Date
July 2, 2025, 11:10 a.m.
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 35.071332] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 35.122898] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2b0/0x4858 [ 35.110846] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f7c/0x4858
Failure - log-parser-boot - internal-error-oops-oops-smp
[ 111.346058] Internal error: Oops: 0000000096000005 [#1] SMP [ 111.352023] Modules linked in: [ 111.353276] CPU: 0 UID: 0 PID: 563 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 111.353851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 111.354111] Hardware name: linux,dummy-virt (DT) [ 111.354851] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 111.355623] pc : kunit_test_null_dereference+0x70/0x170 [ 111.356347] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 111.357046] sp : ffff800080f57d30 [ 111.357559] x29: ffff800080f57d90 x28: 0000000000000000 x27: 0000000000000000 [ 111.358188] x26: 1ffe0000187c7a61 x25: 0000000000000000 x24: 0000000000000004 [ 111.358563] x23: fff00000c3e3d30c x22: ffff97b31582ecc0 x21: fff00000c3e5c188 [ 111.358916] x20: 1ffff000101eafa6 x19: ffff800080087990 x18: 00000000359484b6 [ 111.359280] x17: 0000000006254b9d x16: fff00000c5d8083c x15: 00000000392b77ff [ 111.359742] x14: 0000000042842ead x13: 1ffe00001b4901cd x12: fffd8000197c462c [ 111.360420] x11: 1ffe0000197c462b x10: fffd8000197c462b x9 : ffff97b315826450 [ 111.361141] x8 : ffff800080f57c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 111.361737] x5 : ffff7000101eafa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 111.362286] x2 : dfff800000000000 x1 : fff00000cbe22880 x0 : ffff800080087990 [ 111.362869] Call trace: [ 111.363205] kunit_test_null_dereference+0x70/0x170 (P) [ 111.363733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 111.364221] kthread+0x328/0x630 [ 111.364427] ret_from_fork+0x10/0x20 [ 111.365181] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 111.365740] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 67.252438] ================================================================== [ 67.252514] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 67.252514] [ 67.252609] Use-after-free read at 0x00000000ad92fda5 (in kfence-#201): [ 67.252667] test_krealloc+0x51c/0x830 [ 67.252715] kunit_try_run_case+0x170/0x3f0 [ 67.252763] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.252810] kthread+0x328/0x630 [ 67.252851] ret_from_fork+0x10/0x20 [ 67.252894] [ 67.252918] kfence-#201: 0x00000000ad92fda5-0x00000000789add65, size=32, cache=kmalloc-32 [ 67.252918] [ 67.252976] allocated by task 368 on cpu 0 at 67.251807s (0.001166s ago): [ 67.253046] test_alloc+0x29c/0x628 [ 67.253088] test_krealloc+0xc0/0x830 [ 67.253130] kunit_try_run_case+0x170/0x3f0 [ 67.253185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.253230] kthread+0x328/0x630 [ 67.253267] ret_from_fork+0x10/0x20 [ 67.253305] [ 67.253331] freed by task 368 on cpu 0 at 67.252032s (0.001295s ago): [ 67.253394] krealloc_noprof+0x148/0x360 [ 67.253435] test_krealloc+0x1dc/0x830 [ 67.253474] kunit_try_run_case+0x170/0x3f0 [ 67.253521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.253565] kthread+0x328/0x630 [ 67.253600] ret_from_fork+0x10/0x20 [ 67.253638] [ 67.253688] CPU: 0 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 67.253770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 67.253801] Hardware name: linux,dummy-virt (DT) [ 67.253836] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 67.163971] ================================================================== [ 67.164063] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 67.164063] [ 67.164181] Use-after-free read at 0x00000000be8f486a (in kfence-#200): [ 67.164239] test_memcache_typesafe_by_rcu+0x280/0x560 [ 67.164289] kunit_try_run_case+0x170/0x3f0 [ 67.164337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.164382] kthread+0x328/0x630 [ 67.164422] ret_from_fork+0x10/0x20 [ 67.164463] [ 67.164488] kfence-#200: 0x00000000be8f486a-0x000000000be2300d, size=32, cache=test [ 67.164488] [ 67.164544] allocated by task 366 on cpu 1 at 67.151842s (0.012698s ago): [ 67.164616] test_alloc+0x230/0x628 [ 67.164658] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 67.164703] kunit_try_run_case+0x170/0x3f0 [ 67.164742] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.164787] kthread+0x328/0x630 [ 67.164823] ret_from_fork+0x10/0x20 [ 67.164864] [ 67.164888] freed by task 366 on cpu 1 at 67.151954s (0.012929s ago): [ 67.164945] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 67.164990] kunit_try_run_case+0x170/0x3f0 [ 67.165031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.165074] kthread+0x328/0x630 [ 67.165111] ret_from_fork+0x10/0x20 [ 67.165150] [ 67.165209] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 67.165291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 67.165322] Hardware name: linux,dummy-virt (DT) [ 67.165358] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 44.396407] ================================================================== [ 44.396564] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 44.396564] [ 44.396669] Invalid read at 0x000000002da5b051: [ 44.396831] test_invalid_access+0xdc/0x1f0 [ 44.397600] kunit_try_run_case+0x170/0x3f0 [ 44.397670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.397723] kthread+0x328/0x630 [ 44.397768] ret_from_fork+0x10/0x20 [ 44.397830] [ 44.397885] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 44.397979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.398013] Hardware name: linux,dummy-virt (DT) [ 44.398056] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 37.096667] ================================================================== [ 37.096838] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 37.096838] [ 37.096964] Out-of-bounds write at 0x00000000bf103a0e (1B left of kfence-#128): [ 37.097082] test_out_of_bounds_write+0x100/0x240 [ 37.097151] kunit_try_run_case+0x170/0x3f0 [ 37.097330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.097378] kthread+0x328/0x630 [ 37.097438] ret_from_fork+0x10/0x20 [ 37.097652] [ 37.097693] kfence-#128: 0x0000000064e214ed-0x00000000e853c049, size=32, cache=kmalloc-32 [ 37.097693] [ 37.097837] allocated by task 322 on cpu 1 at 37.096498s (0.001328s ago): [ 37.097922] test_alloc+0x29c/0x628 [ 37.097982] test_out_of_bounds_write+0xc8/0x240 [ 37.098027] kunit_try_run_case+0x170/0x3f0 [ 37.098114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.098173] kthread+0x328/0x630 [ 37.098208] ret_from_fork+0x10/0x20 [ 37.098250] [ 37.098482] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.098601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.098642] Hardware name: linux,dummy-virt (DT) [ 37.098680] ================================================================== [ 37.200226] ================================================================== [ 37.200304] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 37.200304] [ 37.200391] Out-of-bounds write at 0x000000007da92333 (1B left of kfence-#129): [ 37.200799] test_out_of_bounds_write+0x100/0x240 [ 37.200879] kunit_try_run_case+0x170/0x3f0 [ 37.200977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.201055] kthread+0x328/0x630 [ 37.201124] ret_from_fork+0x10/0x20 [ 37.201246] [ 37.201305] kfence-#129: 0x00000000dfae34fe-0x00000000202815a6, size=32, cache=test [ 37.201305] [ 37.201430] allocated by task 324 on cpu 1 at 37.200134s (0.001276s ago): [ 37.201543] test_alloc+0x230/0x628 [ 37.201635] test_out_of_bounds_write+0xc8/0x240 [ 37.201687] kunit_try_run_case+0x170/0x3f0 [ 37.201726] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.201947] kthread+0x328/0x630 [ 37.202130] ret_from_fork+0x10/0x20 [ 37.202227] [ 37.202295] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.202404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.202457] Hardware name: linux,dummy-virt (DT) [ 37.202529] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 44.164545] ================================================================== [ 44.164642] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 44.164642] [ 44.164708] Corrupted memory at 0x00000000f1fd5dd6 [ ! . . . . . . . . . . . . . . . ] (in kfence-#196): [ 44.165029] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 44.165080] kunit_try_run_case+0x170/0x3f0 [ 44.165126] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.165188] kthread+0x328/0x630 [ 44.165227] ret_from_fork+0x10/0x20 [ 44.165269] [ 44.165296] kfence-#196: 0x0000000055defe1e-0x000000006634942d, size=73, cache=kmalloc-96 [ 44.165296] [ 44.165351] allocated by task 356 on cpu 0 at 44.164307s (0.001040s ago): [ 44.165416] test_alloc+0x29c/0x628 [ 44.165458] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 44.165510] kunit_try_run_case+0x170/0x3f0 [ 44.165551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.165596] kthread+0x328/0x630 [ 44.165634] ret_from_fork+0x10/0x20 [ 44.165674] [ 44.165699] freed by task 356 on cpu 0 at 44.164448s (0.001246s ago): [ 44.165763] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 44.165808] kunit_try_run_case+0x170/0x3f0 [ 44.165849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.165894] kthread+0x328/0x630 [ 44.165931] ret_from_fork+0x10/0x20 [ 44.165972] [ 44.166017] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 44.166100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.166131] Hardware name: linux,dummy-virt (DT) [ 44.166176] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 43.748171] ================================================================== [ 43.748270] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 43.748270] [ 43.748374] Out-of-bounds read at 0x00000000225c800d (105B right of kfence-#192): [ 43.748440] test_kmalloc_aligned_oob_read+0x238/0x468 [ 43.748492] kunit_try_run_case+0x170/0x3f0 [ 43.748538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.748582] kthread+0x328/0x630 [ 43.748623] ret_from_fork+0x10/0x20 [ 43.748662] [ 43.748688] kfence-#192: 0x00000000af663daf-0x000000003ba38dff, size=73, cache=kmalloc-96 [ 43.748688] [ 43.748743] allocated by task 354 on cpu 0 at 43.747911s (0.000829s ago): [ 43.748818] test_alloc+0x29c/0x628 [ 43.748859] test_kmalloc_aligned_oob_read+0x100/0x468 [ 43.748903] kunit_try_run_case+0x170/0x3f0 [ 43.748945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.748990] kthread+0x328/0x630 [ 43.749025] ret_from_fork+0x10/0x20 [ 43.749066] [ 43.749115] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 43.749210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.749240] Hardware name: linux,dummy-virt (DT) [ 43.749277] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 38.444173] ================================================================== [ 38.444269] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 38.444269] [ 38.444334] Corrupted memory at 0x000000000409569a [ ! ] (in kfence-#141): [ 38.444468] test_corruption+0x284/0x378 [ 38.444517] kunit_try_run_case+0x170/0x3f0 [ 38.444561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.444608] kthread+0x328/0x630 [ 38.444648] ret_from_fork+0x10/0x20 [ 38.444688] [ 38.444713] kfence-#141: 0x000000008bc35001-0x000000008b66fd9e, size=32, cache=kmalloc-32 [ 38.444713] [ 38.444771] allocated by task 342 on cpu 0 at 38.443885s (0.000882s ago): [ 38.444834] test_alloc+0x29c/0x628 [ 38.444876] test_corruption+0x198/0x378 [ 38.444916] kunit_try_run_case+0x170/0x3f0 [ 38.444958] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.445002] kthread+0x328/0x630 [ 38.445040] ret_from_fork+0x10/0x20 [ 38.445078] [ 38.445101] freed by task 342 on cpu 0 at 38.443989s (0.001109s ago): [ 38.445174] test_corruption+0x284/0x378 [ 38.445217] kunit_try_run_case+0x170/0x3f0 [ 38.445258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.445304] kthread+0x328/0x630 [ 38.445340] ret_from_fork+0x10/0x20 [ 38.445380] [ 38.445424] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 38.445511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.445542] Hardware name: linux,dummy-virt (DT) [ 38.445578] ================================================================== [ 38.132171] ================================================================== [ 38.132275] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 38.132275] [ 38.132347] Corrupted memory at 0x00000000b416572c [ ! . . . . . . . . . . . . . . . ] (in kfence-#138): [ 38.133470] test_corruption+0x278/0x378 [ 38.133536] kunit_try_run_case+0x170/0x3f0 [ 38.133584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.133631] kthread+0x328/0x630 [ 38.133673] ret_from_fork+0x10/0x20 [ 38.133715] [ 38.133740] kfence-#138: 0x00000000121f5770-0x000000005dbc27d3, size=32, cache=kmalloc-32 [ 38.133740] [ 38.133801] allocated by task 342 on cpu 0 at 38.131842s (0.001955s ago): [ 38.133865] test_alloc+0x29c/0x628 [ 38.133907] test_corruption+0xdc/0x378 [ 38.133948] kunit_try_run_case+0x170/0x3f0 [ 38.133989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.134036] kthread+0x328/0x630 [ 38.134071] ret_from_fork+0x10/0x20 [ 38.134109] [ 38.134133] freed by task 342 on cpu 0 at 