312823] fff00000c56d3d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.312955] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313065] >fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.313166] ^ [ 32.313273] fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313368] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313453] ================================================================== [ 32.314407] ================================================================== [ 32.314512] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 32.314627] Read of size 1 at addr fff00000c56d3e80 by task kunit_try_catch/147 [ 32.314853] [ 32.314945] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.315175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.315376] Hardware name: linux,dummy-virt (DT) [ 32.315514] Call trace: [ 32.315629] show_stack+0x20/0x38 (C) [ 32.315758] dump_stack_lvl+0x8c/0xd0 [ 32.315903] print_report+0x118/0x608 [ 32.316025] kasan_report+0xdc/0x128 [ 32.316143] __asan_report_load1_noabort+0x20/0x30 [ 32.316284] kmalloc_oob_right+0x5d0/0x660 [ 32.316423] kunit_try_run_case+0x170/0x3f0 [ 32.316558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316705] kthread+0x328/0x630 [ 32.317007] ret_from_fork+0x10/0x20 [ 32.317213] [ 32.317260] Allocated by task 147: [ 32.317332] kasan_save_stack+0x3c/0x68 [ 32.317433] kasan_save_track+0x20/0x40 [ 32.317522] kasan_save_alloc_info+0x40/0x58 [ 32.317607] __kasan_kmalloc+0xd4/0xd8 [ 32.317710] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.317826] kmalloc_oob_right+0xb0/0x660 [ 32.317951] kunit_try_run_case+0x170/0x3f0 [ 32.318062] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.318256] kthread+0x328/0x630 [ 32.318347] ret_from_fork+0x10/0x20 [ 32.318510] [ 32.318563] The buggy address belongs to the object at fff00000c56d3e00 [ 32.318563] which belongs to the cache kmalloc-128 of size 128 [ 32.318690] The buggy address is located 13 bytes to the right of [ 32.318690] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.319012] [ 32.319061] The buggy address belongs to the physical page: [ 32.319744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.319819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.319881] page_type: f5(slab) [ 32.319977] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.320038] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.320086] page dumped because: kasan: bad access detected [ 32.320161] [ 32.320187] Memory state around the buggy address: [ 32.320224] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320277] fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.320327] >fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320372] ^ [ 32.320407] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320457] fff00000c56d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320500] ================================================================== [ 32.293703] ================================================================== [ 32.295751] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 32.297666] Write of size 1 at addr fff00000c56d3e73 by task kunit_try_catch/147 [ 32.297840] [ 32.298843] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.299064] Tainted: [N]=TEST [ 32.299167] Hardware name: linux,dummy-virt (DT) [ 32.299599] Call trace: [ 32.299815] show_stack+0x20/0x38 (C) [ 32.300023] dump_stack_lvl+0x8c/0xd0 [ 32.300098] print_report+0x118/0x608 [ 32.300159] kasan_report+0xdc/0x128 [ 32.300214] __asan_report_store1_noabort+0x20/0x30 [ 32.300270] kmalloc_oob_right+0x5a4/0x660 [ 32.300325] kunit_try_run_case+0x170/0x3f0 [ 32.300385] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.300447] kthread+0x328/0x630 [ 32.300500] ret_from_fork+0x10/0x20 [ 32.300688] [ 32.300736] Allocated by task 147: [ 32.300876] kasan_save_stack+0x3c/0x68 [ 32.300975] kasan_save_track+0x20/0x40 [ 32.301028] kasan_save_alloc_info+0x40/0x58 [ 32.301073] __kasan_kmalloc+0xd4/0xd8 [ 32.301117] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.301166] kmalloc_oob_right+0xb0/0x660 [ 32.301208] kunit_try_run_case+0x170/0x3f0 [ 32.301252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.301303] kthread+0x328/0x630 [ 32.301340] ret_from_fork+0x10/0x20 [ 32.301408] [ 32.301481] The buggy address belongs to the object at