38.131976s (0.002153s ago): [ 38.134206] test_corruption+0x278/0x378 [ 38.134246] kunit_try_run_case+0x170/0x3f0 [ 38.134288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.134333] kthread+0x328/0x630 [ 38.134369] ret_from_fork+0x10/0x20 [ 38.134407] [ 38.134454] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 38.134536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.134566] Hardware name: linux,dummy-virt (DT) [ 38.134601] ================================================================== [ 38.860169] ================================================================== [ 38.860269] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 38.860269] [ 38.860334] Corrupted memory at 0x000000008714972c [ ! ] (in kfence-#145): [ 38.860454] test_corruption+0x1d8/0x378 [ 38.860502] kunit_try_run_case+0x170/0x3f0 [ 38.860551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.860601] kthread+0x328/0x630 [ 38.860639] ret_from_fork+0x10/0x20 [ 38.860679] [ 38.860704] kfence-#145: 0x000000006544ebf6-0x000000001e0b22d5, size=32, cache=test [ 38.860704] [ 38.860763] allocated by task 344 on cpu 0 at 38.859983s (0.000776s ago): [ 38.860827] test_alloc+0x230/0x628 [ 38.860869] test_corruption+0x198/0x378 [ 38.860912] kunit_try_run_case+0x170/0x3f0 [ 38.860953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.860998] kthread+0x328/0x630 [ 38.861034] ret_from_fork+0x10/0x20 [ 38.861075] [ 38.861099] freed by task 344 on cpu 0 at 38.860057s (0.001038s ago): [ 38.861173] test_corruption+0x1d8/0x378 [ 38.861213] kunit_try_run_case+0x170/0x3f0 [ 38.861254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.861300] kthread+0x328/0x630 [ 38.861335] ret_from_fork+0x10/0x20 [ 38.861376] [ 38.861417] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 38.861506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.861538] Hardware name: linux,dummy-virt (DT) [ 38.861572] ================================================================== [ 38.755981] ================================================================== [ 38.756079] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 38.756079] [ 38.756146] Corrupted memory at 0x00000000f52604ad [ ! . . . . . . . . . . . . . . . ] (in kfence-#144): [ 38.756482] test_corruption+0x120/0x378 [ 38.756533] kunit_try_run_case+0x170/0x3f0 [ 38.756579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.756626] kthread+0x328/0x630 [ 38.756665] ret_from_fork+0x10/0x20 [ 38.756704] [ 38.756729] kfence-#144: 0x00000000bfdc6b49-0x00000000a3fdb917, size=32, cache=test [ 38.756729] [ 38.756787] allocated by task 344 on cpu 0 at 38.755832s (0.000952s ago): [ 38.756850] test_alloc+0x230/0x628 [ 38.756891] test_corruption+0xdc/0x378 [ 38.756932] kunit_try_run_case+0x170/0x3f0 [ 38.756972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.757016] kthread+0x328/0x630 [ 38.757052] ret_from_fork+0x10/0x20 [ 38.757093] [ 38.757116] freed by task 344 on cpu 0 at 38.755888s (0.001224s ago): [ 38.757190] test_corruption+0x120/0x378 [ 38.757230] kunit_try_run_case+0x170/0x3f0 [ 38.757271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.757314] kthread+0x328/0x630 [ 38.757352] ret_from_fork+0x10/0x20 [ 38.757390] [ 38.757436] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 38.757523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.757554] Hardware name: linux,dummy-virt (DT) [ 38.757590] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 38.027972] ================================================================== [ 38.028075] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 38.028075] [ 38.028138] Invalid free of 0x00000000595be825 (in kfence-#137): [ 38.028209] test_invalid_addr_free+0xec/0x238 [ 38.028257] kunit_try_run_case+0x170/0x3f0 [ 38.028302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.028345] kthread+0x328/0x630 [ 38.028385] ret_from_fork+0x10/0x20 [ 38.028426] [ 38.028450] kfence-#137: 0x00000000fccd5bc0-0x0000000097a502c3, size=32, cache=test [ 38.028450] [ 38.028506] allocated by task 340 on cpu 1 at 38.027854s (0.000648s ago): [ 38.028570] test_alloc+0x230/0x628 [ 38.028610] test_invalid_addr_free+0xd4/0x238 [ 38.028653] kunit_try_run_case+0x170/0x3f0 [ 38.028694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.028737] kthread+0x328/0x630 [ 38.028774] ret_from_fork+0x10/0x20 [ 38.028812] [ 38.028857] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 38.028939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.028969] Hardware name: linux,dummy-virt (DT) [ 38.029005] ================================================================== [ 37.923985] ================================================================== [ 37.924072] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 37.924072] [ 37.924133] Invalid free of 0x000000003bef8c4d (in kfence-#136): [ 37.924209] test_invalid_addr_free+0x1ac/0x238 [ 37.924259] kunit_try_run_case+0x170/0x3f0 [ 37.924306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.924351] kthread+0x328/0x630 [ 37.924392] ret_from_fork+0x10/0x20 [ 37.924433] [ 37.924460] kfence-#136: 0x0000000076a6c9c0-0x00000000a843d109, size=32, cache=kmalloc-32 [ 37.924460] [ 37.924519] allocated by task 338 on cpu 1 at 37.923836s (0.000679s ago): [ 37.924584] test_alloc+0x29c/0x628 [ 37.924625] test_invalid_addr_free+0xd4/0x238 [ 37.924668] kunit_try_run_case+0x170/0x3f0 [ 37.924711] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.924754] kthread+0x328/0x630 [ 37.924790] ret_from_fork+0x10/0x20 [ 37.924831] [ 37.924875] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.924959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.924988] Hardware name: linux,dummy-virt (DT) [ 37.925024] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 37.716112] ================================================================== [ 37.716246] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 37.716246] [ 37.716318] Invalid free of 0x000000004a3242c8 (in kfence-#134): [ 37.716389] test_double_free+0x1bc/0x238 [ 37.716439] kunit_try_run_case+0x170/0x3f0 [ 37.716487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.716533] kthread+0x328/0x630 [ 37.716572] ret_from_fork+0x10/0x20 [ 37.716616] [ 37.716643] kfence-#134: 0x000000004a3242c8-0x000000007fa3dd48, size=32, cache=kmalloc-32 [ 37.716643] [ 37.716701] allocated by task 334 on cpu 0 at 37.715805s (0.000892s ago): [ 37.716766] test_alloc+0x29c/0x628 [ 37.716807] test_double_free+0xd4/0x238 [ 37.716850] kunit_try_run_case+0x170/0x3f0 [ 37.716892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.716937] kthread+0x328/0x630 [ 37.716975] ret_from_fork+0x10/0x20 [ 37.717015] [ 37.717041] freed by task 334 on cpu 0 at 37.715878s (0.001159s ago): [ 37.717105] test_double_free+0x1ac/0x238 [ 37.717147] kunit_try_run_case+0x170/0x3f0 [ 37.717202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.717247] kthread+0x328/0x630 [ 37.717284] ret_from_fork+0x10/0x20 [ 37.717324] [ 37.717373] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.717456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.717493] Hardware name: linux,dummy-virt (DT) [ 37.717528] ================================================================== [ 37.820011] ================================================================== [ 37.820098] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 37.820098] [ 37.820180] Invalid free of 0x000000003bee8f17 (in kfence-#135): [ 37.820234] test_double_free+0x100/0x238 [ 37.820283] kunit_try_run_case+0x170/0x3f0 [ 37.820328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.820374] kthread+0x328/0x630 [ 37.820413] ret_from_fork+0x10/0x20 [ 37.820453] [ 37.820478] kfence-#135: 0x000000003bee8f17-0x0000000043019f32, size=32, cache=test [ 37.820478] [ 37.820533] allocated by task 336 on cpu 0 at 37.819817s (0.000712s ago): [ 37.820598] test_alloc+0x230/0x628 [ 37.820638] test_double_free+0xd4/0x238 [ 37.820680] kunit_try_run_case+0x170/0x3f0 [ 37.820720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.820765] kthread+0x328/0x630 [ 37.820801] ret_from_fork+0x10/0x20 [ 37.820842] [ 37.820866] freed by task 336 on cpu 0 at 37.819873s (0.000988s ago): [ 37.820929] test_double_free+0xf0/0x238 [ 37.820969] kunit_try_run_case+0x170/0x3f0 [ 37.821011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.821056] kthread+0x328/0x630 [ 37.821093] ret_from_fork+0x10/0x20 [ 37.821132] [ 37.821182] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.821265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.821296] Hardware name: linux,dummy-virt (DT) [ 37.821333] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 37.404015] ================================================================== [ 37.404114] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 37.404114] [ 37.404232] Use-after-free read at 0x000000009f83198a (in kfence-#131): [ 37.404287] test_use_after_free_read+0x114/0x248 [ 37.404336] kunit_try_run_case+0x170/0x3f0 [ 37.404382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.404429] kthread+0x328/0x630 [ 37.404470] ret_from_fork+0x10/0x20 [ 37.404509] [ 37.404535] kfence-#131: 0x000000009f83198a-0x000000008126d92f, size=32, cache=test [ 37.404535] [ 37.404589] allocated by task 328 on cpu 1 at 37.403834s (0.000750s ago): [ 37.404665] test_alloc+0x230/0x628 [ 37.404707] test_use_after_free_read+0xd0/0x248 [ 37.404751] kunit_try_run_case+0x170/0x3f0 [ 37.404792] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.404836] kthread+0x328/0x630 [ 37.404873] ret_from_fork+0x10/0x20 [ 37.404911] [ 37.404937] freed by task 328 on cpu 1 at 37.403896s (0.001037s ago): [ 37.405037] test_use_after_free_read+0xf0/0x248 [ 37.405083] kunit_try_run_case+0x170/0x3f0 [ 37.405124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.405179] kthread+0x328/0x630 [ 37.405215] ret_from_fork+0x10/0x20 [ 37.405256] [ 37.405302] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.405386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.405415] Hardware name: linux,dummy-virt (DT) [ 37.405451] ================================================================== [ 37.300987] ================================================================== [ 37.301096] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 37.301096] [ 37.301217] Use-after-free read at 0x000000007e6e4c98 (in kfence-#130): [ 37.301274] test_use_after_free_read+0x114/0x248 [ 37.301325] kunit_try_run_case+0x170/0x3f0 [ 37.301370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.301415] kthread+0x328/0x630 [ 37.301456] ret_from_fork+0x10/0x20 [ 37.301505] [ 37.301531] kfence-#130: 0x000000007e6e4c98-0x00000000439a16c8, size=32, cache=kmalloc-32 [ 37.301531] [ 37.301585] allocated by task 326 on cpu 1 at 37.300725s (0.000856s ago): [ 37.301655] test_alloc+0x29c/0x628 [ 37.301697] test_use_after_free_read+0xd0/0x248 [ 37.301739] kunit_try_run_case+0x170/0x3f0 [ 37.301780] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.301825] kthread+0x328/0x630 [ 37.301860] ret_from_fork+0x10/0x20 [ 37.301906] [ 37.302034] freed by task 326 on cpu 1 at 37.300794s (0.001159s ago): [ 37.302142] test_use_after_free_read+0x1c0/0x248 [ 37.302202] kunit_try_run_case+0x170/0x3f0 [ 37.302244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.302289] kthread+0x328/0x630 [ 37.302327] ret_from_fork+0x10/0x20 [ 37.302382] [ 37.302429] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 37.302516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.302550] Hardware name: linux,dummy-virt (DT) [ 37.302587] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 32.337821] ================================================================== [ 32.338056] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 32.338201] Read of size 1 at addr fff00000c57888ff by task kunit_try_catch/169 [ 32.338251] [ 32.338281] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.338364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.338391] Hardware name: linux,dummy-virt (DT) [ 32.338421] Call trace: [ 32.338443] show_stack+0x20/0x38 (C) [ 32.338491] dump_stack_lvl+0x8c/0xd0 [ 32.338540] print_report+0x118/0x608 [ 32.338587] kasan_report+0xdc/0x128 [ 32.338632] __asan_report_load1_noabort+0x20/0x30 [ 32.338679] kmalloc_oob_left+0x2ec/0x320 [ 32.338849] kunit_try_run_case+0x170/0x3f0 [ 32.338898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.338951] kthread+0x328/0x630 [ 32.338994] ret_from_fork+0x10/0x20 [ 32.339041] [ 32.339091] Allocated by task 21: [ 32.339139] kasan_save_stack+0x3c/0x68 [ 32.339188] kasan_save_track+0x20/0x40 [ 32.339225] kasan_save_alloc_info+0x40/0x58 [ 32.339260] __kasan_kmalloc+0xd4/0xd8 [ 32.339296] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 32.339408] build_sched_domains+0x32c/0x3768 [ 32.339482] partition_sched_domains+0x79c/0x1098 [ 32.339547] rebuild_sched_domains_locked+0x494/0xde0 [ 32.339644] cpuset_handle_hotplug+0xab0/0x1480 [ 32.339756] cpuset_update_active_cpus+0x18/0x30 [ 32.339826] sched_cpu_activate+0x2d0/0x388 [ 32.339865] cpuhp_invoke_callback+0x5b8/0x1620 [ 32.339906] cpuhp_thread_fun+0x230/0x5d8 [ 32.339940] smpboot_thread_fn+0x2e8/0x760 [ 32.340015] kthread+0x328/0x630 [ 32.340058] ret_from_fork+0x10/0x20 [ 32.340115] [ 32.340147] Freed by task 21: [ 32.340201] kasan_save_stack+0x3c/0x68 [ 32.340243] kasan_save_track+0x20/0x40 [ 32.340279] kasan_save_free_info+0x4c/0x78 [ 32.340342] __kasan_slab_free+0x6c/0x98 [ 32.340418] kfree+0x214/0x3c8 [ 32.340480] build_sched_domains+0x1c64/0x3768 [ 32.340568] partition_sched_domains+0x79c/0x1098 [ 32.340650] rebuild_sched_domains_locked+0x494/0xde0 [ 32.340807] cpuset_handle_hotplug+0xab0/0x1480 [ 32.340883] cpuset_update_active_cpus+0x18/0x30 [ 32.340969] sched_cpu_activate+0x2d0/0x388 [ 32.341037] cpuhp_invoke_callback+0x5b8/0x1620 [ 32.341234] cpuhp_thread_fun+0x230/0x5d8 [ 32.341290] smpboot_thread_fn+0x2e8/0x760 [ 32.341455] kthread+0x328/0x630 [ 32.341493] ret_from_fork+0x10/0x20 [ 32.341539] [ 32.341562] The buggy address belongs to the object at fff00000c57888e0 [ 32.341562] which belongs to the cache kmalloc-16 of size 16 [ 32.341618] The buggy address is located 15 bytes to the right of [ 32.341618] allocated 16-byte region [fff00000c57888e0, fff00000c57888f0) [ 32.341709] [ 32.341803] The buggy address belongs to the physical page: [ 32.341946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.342454] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.342870] page_type: f5(slab) [ 32.342912] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.342962] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.343025] page dumped because: kasan: bad access detected [ 32.343092] [ 32.343140] Memory state around the buggy address: [ 32.343272] fff00000c5788780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.343315] fff00000c5788800: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 32.343629] >fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.343670] ^ [ 32.343770] fff00000c5788900: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.343811] fff00000c5788980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.343849] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 32.326275] ================================================================== [ 32.326374] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 32.326472] Read of size 1 at addr fff00000c63fb480 by task kunit_try_catch/167 [ 32.326642] [ 32.326737] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.326865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.326891] Hardware name: linux,dummy-virt (DT) [ 32.326936] Call trace: [ 32.326959] show_stack+0x20/0x38 (C) [ 32.327014] dump_stack_lvl+0x8c/0xd0 [ 32.327122] print_report+0x118/0x608 [ 32.327474] kasan_report+0xdc/0x128 [ 32.327794] __asan_report_load1_noabort+0x20/0x30 [ 32.327852] kmalloc_oob_right+0x5d0/0x660 [ 32.327916] kunit_try_run_case+0x170/0x3f0 [ 32.327964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.328017] kthread+0x328/0x630 [ 32.328059] ret_from_fork+0x10/0x20 [ 32.328106] [ 32.328123] Allocated by task 167: [ 32.328151] kasan_save_stack+0x3c/0x68 [ 32.328206] kasan_save_track+0x20/0x40 [ 32.328243] kasan_save_alloc_info+0x40/0x58 [ 32.328278] __kasan_kmalloc+0xd4/0xd8 [ 32.328358] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.328396] kmalloc_oob_right+0xb0/0x660 [ 32.328570] kunit_try_run_case+0x170/0x3f0 [ 32.328609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.328651] kthread+0x328/0x630 [ 32.328692] ret_from_fork+0x10/0x20 [ 32.328781] [ 32.328800] The buggy address belongs to the object at fff00000c63fb400 [ 32.328800] which belongs to the cache kmalloc-128 of size 128 [ 32.328998] The buggy address is located 13 bytes to the right of [ 32.328998] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.329102] [ 32.329135] The buggy address belongs to the physical page: [ 32.329339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.329437] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.329495] page_type: f5(slab) [ 32.329532] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.329581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.329620] page dumped because: kasan: bad access detected [ 32.329807] [ 32.329839] Memory state around the buggy address: [ 32.329909] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.329956] fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.330041] >fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330141] ^ [ 32.330477] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330557] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330596] ================================================================== [ 32.313769] ================================================================== [ 32.314092] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 32.314916] Write of size 1 at addr fff00000c63fb473 by task kunit_try_catch/167 [ 32.315027] [ 32.315840] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.315993] Tainted: [N]=TEST [ 32.316027] Hardware name: linux,dummy-virt (DT) [ 32.316261] Call trace: [ 32.316435] show_stack+0x20/0x38 (C) [ 32.316567] dump_stack_lvl+0x8c/0xd0 [ 32.316624] print_report+0x118/0x608 [ 32.316675] kasan_report+0xdc/0x128 [ 32.316721] __asan_report_store1_noabort+0x20/0x30 [ 32.316772] kmalloc_oob_right+0x5a4/0x660 [ 32.316820] kunit_try_run_case+0x170/0x3f0 [ 32.316872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316926] kthread+0x328/0x630 [ 32.316971] ret_from_fork+0x10/0x20 [ 32.317122] [ 32.317173] Allocated by task 167: [ 32.317286] kasan_save_stack+0x3c/0x68 [ 32.317350] kasan_save_track+0x20/0x40 [ 32.317388] kasan_save_alloc_info+0x40/0x58 [ 32.317425] __kasan_kmalloc+0xd4/0xd8 [ 32.317461] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.317506] kmalloc_oob_right+0xb0/0x660 [ 32.317542] kunit_try_run_case+0x170/0x3f0 [ 32.317579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.317622] kthread+0x328/0x630 [ 32.317653] ret_from_fork+0x10/0x20 [ 32.317706] [ 32.317764] The buggy address belongs to the object at fff00000c63fb400 [ 32.317764] which belongs to the cache kmalloc-128 of size 128 [ 32.317853] The buggy address is located 0 bytes to the right of [ 32.317853] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.317924] [ 32.318004] The buggy address belongs to the physical page: [ 32.318200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.318466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.318750] page_type: f5(slab) [ 32.319026] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.319086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.319200] page dumped because: kasan: bad access detected [ 32.319241] [ 32.319267] Memory state around the buggy address: [ 32.319510] fff00000c63fb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.319601] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319655] >fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.319709] ^ [ 32.319795] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319838] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319899] ================================================================== [ 32.321411] ================================================================== [ 32.321612] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 32.321846] Write of size 1 at addr fff00000c63fb478 by task kunit_try_catch/167 [ 32.321896] [ 32.321925] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.322015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.322132] Hardware name: linux,dummy-virt (DT) [ 32.322192] Call trace: [ 32.322214] show_stack+0x20/0x38 (C) [ 32.322262] dump_stack_lvl+0x8c/0xd0 [ 32.322899] print_report+0x118/0x608 [ 32.323126] kasan_report+0xdc/0x128 [ 32.323184] __asan_report_store1_noabort+0x20/0x30 [ 32.323232] kmalloc_oob_right+0x538/0x660 [ 32.323285] kunit_try_run_case+0x170/0x3f0 [ 32.323375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.323512] kthread+0x328/0x630 [ 32.323554] ret_from_fork+0x10/0x20 [ 32.323601] [ 32.323619] Allocated by task 167: [ 32.323646] kasan_save_stack+0x3c/0x68 [ 32.323705] kasan_save_track+0x20/0x40 [ 32.323742] kasan_save_alloc_info+0x40/0x58 [ 32.323778] __kasan_kmalloc+0xd4/0xd8 [ 32.323814] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.323852] kmalloc_oob_right+0xb0/0x660 [ 32.323995] kunit_try_run_case+0x170/0x3f0 [ 32.324200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.324387] kthread+0x328/0x630 [ 32.324467] ret_from_fork+0x10/0x20 [ 32.324567] [ 32.324588] The buggy address belongs to the object at fff00000c63fb400 [ 32.324588] which belongs to the cache kmalloc-128 of size 128 [ 32.324791] The buggy address is located 5 bytes to the right of [ 32.324791] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.324854] [ 32.324873] The buggy address belongs to the physical page: [ 32.324916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.324965] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.325033] page_type: f5(slab) [ 32.325070] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.325120] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.325169] page dumped because: kasan: bad access detected [ 32.325199] [ 32.325217] Memory state around the buggy address: [ 32.325246] fff00000c63fb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.325288] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325329] >fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.325365] ^ [ 32.325404] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325477] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325518] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 36.779972] ================================================================== [ 36.780055] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 36.780055] [ 36.780142] Out-of-bounds read at 0x00000000bddb1fca (1B left of kfence-#125): [ 36.780254] test_out_of_bounds_read+0x114/0x3e0 [ 36.780421] kunit_try_run_case+0x170/0x3f0 [ 36.780473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.780596] kthread+0x328/0x630 [ 36.780634] ret_from_fork+0x10/0x20 [ 36.780675] [ 36.780700] kfence-#125: 0x00000000e2cbeebc-0x000000002eac0cd8, size=32, cache=test [ 36.780700] [ 36.780754] allocated by task 320 on cpu 1 at 36.779887s (0.000862s ago): [ 36.780895] test_alloc+0x230/0x628 [ 36.780939] test_out_of_bounds_read+0xdc/0x3e0 [ 36.780982] kunit_try_run_case+0x170/0x3f0 [ 36.781021] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.781065] kthread+0x328/0x630 [ 36.781112] ret_from_fork+0x10/0x20 [ 36.781153] [ 36.781213] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.781298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.781327] Hardware name: linux,dummy-virt (DT) [ 36.781363] ================================================================== [ 36.038373] ================================================================== [ 36.038500] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 36.038500] [ 36.039211] Out-of-bounds read at 0x00000000e3b0a4e9 (1B left of kfence-#118): [ 36.039612] test_out_of_bounds_read+0x114/0x3e0 [ 36.040365] kunit_try_run_case+0x170/0x3f0 [ 36.040757] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.040888] kthread+0x328/0x630 [ 36.040967] ret_from_fork+0x10/0x20 [ 36.041400] [ 36.042401] kfence-#118: 0x000000007ab98f19-0x00000000db6adaf7, size=32, cache=kmalloc-32 [ 36.042401] [ 36.043286] allocated by task 318 on cpu 1 at 36.037578s (0.005403s ago): [ 36.045052] test_alloc+0x29c/0x628 [ 36.045329] test_out_of_bounds_read+0xdc/0x3e0 [ 36.045396] kunit_try_run_case+0x170/0x3f0 [ 36.045454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.045508] kthread+0x328/0x630 [ 36.045546] ret_from_fork+0x10/0x20 [ 36.045715] [ 36.045814] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.045922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.045964] Hardware name: linux,dummy-virt (DT) [ 36.046039] ================================================================== [ 36.884146] ================================================================== [ 36.884236] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 36.884236] [ 36.884316] Out-of-bounds read at 0x000000001bcf71d8 (32B right of kfence-#126): [ 36.884378] test_out_of_bounds_read+0x1c8/0x3e0 [ 36.884426] kunit_try_run_case+0x170/0x3f0 [ 36.884470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.884515] kthread+0x328/0x630 [ 36.884554] ret_from_fork+0x10/0x20 [ 36.884605] [ 36.884630] kfence-#126: 0x000000003348aa03-0x000000003d2ca1ec, size=32, cache=test [ 36.884630] [ 36.884683] allocated by task 320 on cpu 1 at 36.884063s (0.000617s ago): [ 36.884767] test_alloc+0x230/0x628 [ 36.884820] test_out_of_bounds_read+0x198/0x3e0 [ 36.884861] kunit_try_run_case+0x170/0x3f0 [ 36.884956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.885116] kthread+0x328/0x630 [ 36.885165] ret_from_fork+0x10/0x20 [ 36.885219] [ 36.885418] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.885626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.885656] Hardware name: linux,dummy-virt (DT) [ 36.885691] ================================================================== [ 36.362143] ================================================================== [ 36.362341] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 36.362341] [ 36.362696] Out-of-bounds read at 0x000000008d10bbef (32B right of kfence-#121): [ 