fff00000c56d3e00 [ 32.301481] which belongs to the cache kmalloc-128 of size 128 [ 32.301596] The buggy address is located 0 bytes to the right of [ 32.301596] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.301679] [ 32.301778] The buggy address belongs to the physical page: [ 32.302012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.302336] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.302691] page_type: f5(slab) [ 32.303075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.303221] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.303426] page dumped because: kasan: bad access detected [ 32.303486] [ 32.303520] Memory state around the buggy address: [ 32.303781] fff00000c56d3d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.303869] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.303965] >fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.304037] ^ [ 32.304149] fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.304202] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.304279] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 123.337191] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#0: kunit_try_catch/669 [ 123.339525] Modules linked in: [ 123.340146] CPU: 0 UID: 0 PID: 669 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 123.341874] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 123.342485] Hardware name: linux,dummy-virt (DT) [ 123.342994] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 123.344316] pc : intlog10+0x38/0x48 [ 123.344857] lr : intlog10_test+0xe4/0x200 [ 123.345408] sp : ffff8000822a7c10 [ 123.345875] x29: ffff8000822a7c90 x28: 0000000000000000 x27: 0000000000000000 [ 123.346706] x26: 1ffe00001966ab61 x25: 0000000000000000 x24: ffff8000822a7ce0 [ 123.347921] x23: ffff8000822a7d00 x22: 0000000000000000 x21: 1ffff00010454f82 [ 123.348842] x20: ffffac8ac45fcae0 x19: ffff800080087990 x18: 000000002d4f2c36 [ 123.349869] x17: 00000000d3efffd8 x16: 0000000000980060 x15: 0000000065b64cb1 [ 123.350665] x14: 0000000060fb05f8 x13: 1ffe00001b48c589 x12: ffff759159092189 [ 123.351830] x11: 1ffff59159092188 x10: ffff759159092188 x9 : ffffac8ac1c3dbe4 [ 123.352821] x8 : ffffac8ac8490c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 123.353686] x5 : ffff700010454f82 x4 : 1ffff00010010f3a x3 : 1ffff591588bf95c [ 123.354634] x2 : 1ffff591588bf95c x1 : 0000000000000003 x0 : 0000000000000000 [ 123.355420] Call trace: [ 123.355594] intlog10+0x38/0x48 (P) [ 123.355817] kunit_try_run_case+0x170/0x3f0 [ 123.356222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 123.357229] kthread+0x328/0x630 [ 123.357827] ret_from_fork+0x10/0x20 [ 123.358361] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 123.247931] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#1: kunit_try_catch/651 [ 123.249962] Modules linked in: [ 123.250692] CPU: 1 UID: 0 PID: 651 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 123.252299] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 123.253015] Hardware name: linux,dummy-virt (DT) [ 123.253690] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 123.254536] pc : intlog2+0xd8/0xf8 [ 123.254964] lr : intlog2_test+0xe4/0x200 [ 123.255701] sp : ffff8000821e7c10 [ 123.256157] x29: ffff8000821e7c90 x28: 0000000000000000 x27: 0000000000000000 [ 123.257192] x26: 1ffe0000195882a1 x25: 0000000000000000 x24: ffff8000821e7ce0 [ 123.258158] x23: ffff8000821e7d00 x22: 0000000000000000 x21: 1ffff0001043cf82 [ 123.259330] x20: ffffac8ac45fc9e0 x19: ffff800080087990 x18: 0000000080bee9ad [ 123.260167] x17: 000000006fdb9f62 x16: 00000000f8782392 x15: 00000000c0efe36f [ 123.261118] x14: 00000000d5de3208 x13: 1ffe00001b490989 x12: ffff759159092189 [ 123.262074] x11: 1ffff59159092188 x10: ffff759159092188 x9 : ffffac8ac1c3dde4 [ 123.263037] x8 : ffffac8ac8490c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 123.264116] x5 : ffff70001043cf82 x4 : 1ffff00010010f3a x3 : 1ffff591588bf93c [ 123.265067] x2 : 1ffff591588bf93c x1 : 0000000000000003 x0 : 0000000000000000 [ 123.266012] Call trace: [ 123.266388] intlog2+0xd8/0xf8 (P) [ 123.266878] kunit_try_run_case+0x170/0x3f0 [ 123.268633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 123.269330] kthread+0x328/0x630 [ 123.269808] ret_from_fork+0x10/0x20 [ 123.270429] ---[ end trace 0000000000000000 ]---