36.362779] test_out_of_bounds_read+0x1c8/0x3e0 [ 36.362834] kunit_try_run_case+0x170/0x3f0 [ 36.362987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.363044] kthread+0x328/0x630 [ 36.363084] ret_from_fork+0x10/0x20 [ 36.363382] [ 36.363472] kfence-#121: 0x00000000fcf26bb1-0x000000005fe8474e, size=32, cache=kmalloc-32 [ 36.363472] [ 36.363537] allocated by task 318 on cpu 1 at 36.361361s (0.002172s ago): [ 36.363865] test_alloc+0x29c/0x628 [ 36.364012] test_out_of_bounds_read+0x198/0x3e0 [ 36.364084] kunit_try_run_case+0x170/0x3f0 [ 36.364141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.364428] kthread+0x328/0x630 [ 36.364743] ret_from_fork+0x10/0x20 [ 36.364808] [ 36.365175] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.365583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.365653] Hardware name: linux,dummy-virt (DT) [ 36.365775] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 35.561939] ================================================================== [ 35.561993] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 35.562058] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.562112] [ 35.562255] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.562385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.562435] Hardware name: linux,dummy-virt (DT) [ 35.562672] Call trace: [ 35.562711] show_stack+0x20/0x38 (C) [ 35.562793] dump_stack_lvl+0x8c/0xd0 [ 35.562846] print_report+0x118/0x608 [ 35.563062] kasan_report+0xdc/0x128 [ 35.563174] kasan_check_range+0x100/0x1a8 [ 35.563230] __kasan_check_write+0x20/0x30 [ 35.563298] strncpy_from_user+0x3c/0x2a0 [ 35.563354] copy_user_test_oob+0x5c0/0xec8 [ 35.563421] kunit_try_run_case+0x170/0x3f0 [ 35.563480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.563565] kthread+0x328/0x630 [ 35.563649] ret_from_fork+0x10/0x20 [ 35.563710] [ 35.563740] Allocated by task 316: [ 35.563771] kasan_save_stack+0x3c/0x68 [ 35.563817] kasan_save_track+0x20/0x40 [ 35.563872] kasan_save_alloc_info+0x40/0x58 [ 35.563912] __kasan_kmalloc+0xd4/0xd8 [ 35.563953] __kmalloc_noprof+0x198/0x4c8 [ 35.563993] kunit_kmalloc_array+0x34/0x88 [ 35.564045] copy_user_test_oob+0xac/0xec8 [ 35.564110] kunit_try_run_case+0x170/0x3f0 [ 35.564179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.564236] kthread+0x328/0x630 [ 35.564287] ret_from_fork+0x10/0x20 [ 35.564326] [ 35.564348] The buggy address belongs to the object at fff00000c988b100 [ 35.564348] which belongs to the cache kmalloc-128 of size 128 [ 35.564411] The buggy address is located 0 bytes inside of [ 35.564411] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.564478] [ 35.564500] The buggy address belongs to the physical page: [ 35.564533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.564593] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.564655] page_type: f5(slab) [ 35.564701] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.564765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.564817] page dumped because: kasan: bad access detected [ 35.564857] [ 35.564886] Memory state around the buggy address: [ 35.564921] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.564964] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565009] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.565061] ^ [ 35.565111] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565806] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.565868] ================================================================== [ 35.566147] ================================================================== [ 35.566465] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 35.566528] Write of size 1 at addr fff00000c988b178 by task kunit_try_catch/316 [ 35.566754] [ 35.566860] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.566963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.566996] Hardware name: linux,dummy-virt (DT) [ 35.567059] Call trace: [ 35.567084] show_stack+0x20/0x38 (C) [ 35.567152] dump_stack_lvl+0x8c/0xd0 [ 35.567221] print_report+0x118/0x608 [ 35.567277] kasan_report+0xdc/0x128 [ 35.567343] __asan_report_store1_noabort+0x20/0x30 [ 35.567415] strncpy_from_user+0x270/0x2a0 [ 35.567525] copy_user_test_oob+0x5c0/0xec8 [ 35.567649] kunit_try_run_case+0x170/0x3f0 [ 35.567739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.567840] kthread+0x328/0x630 [ 35.567905] ret_from_fork+0x10/0x20 [ 35.567978] [ 35.568001] Allocated by task 316: [ 35.568032] kasan_save_stack+0x3c/0x68 [ 35.568074] kasan_save_track+0x20/0x40 [ 35.568114] kasan_save_alloc_info+0x40/0x58 [ 35.568167] __kasan_kmalloc+0xd4/0xd8 [ 35.568210] __kmalloc_noprof+0x198/0x4c8 [ 35.568420] kunit_kmalloc_array+0x34/0x88 [ 35.568486] copy_user_test_oob+0xac/0xec8 [ 35.568554] kunit_try_run_case+0x170/0x3f0 [ 35.568632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.568692] kthread+0x328/0x630 [ 35.568726] ret_from_fork+0x10/0x20 [ 35.568884] [ 35.568937] The buggy address belongs to the object at fff00000c988b100 [ 35.568937] which belongs to the cache kmalloc-128 of size 128 [ 35.569023] The buggy address is located 0 bytes to the right of [ 35.569023] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.569193] [ 35.569234] The buggy address belongs to the physical page: [ 35.569303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.569425] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.569512] page_type: f5(slab) [ 35.569552] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.569605] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.569851] page dumped because: kasan: bad access detected [ 35.569990] [ 35.570081] Memory state around the buggy address: [ 35.570151] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.570533] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570621] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.570752] ^ [ 35.570815] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570885] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.570997] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 35.523170] ================================================================== [ 35.523264] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 35.523366] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.523615] [ 35.523673] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.523935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.523978] Hardware name: linux,dummy-virt (DT) [ 35.524069] Call trace: [ 35.524125] show_stack+0x20/0x38 (C) [ 35.524270] dump_stack_lvl+0x8c/0xd0 [ 35.524394] print_report+0x118/0x608 [ 35.524490] kasan_report+0xdc/0x128 [ 35.524567] kasan_check_range+0x100/0x1a8 [ 35.524640] __kasan_check_write+0x20/0x30 [ 35.524722] copy_user_test_oob+0x234/0xec8 [ 35.524781] kunit_try_run_case+0x170/0x3f0 [ 35.524836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.524902] kthread+0x328/0x630 [ 35.524956] ret_from_fork+0x10/0x20 [ 35.525011] [ 35.525049] Allocated by task 316: [ 35.525082] kasan_save_stack+0x3c/0x68 [ 35.525139] kasan_save_track+0x20/0x40 [ 35.525199] kasan_save_alloc_info+0x40/0x58 [ 35.525249] __kasan_kmalloc+0xd4/0xd8 [ 35.525305] __kmalloc_noprof+0x198/0x4c8 [ 35.525362] kunit_kmalloc_array+0x34/0x88 [ 35.525403] copy_user_test_oob+0xac/0xec8 [ 35.525453] kunit_try_run_case+0x170/0x3f0 [ 35.525504] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.525552] kthread+0x328/0x630 [ 35.525586] ret_from_fork+0x10/0x20 [ 35.525626] [ 35.525658] The buggy address belongs to the object at fff00000c988b100 [ 35.525658] which belongs to the cache kmalloc-128 of size 128 [ 35.525722] The buggy address is located 0 bytes inside of [ 35.525722] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.525798] [ 35.525822] The buggy address belongs to the physical page: [ 35.525868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.525928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.525989] page_type: f5(slab) [ 35.526033] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.526097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.526141] page dumped because: kasan: bad access detected [ 35.526186] [ 35.526208] Memory state around the buggy address: [ 35.526243] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.526423] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.526819] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.526917] ^ [ 35.527152] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.527309] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.527382] ================================================================== [ 35.541800] ================================================================== [ 35.541859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 35.541928] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.541983] [ 35.542018] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.542107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.542175] Hardware name: linux,dummy-virt (DT) [ 35.542212] Call trace: [ 35.542237] show_stack+0x20/0x38 (C) [ 35.542312] dump_stack_lvl+0x8c/0xd0 [ 35.542381] print_report+0x118/0x608 [ 35.542431] kasan_report+0xdc/0x128 [ 35.542483] kasan_check_range+0x100/0x1a8 [ 35.542543] __kasan_check_write+0x20/0x30 [ 35.542776] copy_user_test_oob+0x35c/0xec8 [ 35.542846] kunit_try_run_case+0x170/0x3f0 [ 35.542901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.543035] kthread+0x328/0x630 [ 35.543084] ret_from_fork+0x10/0x20 [ 35.543263] [ 35.543334] Allocated by task 316: [ 35.543372] kasan_save_stack+0x3c/0x68 [ 35.543428] kasan_save_track+0x20/0x40 [ 35.543565] kasan_save_alloc_info+0x40/0x58 [ 35.543652] __kasan_kmalloc+0xd4/0xd8 [ 35.543693] __kmalloc_noprof+0x198/0x4c8 [ 35.543733] kunit_kmalloc_array+0x34/0x88 [ 35.543789] copy_user_test_oob+0xac/0xec8 [ 35.543831] kunit_try_run_case+0x170/0x3f0 [ 35.544165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.544262] kthread+0x328/0x630 [ 35.544317] ret_from_fork+0x10/0x20 [ 35.544578] [ 35.544602] The buggy address belongs to the object at fff00000c988b100 [ 35.544602] which belongs to the cache kmalloc-128 of size 128 [ 35.544667] The buggy address is located 0 bytes inside of [ 35.544667] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.544732] [ 35.544762] The buggy address belongs to the physical page: [ 35.544809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.544863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.544915] page_type: f5(slab) [ 35.544958] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.545023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.545066] page dumped because: kasan: bad access detected [ 35.545101] [ 35.545131] Memory state around the buggy address: [ 35.545177] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.545223] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545269] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.545311] ^ [ 35.545353] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545510] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545662] ================================================================== [ 35.552067] ================================================================== [ 35.552137] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 35.552205] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.552258] [ 35.552466] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.552571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.552705] Hardware name: linux,dummy-virt (DT) [ 35.552762] Call trace: [ 35.552843] show_stack+0x20/0x38 (C) [ 35.552902] dump_stack_lvl+0x8c/0xd0 [ 35.553008] print_report+0x118/0x608 [ 35.553084] kasan_report+0xdc/0x128 [ 35.553146] kasan_check_range+0x100/0x1a8 [ 35.553237] __kasan_check_write+0x20/0x30 [ 35.553293] copy_user_test_oob+0x434/0xec8 [ 35.553361] kunit_try_run_case+0x170/0x3f0 [ 35.553411] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.553477] kthread+0x328/0x630 [ 35.553539] ret_from_fork+0x10/0x20 [ 35.553590] [ 35.553611] Allocated by task 316: [ 35.553642] kasan_save_stack+0x3c/0x68 [ 35.553898] kasan_save_track+0x20/0x40 [ 35.553967] kasan_save_alloc_info+0x40/0x58 [ 35.554016] __kasan_kmalloc+0xd4/0xd8 [ 35.554064] __kmalloc_noprof+0x198/0x4c8 [ 35.554121] kunit_kmalloc_array+0x34/0x88 [ 35.554177] copy_user_test_oob+0xac/0xec8 [ 35.554224] kunit_try_run_case+0x170/0x3f0 [ 35.554272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.554327] kthread+0x328/0x630 [ 35.554365] ret_from_fork+0x10/0x20 [ 35.554404] [ 35.554427] The buggy address belongs to the object at fff00000c988b100 [ 35.554427] which belongs to the cache kmalloc-128 of size 128 [ 35.554506] The buggy address is located 0 bytes inside of [ 35.554506] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.554575] [ 35.554598] The buggy address belongs to the physical page: [ 35.554632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.554686] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.554738] page_type: f5(slab) [ 35.554778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.554832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.554875] page dumped because: kasan: bad access detected [ 35.554909] [ 35.554930] Memory state around the buggy address: [ 35.554975] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.555022] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555067] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.555108] ^ [ 35.555148] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555206] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555247] ================================================================== [ 35.531267] ================================================================== [ 35.531321] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 35.531374] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.531464] [ 35.531525] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.531656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.531706] Hardware name: linux,dummy-virt (DT) [ 35.531760] Call trace: [ 35.531828] show_stack+0x20/0x38 (C) [ 35.531906] dump_stack_lvl+0x8c/0xd0 [ 35.531970] print_report+0x118/0x608 [ 35.532020] kasan_report+0xdc/0x128 [ 35.532069] kasan_check_range+0x100/0x1a8 [ 35.532115] __kasan_check_read+0x20/0x30 [ 35.532175] copy_user_test_oob+0x728/0xec8 [ 35.532226] kunit_try_run_case+0x170/0x3f0 [ 35.532519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.532609] kthread+0x328/0x630 [ 35.532833] ret_from_fork+0x10/0x20 [ 35.532975] [ 35.533062] Allocated by task 316: [ 35.533120] kasan_save_stack+0x3c/0x68 [ 35.533233] kasan_save_track+0x20/0x40 [ 35.533291] kasan_save_alloc_info+0x40/0x58 [ 35.533358] __kasan_kmalloc+0xd4/0xd8 [ 35.533456] __kmalloc_noprof+0x198/0x4c8 [ 35.533538] kunit_kmalloc_array+0x34/0x88 [ 35.533637] copy_user_test_oob+0xac/0xec8 [ 35.533703] kunit_try_run_case+0x170/0x3f0 [ 35.533744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.534037] kthread+0x328/0x630 [ 35.534097] ret_from_fork+0x10/0x20 [ 35.534199] [ 35.534258] The buggy address belongs to the object at fff00000c988b100 [ 35.534258] which belongs to the cache kmalloc-128 of size 128 [ 35.534349] The buggy address is located 0 bytes inside of [ 35.534349] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.534640] [ 35.534687] The buggy address belongs to the physical page: [ 35.534772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.534859] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.534913] page_type: f5(slab) [ 35.534954] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.535274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.535351] page dumped because: kasan: bad access detected [ 35.535395] [ 35.535682] Memory state around the buggy address: [ 35.535746] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.535794] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.535855] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.535897] ^ [ 35.536272] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.536369] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.536441] ================================================================== [ 35.546552] ================================================================== [ 35.546628] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 35.546681] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.546750] [ 35.546799] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.546958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.546998] Hardware name: linux,dummy-virt (DT) [ 35.547033] Call trace: [ 35.547083] show_stack+0x20/0x38 (C) [ 35.547236] dump_stack_lvl+0x8c/0xd0 [ 35.547296] print_report+0x118/0x608 [ 35.547388] kasan_report+0xdc/0x128 [ 35.547553] kasan_check_range+0x100/0x1a8 [ 35.547634] __kasan_check_read+0x20/0x30 [ 35.547711] copy_user_test_oob+0x3c8/0xec8 [ 35.547780] kunit_try_run_case+0x170/0x3f0 [ 35.547852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.547909] kthread+0x328/0x630 [ 35.547986] ret_from_fork+0x10/0x20 [ 35.548037] [ 35.548276] Allocated by task 316: [ 35.548338] kasan_save_stack+0x3c/0x68 [ 35.548434] kasan_save_track+0x20/0x40 [ 35.548546] kasan_save_alloc_info+0x40/0x58 [ 35.548615] __kasan_kmalloc+0xd4/0xd8 [ 35.548917] __kmalloc_noprof+0x198/0x4c8 [ 35.549004] kunit_kmalloc_array+0x34/0x88 [ 35.549108] copy_user_test_oob+0xac/0xec8 [ 35.549205] kunit_try_run_case+0x170/0x3f0 [ 35.549278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.549362] kthread+0x328/0x630 [ 35.549429] ret_from_fork+0x10/0x20 [ 35.549552] [ 35.549595] The buggy address belongs to the object at fff00000c988b100 [ 35.549595] which belongs to the cache kmalloc-128 of size 128 [ 35.549658] The buggy address is located 0 bytes inside of [ 35.549658] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.549737] [ 35.550051] The buggy address belongs to the physical page: [ 35.550118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.550342] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.550481] page_type: f5(slab) [ 35.550586] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.550663] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.550726] page dumped because: kasan: bad access detected [ 35.550819] [ 35.550840] Memory state around the buggy address: [ 35.550874] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.550945] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551192] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.551237] ^ [ 35.551680] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551783] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551862] ================================================================== [ 35.555369] ================================================================== [ 35.555414] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 35.555866] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.555953] [ 35.555994] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.556358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.556424] Hardware name: linux,dummy-virt (DT) [ 35.556458] Call trace: [ 35.556547] show_stack+0x20/0x38 (C) [ 35.556612] dump_stack_lvl+0x8c/0xd0 [ 35.556685] print_report+0x118/0x608 [ 35.556795] kasan_report+0xdc/0x128 [ 35.556927] kasan_check_range+0x100/0x1a8 [ 35.556994] __kasan_check_read+0x20/0x30 [ 35.557069] copy_user_test_oob+0x4a0/0xec8 [ 35.557172] kunit_try_run_case+0x170/0x3f0 [ 35.557242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.557325] kthread+0x328/0x630 [ 35.557370] ret_from_fork+0x10/0x20 [ 35.557420] [ 35.557440] Allocated by task 316: [ 35.557621] kasan_save_stack+0x3c/0x68 [ 35.557679] kasan_save_track+0x20/0x40 [ 35.557719] kasan_save_alloc_info+0x40/0x58 [ 35.557802] __kasan_kmalloc+0xd4/0xd8 [ 35.557880] __kmalloc_noprof+0x198/0x4c8 [ 35.557992] kunit_kmalloc_array+0x34/0x88 [ 35.558070] copy_user_test_oob+0xac/0xec8 [ 35.558375] kunit_try_run_case+0x170/0x3f0 [ 35.558476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.558525] kthread+0x328/0x630 [ 35.558828] ret_from_fork+0x10/0x20 [ 35.558927] [ 35.559020] The buggy address belongs to the object at fff00000c988b100 [ 35.559020] which belongs to the cache kmalloc-128 of size 128 [ 35.559109] The buggy address is located 0 bytes inside of [ 35.559109] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.559431] [ 35.559516] The buggy address belongs to the physical page: [ 35.559626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.559703] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.559754] page_type: f5(slab) [ 35.559819] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.559873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.560085] page dumped because: kasan: bad access detected [ 35.560299] [ 35.560347] Memory state around the buggy address: [ 35.560394] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.560468] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.560734] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.560907] ^ [ 35.560971] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.561029] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.561096] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 35.493027] ================================================================== [ 35.493093] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 35.493376] Read of size 8 at addr fff00000c988b078 by task kunit_try_catch/312 [ 35.493499] [ 35.493551] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.493654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.493692] Hardware name: linux,dummy-virt (DT) [ 35.493755] Call trace: [ 35.493781] show_stack+0x20/0x38 (C) [ 35.493833] dump_stack_lvl+0x8c/0xd0 [ 35.493913] print_report+0x118/0x608 [ 35.494043] kasan_report+0xdc/0x128 [ 35.494107] __asan_report_load8_noabort+0x20/0x30 [ 35.494304] copy_to_kernel_nofault+0x204/0x250 [ 35.494369] copy_to_kernel_nofault_oob+0x158/0x418 [ 35.494434] kunit_try_run_case+0x170/0x3f0 [ 35.494566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.494721] kthread+0x328/0x630 [ 35.494807] ret_from_fork+0x10/0x20 [ 35.494879] [ 35.494901] Allocated by task 312: [ 35.494933] kasan_save_stack+0x3c/0x68 [ 35.494979] kasan_save_track+0x20/0x40 [ 35.495118] kasan_save_alloc_info+0x40/0x58 [ 35.495310] __kasan_kmalloc+0xd4/0xd8 [ 35.495400] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.495538] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.495585] kunit_try_run_case+0x170/0x3f0 [ 35.495625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.495672] kthread+0x328/0x630 [ 35.495938] ret_from_fork+0x10/0x20 [ 35.496058] [ 35.496108] The buggy address belongs to the object at fff00000c988b000 [ 35.496108] which belongs to the cache kmalloc-128 of size 128 [ 35.496221] The buggy address is located 0 bytes to the right of [ 35.496221] allocated 120-byte region [fff00000c988b000, fff00000c988b078) [ 35.496319] [ 35.496403] The buggy address belongs to the physical page: [ 35.496438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.496510] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.496788] page_type: f5(slab) [ 35.497188] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.497287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.497367] page dumped because: kasan: bad access detected [ 35.497415] [ 35.497441] Memory state around the buggy address: [ 35.497478] fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.497528] fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.497589] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.497650] ^ [ 35.497724] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.497770] fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.497821] ================================================================== [ 35.498256] ================================================================== [ 35.498312] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 35.498365] Write of size 8 at addr fff00000c988b078 by task kunit_try_catch/312 [ 35.498418] [ 35.498692] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.499004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.499105] Hardware name: linux,dummy-virt (DT) [ 35.499146] Call trace: [ 35.499180] show_stack+0x20/0x38 (C) [ 35.499234] dump_stack_lvl+0x8c/0xd0 [ 35.499783] print_report+0x118/0x608 [ 35.500052] kasan_report+0xdc/0x128 [ 35.500142] kasan_check_range+0x100/0x1a8 [ 35.500255] __kasan_check_write+0x20/0x30 [ 35.500342] copy_to_kernel_nofault+0x8c/0x250 [ 35.500461] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 35.500515] kunit_try_run_case+0x170/0x3f0 [ 35.500568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.500626] kthread+0x328/0x630 [ 35.500898] ret_from_fork+0x10/0x20 [ 35.501057] [ 35.501121] Allocated by task 312: [ 35.501375] kasan_save_stack+0x3c/0x68 [ 35.501488] kasan_save_track+0x20/0x40 [ 35.501610] kasan_save_alloc_info+0x40/0x58 [ 35.501688] __kasan_kmalloc+0xd4/0xd8 [ 35.501779] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.501858] copy_to_kernel_nofault_oob+0xc8/0x418 [ 35.501954] kunit_try_run_case+0x170/0x3f0 [ 35.502057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.502135] kthread+0x328/0x630 [ 35.502222] ret_from_fork+0x10/0x20 [ 35.502279] [ 35.502301] The buggy address belongs to the object at fff00000c988b000 [ 35.502301] which belongs to the cache kmalloc-128 of size 128 [ 35.502497] The buggy address is located 0 bytes to the right of [ 35.502497] allocated 120-byte region [fff00000c988b000, fff00000c988b078) [ 35.502570] [ 35.502700] The buggy address belongs to the physical page: [ 35.502770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.502828] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.502880] page_type: f5(slab) [ 35.502923] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.502976] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.503038] page dumped because: kasan: bad access detected [ 35.503089] [ 35.503109] Memory state around the buggy address: [ 35.503170] fff00000c988af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.503217] fff00000c988af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.503262] >fff00000c988b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.503304] ^ [ 35.503606] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.503725] fff00000c988b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.503790] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 35.455496] ================================================================== [ 35.455592] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 35.455651] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/300 [ 35.455704] [ 35.455742] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.455840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.455871] Hardware name: linux,dummy-virt (DT) [ 35.455904] Call trace: [ 35.456143] show_stack+0x20/0x38 (C) [ 35.456250] dump_stack_lvl+0x8c/0xd0 [ 35.456370] print_report+0x310/0x608 [ 35.456437] kasan_report+0xdc/0x128 [ 35.456516] __asan_report_load1_noabort+0x20/0x30 [ 35.456569] vmalloc_oob+0x578/0x5d0 [ 35.456829] kunit_try_run_case+0x170/0x3f0 [ 35.456944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.457032] kthread+0x328/0x630 [ 35.457104] ret_from_fork+0x10/0x20 [ 35.457219] [ 35.457287] The buggy address belongs to the virtual mapping at [ 35.457287] [ffff8000800fe000, ffff800080100000) created by: [ 35.457287] vmalloc_oob+0x98/0x5d0 [ 35.457385] [ 35.457409] The buggy address belongs to the physical page: [ 35.457445] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 35.457662] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.457813] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 35.457909] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 35.457966] page dumped because: kasan: bad access detected [ 35.458198] [ 35.458260] Memory state around the buggy address: [ 35.458318] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.458386] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.458432] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 35.458472] ^ [ 35.458516] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 35.458559] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 35.458602] ================================================================== [ 35.459626] ================================================================== [ 35.459700] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 35.459752] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/300 [ 35.459811] [ 35.459842] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.459937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.459984] Hardware name: linux,dummy-virt (DT) [ 35.460148] Call trace: [ 35.460306] show_stack+0x20/0x38 (C) [ 35.460384] dump_stack_lvl+0x8c/0xd0 [ 35.460452] print_report+0x310/0x608 [ 35.460508] kasan_report+0xdc/0x128 [ 35.460591] __asan_report_load1_noabort+0x20/0x30 [ 35.460644] vmalloc_oob+0x51c/0x5d0 [ 35.460702] kunit_try_run_case+0x170/0x3f0 [ 35.460752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.460807] kthread+0x328/0x630 [ 35.460867] ret_from_fork+0x10/0x20 [ 35.460918] [ 35.460944] The buggy address belongs to the virtual mapping at [ 35.460944] [ffff8000800fe000, ffff800080100000) created by: [ 35.460944] vmalloc_oob+0x98/0x5d0 [ 35.461019] [ 35.461041] The buggy address belongs to the physical page: [ 35.461075] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 35.461230] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.461298] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 35.461353] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 35.461578] page dumped because: kasan: bad access detected [ 35.461629] [ 35.461670] Memory state around the buggy address: [ 35.461716] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.461920] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.461980] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 35.462022] ^ [ 35.462248] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 35.462310] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 35.462357] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 35.261209] ================================================================== [ 35.261497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 35.261682] Read of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.261860] [ 35.261897] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.261989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.262493] Hardware name: linux,dummy-virt (DT) [ 35.262577] Call trace: [ 35.262603] show_stack+0x20/0x38 (C) [ 35.262659] dump_stack_lvl+0x8c/0xd0 [ 35.262710] print_report+0x118/0x608 [ 35.262760] kasan_report+0xdc/0x128 [ 35.263291] __asan_report_load4_noabort+0x20/0x30 [ 35.263370] kasan_atomics_helper+0x3e04/0x4858 [ 35.263426] kasan_atomics+0x198/0x2e0 [ 35.263539] kunit_try_run_case+0x170/0x3f0 [ 35.263646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.263950] kthread+0x328/0x630 [ 35.264276] ret_from_fork+0x10/0x20 [ 35.264497] [ 35.264549] Allocated by task 296: [ 35.264619] kasan_save_stack+0x3c/0x68 [ 35.264668] kasan_save_track+0x20/0x40 [ 35.264884] kasan_save_alloc_info+0x40/0x58 [ 35.265215] __kasan_kmalloc+0xd4/0xd8 [ 35.265279] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.265461] kasan_atomics+0xb8/0x2e0 [ 35.265704] kunit_try_run_case+0x170/0x3f0 [ 35.265973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.266127] kthread+0x328/0x630 [ 35.266189] ret_from_fork+0x10/0x20 [ 35.266228] [ 35.266259] The buggy address belongs to the object at fff00000c997d800 [ 35.266259] which belongs to the cache kmalloc-64 of size 64 [ 35.266322] The buggy address is located 0 bytes to the right of [ 35.266322] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.266404] [ 35.266443] The buggy address belongs to the physical page: [ 35.266486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.266541] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.266620] page_type: f5(slab) [ 35.266685] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.266769] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.266814] page dumped because: kasan: bad access detected [ 35.266846] [ 35.266868] Memory state around the buggy address: [ 35.266900] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.266956] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.267007] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.267065] ^ [ 35.267121] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.267187] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.267234] ================================================================== [ 35.428657] ================================================================== [ 35.428772] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 35.428923] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.428999] [ 35.429120] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.429242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.429270] Hardware name: linux,dummy-virt (DT) [ 35.429305] Call trace: [ 35.429329] show_stack+0x20/0x38 (C) [ 35.429398] dump_stack_lvl+0x8c/0xd0 [ 35.429454] print_report+0x118/0x608 [ 35.429723] kasan_report+0xdc/0x128 [ 35.429831] kasan_check_range+0x100/0x1a8 [ 35.429885] __kasan_check_write+0x20/0x30 [ 35.429952] kasan_atomics_helper+0x175c/0x4858 [ 35.430024] kasan_atomics+0x198/0x2e0 [ 35.430090] kunit_try_run_case+0x170/0x3f0 [ 35.430144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.430224] kthread+0x328/0x630 [ 35.430268] ret_from_fork+0x10/0x20 [ 35.430319] [ 35.430359] Allocated by task 296: [ 35.430392] kasan_save_stack+0x3c/0x68 [ 35.430590] kasan_save_track+0x20/0x40 [ 35.430738] kasan_save_alloc_info+0x40/0x58 [ 35.430802] __kasan_kmalloc+0xd4/0xd8 [ 35.430859] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.431093] kasan_atomics+0xb8/0x2e0 [ 35.431144] kunit_try_run_case+0x170/0x3f0 [ 35.431222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.431289] kthread+0x328/0x630 [ 35.431350] ret_from_fork+0x10/0x20 [ 35.431397] [ 35.431420] The buggy address belongs to the object at fff00000c997d800 [ 35.431420] which belongs to the cache kmalloc-64 of size 64 [ 35.431489] The buggy address is located 0 bytes to the right of [ 35.431489] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.431557] [ 35.431581] The buggy address belongs to the physical page: [ 35.431614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.431946] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.432083] page_type: f5(slab) [ 35.432134] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.432375] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.432600] page dumped because: kasan: bad access detected [ 35.432722] [ 35.432778] Memory state around the buggy address: [ 35.432815] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.432861] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.433048] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.433212] ^ [ 35.433260] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.433314] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.433571] ================================================================== [ 35.183897] ================================================================== [ 35.183964] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 35.184032] Read of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.184086] [ 35.184136] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.184238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.184266] Hardware name: linux,dummy-virt (DT) [ 35.185052] kthread+0x328/0x630 [ 35.185983] The buggy address is located 0 bytes to the right of [ 35.185983] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.187408] [ 35.188708] kunit_try_run_case+0x170/0x3f0 [ 35.189640] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.189697] kasan_atomics+0xb8/0x2e0 [ 35.189746] kunit_try_run_case+0x170/0x3f0 [ 35.189803] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.189858] kthread+0x328/0x630 [ 35.189909] ret_from_fork+0x10/0x20 [ 35.189949] [ 35.189970] The buggy address belongs to the object at fff00000c997d800 [ 35.189970] which belongs to the cache kmalloc-64 of size 64 [ 35.190048] The buggy address is located 0 bytes to the right of [ 35.190048] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.190116] [ 35.190144] The buggy address belongs to the physical page: [ 35.190218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.190273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.190332] page_type: f5(slab) [ 35.190372] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.190426] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.190470] page dumped because: kasan: bad access detected [ 35.190515] [ 35.190545] Memory state around the buggy address: [ 35.190580] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.190647] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.190700] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.190751] ^ [ 35.190785] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.190829] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.190891] ================================================================== [ 35.433966] ================================================================== [ 35.434259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 35.434334] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.434388] [ 35.434454] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.434543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.434582] Hardware name: linux,dummy-virt (DT) [ 35.434626] Call trace: [ 35.434667] show_stack+0x20/0x38 (C) [ 35.434795] dump_stack_lvl+0x8c/0xd0 [ 35.434871] print_report+0x118/0x608 [ 35.434934] kasan_report+0xdc/0x128 [ 35.435181] __asan_report_load8_noabort+0x20/0x30 [ 35.435247] kasan_atomics_helper+0x3e20/0x4858 [ 35.435299] kasan_atomics+0x198/0x2e0 [ 35.435355] kunit_try_run_case+0x170/0x3f0 [ 35.435427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.435532] kthread+0x328/0x630 [ 35.435619] ret_from_fork+0x10/0x20 [ 35.435670] [ 35.435693] Allocated by task 296: [ 35.435868] kasan_save_stack+0x3c/0x68 [ 35.435916] kasan_save_track+0x20/0x40 [ 35.436084] kasan_save_alloc_info+0x40/0x58 [ 35.436194] __kasan_kmalloc+0xd4/0xd8 [ 35.436262] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.436328] kasan_atomics+0xb8/0x2e0 [ 35.436635] kunit_try_run_case+0x170/0x3f0 [ 35.436752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.436883] kthread+0x328/0x630 [ 35.436953] ret_from_fork+0x10/0x20 [ 35.437021] [ 35.437076] The buggy address belongs to the object at fff00000c997d800 [ 35.437076] which belongs to the cache kmalloc-64 of size 64 [ 35.437138] The buggy address is located 0 bytes to the right of [ 35.437138] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.437409] [ 35.437570] The buggy address belongs to the physical page: [ 35.437631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.437704] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.437777] page_type: f5(slab) [ 35.437970] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.438120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.438265] page dumped because: kasan: bad access detected [ 35.438325] [ 35.438364] Memory state around the buggy address: [ 35.438398] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.438453] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.438664] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.438820] ^ [ 35.438906] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.439086] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.439251] ================================================================== [ 35.269195] ================================================================== [ 35.269280] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 35.269336] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.269480] [ 35.269521] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.269619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.270018] Hardware name: linux,dummy-virt (DT) [ 35.270076] Call trace: [ 35.270103] show_stack+0x20/0x38 (C) [ 35.270479] dump_stack_lvl+0x8c/0xd0 [ 35.270594] print_report+0x118/0x608 [ 35.270657] kasan_report+0xdc/0x128 [ 35.270707] kasan_check_range+0x100/0x1a8 [ 35.271009] __kasan_check_read+0x20/0x30 [ 35.271268] kasan_atomics_helper+0xdd4/0x4858 [ 35.271341] kasan_atomics+0x198/0x2e0 [ 35.271619] kunit_try_run_case+0x170/0x3f0 [ 35.271761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.271846] kthread+0x328/0x630 [ 35.272181] ret_from_fork+0x10/0x20 [ 35.272476] [ 35.272613] Allocated by task 296: [ 35.272670] kasan_save_stack+0x3c/0x68 [ 35.272825] kasan_save_track+0x20/0x40 [ 35.273476] kasan_save_alloc_info+0x40/0x58 [ 35.273564] __kasan_kmalloc+0xd4/0xd8 [ 35.273608] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.273820] kasan_atomics+0xb8/0x2e0 [ 35.274054] kunit_try_run_case+0x170/0x3f0 [ 35.274114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.274379] kthread+0x328/0x630 [ 35.274435] ret_from_fork+0x10/0x20 [ 35.274807] [ 35.275295] The buggy address belongs to the object at fff00000c997d800 [ 35.275295] which belongs to the cache kmalloc-64 of size 64 [ 35.275398] The buggy address is located 0 bytes to the right of [ 35.275398] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.275565] [ 35.275616] The buggy address belongs to the physical page: [ 35.275797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.275974] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.276177] page_type: f5(slab) [ 35.276509] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.276722] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.276804] page dumped because: kasan: bad access detected [ 35.276954] [ 35.276996] Memory state around the buggy address: [ 35.277052] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.277104] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.277149] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.277398] ^ [ 35.277506] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.277881] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.278148] ================================================================== [ 35.361785] ================================================================== [ 35.361963] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 35.362185] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.362279] [ 35.362350] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.362441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.362469] Hardware name: linux,dummy-virt (DT) [ 35.362503] Call trace: [ 35.362552] show_stack+0x20/0x38 (C) [ 35.362605] dump_stack_lvl+0x8c/0xd0 [ 35.362654] print_report+0x118/0x608 [ 35.362711] kasan_report+0xdc/0x128 [ 35.362918] kasan_check_range+0x100/0x1a8 [ 35.363012] __kasan_check_write+0x20/0x30 [ 35.363065] kasan_atomics_helper+0x126c/0x4858 [ 35.363124] kasan_atomics+0x198/0x2e0 [ 35.363189] kunit_try_run_case+0x170/0x3f0 [ 35.363251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.363435] kthread+0x328/0x630 [ 35.363536] ret_from_fork+0x10/0x20 [ 35.363885] [ 35.364034] Allocated by task 296: [ 35.364238] kasan_save_stack+0x3c/0x68 [ 35.364311] kasan_save_track+0x20/0x40 [ 35.364388] kasan_save_alloc_info+0x40/0x58 [ 35.364502] __kasan_kmalloc+0xd4/0xd8 [ 35.364544] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.364603] kasan_atomics+0xb8/0x2e0 [ 35.364648] kunit_try_run_case+0x170/0x3f0 [ 35.364690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.364934] kthread+0x328/0x630 [ 35.365065] ret_from_fork+0x10/0x20 [ 35.365136] [ 35.365421] The buggy address belongs to the object at fff00000c997d800 [ 35.365421] which belongs to the cache kmalloc-64 of size 64 [ 35.365499] The buggy address is located 0 bytes to the right of [ 35.365499] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.365749] [ 35.365890] The buggy address belongs to the physical page: [ 35.365946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.366028] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.366302] page_type: f5(slab) [ 35.366369] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.366466] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.366545] page dumped because: kasan: bad access detected [ 35.366581] [ 35.366602] Memory state around the buggy address: [ 35.366723] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.366958] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.367014] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.367080] ^ [ 35.367115] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.367182] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.367223] ================================================================== [ 35.337119] ================================================================== [ 35.337186] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 35.337237] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.337390] [ 35.337561] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.337684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.337722] Hardware name: linux,dummy-virt (DT) [ 35.337765] Call trace: [ 35.337791] show_stack+0x20/0x38 (C) [ 35.337993] dump_stack_lvl+0x8c/0xd0 [ 35.338095] print_report+0x118/0x608 [ 35.338148] kasan_report+0xdc/0x128 [ 35.338225] kasan_check_range+0x100/0x1a8 [ 35.338282] __kasan_check_write+0x20/0x30 [ 35.338338] kasan_atomics_helper+0x1058/0x4858 [ 35.338391] kasan_atomics+0x198/0x2e0 [ 35.338481] kunit_try_run_case+0x170/0x3f0 [ 35.338536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.338601] kthread+0x328/0x630 [ 35.338654] ret_from_fork+0x10/0x20 [ 35.338706] [ 35.338735] Allocated by task 296: [ 35.338773] kasan_save_stack+0x3c/0x68 [ 35.338827] kasan_save_track+0x20/0x40 [ 35.338869] kasan_save_alloc_info+0x40/0x58 [ 35.338907] __kasan_kmalloc+0xd4/0xd8 [ 35.339110] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.339175] kasan_atomics+0xb8/0x2e0 [ 35.339291] kunit_try_run_case+0x170/0x3f0 [ 35.339358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.339419] kthread+0x328/0x630 [ 35.339460] ret_from_fork+0x10/0x20 [ 35.339724] [ 35.339786] The buggy address belongs to the object at fff00000c997d800 [ 35.339786] which belongs to the cache kmalloc-64 of size 64 [ 35.339920] The buggy address is located 0 bytes to the right of [ 35.339920] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.340014] [ 35.340040] The buggy address belongs to the physical page: [ 35.340073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.340297] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.340459] page_type: f5(slab) [ 35.340610] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.340709] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.340791] page dumped because: kasan: bad access detected [ 35.341057] [ 35.341122] Memory state around the buggy address: [ 35.341170] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.341329] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.341529] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.341647] ^ [ 35.341751] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.341813] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.342050] ================================================================== [ 35.424349] ================================================================== [ 35.424391] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 35.424448] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.424500] [ 35.424540] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.424626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.424656] Hardware name: linux,dummy-virt (DT) [ 35.424689] Call trace: [ 35.424714] show_stack+0x20/0x38 (C) [ 35.424763] dump_stack_lvl+0x8c/0xd0 [ 35.424814] print_report+0x118/0x608 [ 35.424863] kasan_report+0xdc/0x128 [ 35.424912] __asan_report_load8_noabort+0x20/0x30 [ 35.424973] kasan_atomics_helper+0x3e10/0x4858 [ 35.425032] kasan_atomics+0x198/0x2e0 [ 35.425082] kunit_try_run_case+0x170/0x3f0 [ 35.425141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.425221] kthread+0x328/0x630 [ 35.425265] ret_from_fork+0x10/0x20 [ 35.425355] [ 35.425497] Allocated by task 296: [ 35.425844] kasan_save_stack+0x3c/0x68 [ 35.425909] kasan_save_track+0x20/0x40 [ 35.425976] kasan_save_alloc_info+0x40/0x58 [ 35.426018] __kasan_kmalloc+0xd4/0xd8 [ 35.426056] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.426099] kasan_atomics+0xb8/0x2e0 [ 35.426185] kunit_try_run_case+0x170/0x3f0 [ 35.426230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.426287] kthread+0x328/0x630 [ 35.426333] ret_from_fork+0x10/0x20 [ 35.426373] [ 35.426395] The buggy address belongs to the object at fff00000c997d800 [ 35.426395] which belongs to the cache kmalloc-64 of size 64 [ 35.426553] The buggy address is located 0 bytes to the right of [ 35.426553] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.426626] [ 35.426675] The buggy address belongs to the physical page: [ 35.426743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.426808] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.426887] page_type: f5(slab) [ 35.426944] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.427347] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.427492] page dumped because: kasan: bad access detected [ 35.427574] [ 35.427620] Memory state around the buggy address: [ 35.427654] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.427699] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.427745] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.427787] ^ [ 35.427874] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.428026] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.428094] ================================================================== [ 35.401851] ================================================================== [ 35.401922] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 35.401990] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.402172] [ 35.402292] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.402389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.402436] Hardware name: linux,dummy-virt (DT) [ 35.402470] Call trace: [ 35.402512] show_stack+0x20/0x38 (C) [ 35.402565] dump_stack_lvl+0x8c/0xd0 [ 35.402616] print_report+0x118/0x608 [ 35.402666] kasan_report+0xdc/0x128 [ 35.402713] kasan_check_range+0x100/0x1a8 [ 35.402770] __kasan_check_write+0x20/0x30 [ 35.402819] kasan_atomics_helper+0x15b4/0x4858 [ 35.402880] kasan_atomics+0x198/0x2e0 [ 35.402931] kunit_try_run_case+0x170/0x3f0 [ 35.402982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.403047] kthread+0x328/0x630 [ 35.403091] ret_from_fork+0x10/0x20 [ 35.403142] [ 35.403184] Allocated by task 296: [ 35.403214] kasan_save_stack+0x3c/0x68 [ 35.403259] kasan_save_track+0x20/0x40 [ 35.403300] kasan_save_alloc_info+0x40/0x58 [ 35.403340] __kasan_kmalloc+0xd4/0xd8 [ 35.403389] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.403432] kasan_atomics+0xb8/0x2e0 [ 35.403471] kunit_try_run_case+0x170/0x3f0 [ 35.403513] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.403560] kthread+0x328/0x630 [ 35.403729] ret_from_fork+0x10/0x20 [ 35.403773] [ 35.403795] The buggy address belongs to the object at fff00000c997d800 [ 35.403795] which belongs to the cache kmalloc-64 of size 64 [ 35.404087] The buggy address is located 0 bytes to the right of [ 35.404087] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.404212] [ 35.404263] The buggy address belongs to the physical page: [ 35.404333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.404424] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.404520] page_type: f5(slab) [ 35.404561] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.404743] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.404840] page dumped because: kasan: bad access detected [ 35.404909] [ 35.404992] Memory state around the buggy address: [ 35.405057] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.405126] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.405181] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.405259] ^ [ 35.405298] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.405472] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.405560] ================================================================== [ 35.202844] ================================================================== [ 35.202898] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 35.203044] Write of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.203111] [ 35.203150] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.203321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.203355] Hardware name: linux,dummy-virt (DT) [ 35.203912] kasan_report+0xdc/0x128 [ 35.206247] ret_from_fork+0x10/0x20 [ 35.206690] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.206750] page_type: f5(slab) [ 35.206799] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.206853] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.207214] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.211269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.211975] [ 35.212524] The buggy address is located 0 bytes to the right of [ 35.212524] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.212698] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.212747] page_type: f5(slab) [ 35.212786] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.212839] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.213100] ^ [ 35.213802] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.216189] [ 35.216433] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.218815] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb70/0x4858 [ 35.219564] __kasan_check_write+0x20/0x30 [ 35.220622] ret_from_fork+0x10/0x20 [ 35.220953] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.222461] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dbc/0x4858 [ 35.223677] kasan_save_track+0x20/0x40 [ 35.225533] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.227549] [ 35.228388] dump_stack_lvl+0x8c/0xd0 [ 35.229150] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.230343] page_type: f5(slab) [ 35.231232] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.232887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.233599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.234651] [ 35.234906] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.235719] Hardware name: linux,dummy-virt (DT) [ 35.237422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.237984] page dumped because: kasan: bad access detected [ 35.238018] [ 35.238038] Memory state around the buggy address: [ 35.238071] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.238116] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.238169] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.238209] ^ [ 35.238242] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.238286] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.238327] ================================================================== [ 35.357337] ================================================================== [ 35.357497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 35.357585] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.357657] [ 35.357695] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.357785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.357812] Hardware name: linux,dummy-virt (DT) [ 35.357863] Call trace: [ 35.357888] show_stack+0x20/0x38 (C) [ 35.357938] dump_stack_lvl+0x8c/0xd0 [ 35.357988] print_report+0x118/0x608 [ 35.358075] kasan_report+0xdc/0x128 [ 35.358127] kasan_check_range+0x100/0x1a8 [ 35.358281] __kasan_check_write+0x20/0x30 [ 35.358406] kasan_atomics_helper+0x11f8/0x4858 [ 35.358466] kasan_atomics+0x198/0x2e0 [ 35.358516] kunit_try_run_case+0x170/0x3f0 [ 35.358569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.358785] kthread+0x328/0x630 [ 35.358842] ret_from_fork+0x10/0x20 [ 35.358909] [ 35.358943] Allocated by task 296: [ 35.358992] kasan_save_stack+0x3c/0x68 [ 35.359037] kasan_save_track+0x20/0x40 [ 35.359105] kasan_save_alloc_info+0x40/0x58 [ 35.359152] __kasan_kmalloc+0xd4/0xd8 [ 35.359204] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.359254] kasan_atomics+0xb8/0x2e0 [ 35.359294] kunit_try_run_case+0x170/0x3f0 [ 35.359341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.359397] kthread+0x328/0x630 [ 35.359462] ret_from_fork+0x10/0x20 [ 35.359538] [ 35.359596] The buggy address belongs to the object at fff00000c997d800 [ 35.359596] which belongs to the cache kmalloc-64 of size 64 [ 35.359686] The buggy address is located 0 bytes to the right of [ 35.359686] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.359805] [ 35.359855] The buggy address belongs to the physical page: [ 35.359924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.360015] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.360081] page_type: f5(slab) [ 35.360136] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.360197] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.360241] page dumped because: kasan: bad access detected [ 35.360275] [ 35.360295] Memory state around the buggy address: [ 35.360329] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.360627] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.360745] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.360838] ^ [ 35.360900] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.361246] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.361331] ================================================================== [ 35.331343] ================================================================== [ 35.331391] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 35.331469] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.331551] [ 35.331611] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.331725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.331786] Hardware name: linux,dummy-virt (DT) [ 35.331841] Call trace: [ 35.331883] show_stack+0x20/0x38 (C) [ 35.331944] dump_stack_lvl+0x8c/0xd0 [ 35.332021] print_report+0x118/0x608 [ 35.332072] kasan_report+0xdc/0x128 [ 35.332121] kasan_check_range+0x100/0x1a8 [ 35.332184] __kasan_check_write+0x20/0x30 [ 35.332233] kasan_atomics_helper+0xff0/0x4858 [ 35.332284] kasan_atomics+0x198/0x2e0 [ 35.332333] kunit_try_run_case+0x170/0x3f0 [ 35.332573] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.332715] kthread+0x328/0x630 [ 35.332815] ret_from_fork+0x10/0x20 [ 35.332902] [ 35.333176] Allocated by task 296: [ 35.333237] kasan_save_stack+0x3c/0x68 [ 35.333338] kasan_save_track+0x20/0x40 [ 35.333414] kasan_save_alloc_info+0x40/0x58 [ 35.333455] __kasan_kmalloc+0xd4/0xd8 [ 35.333499] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.333777] kasan_atomics+0xb8/0x2e0 [ 35.333856] kunit_try_run_case+0x170/0x3f0 [ 35.333942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.334016] kthread+0x328/0x630 [ 35.334082] ret_from_fork+0x10/0x20 [ 35.334336] [ 35.334416] The buggy address belongs to the object at fff00000c997d800 [ 35.334416] which belongs to the cache kmalloc-64 of size 64 [ 35.334543] The buggy address is located 0 bytes to the right of [ 35.334543] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.334613] [ 35.334636] The buggy address belongs to the physical page: [ 35.334690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.334978] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.335065] page_type: f5(slab) [ 35.335369] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.335475] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.335556] page dumped because: kasan: bad access detected [ 35.335638] [ 35.335692] Memory state around the buggy address: [ 35.335772] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.335853] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.335926] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.336198] ^ [ 35.336256] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.336371] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.336475] ================================================================== [ 35.439847] ================================================================== [ 35.439971] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 35.440023] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.440075] [ 35.440118] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.440422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.440543] Hardware name: linux,dummy-virt (DT) [ 35.440603] Call trace: [ 35.440684] show_stack+0x20/0x38 (C) [ 35.440752] dump_stack_lvl+0x8c/0xd0 [ 35.440805] print_report+0x118/0x608 [ 35.440869] kasan_report+0xdc/0x128 [ 35.441074] kasan_check_range+0x100/0x1a8 [ 35.441268] __kasan_check_write+0x20/0x30 [ 35.441385] kasan_atomics_helper+0x17ec/0x4858 [ 35.441453] kasan_atomics+0x198/0x2e0 [ 35.441526] kunit_try_run_case+0x170/0x3f0 [ 35.441587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.441684] kthread+0x328/0x630 [ 35.441739] ret_from_fork+0x10/0x20 [ 35.441807] [ 35.441840] Allocated by task 296: [ 35.441873] kasan_save_stack+0x3c/0x68 [ 35.441918] kasan_save_track+0x20/0x40 [ 35.441959] kasan_save_alloc_info+0x40/0x58 [ 35.441998] __kasan_kmalloc+0xd4/0xd8 [ 35.442038] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.442081] kasan_atomics+0xb8/0x2e0 [ 35.442121] kunit_try_run_case+0x170/0x3f0 [ 35.442468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.442576] kthread+0x328/0x630 [ 35.442635] ret_from_fork+0x10/0x20 [ 35.442681] [ 35.442706] The buggy address belongs to the object at fff00000c997d800 [ 35.442706] which belongs to the cache kmalloc-64 of size 64 [ 35.442776] The buggy address is located 0 bytes to the right of [ 35.442776] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.442851] [ 35.442891] The buggy address belongs to the physical page: [ 35.442926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.442981] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.443252] page_type: f5(slab) [ 35.443308] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.443401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.443460] page dumped because: kasan: bad access detected [ 35.443524] [ 35.443588] Memory state around the buggy address: [ 35.443777] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.443976] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.444056] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.444192] ^ [ 35.444230] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.444275] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.444317] ================================================================== [ 35.353327] ================================================================== [ 35.353381] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 35.353449] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.353507] [ 35.353557] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.353710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.353742] Hardware name: linux,dummy-virt (DT) [ 35.353774] Call trace: [ 35.353800] show_stack+0x20/0x38 (C) [ 35.353859] dump_stack_lvl+0x8c/0xd0 [ 35.353919] print_report+0x118/0x608 [ 35.353967] kasan_report+0xdc/0x128 [ 35.354016] kasan_check_range+0x100/0x1a8 [ 35.354083] __kasan_check_write+0x20/0x30 [ 35.354131] kasan_atomics_helper+0x1190/0x4858 [ 35.354193] kasan_atomics+0x198/0x2e0 [ 35.354250] kunit_try_run_case+0x170/0x3f0 [ 35.354303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.354369] kthread+0x328/0x630 [ 35.354413] ret_from_fork+0x10/0x20 [ 35.354463] [ 35.354486] Allocated by task 296: [ 35.354522] kasan_save_stack+0x3c/0x68 [ 35.354565] kasan_save_track+0x20/0x40 [ 35.354607] kasan_save_alloc_info+0x40/0x58 [ 35.354647] __kasan_kmalloc+0xd4/0xd8 [ 35.354687] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.354734] kasan_atomics+0xb8/0x2e0 [ 35.354783] kunit_try_run_case+0x170/0x3f0 [ 35.354847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.354908] kthread+0x328/0x630 [ 35.354944] ret_from_fork+0x10/0x20 [ 35.354994] [ 35.355015] The buggy address belongs to the object at fff00000c997d800 [ 35.355015] which belongs to the cache kmalloc-64 of size 64 [ 35.355087] The buggy address is located 0 bytes to the right of [ 35.355087] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.355586] [ 35.355623] The buggy address belongs to the physical page: [ 35.355659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.355714] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.356025] page_type: f5(slab) [ 35.356179] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.356256] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.356338] page dumped because: kasan: bad access detected [ 35.356418] [ 35.356459] Memory state around the buggy address: [ 35.356499] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.356546] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.356605] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.356645] ^ [ 35.356679] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.356725] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.356766] ================================================================== [ 35.319841] ================================================================== [ 35.320039] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 35.320124] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.320241] [ 35.320299] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.320465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.320497] Hardware name: linux,dummy-virt (DT) [ 35.320847] Call trace: [ 35.321247] show_stack+0x20/0x38 (C) [ 35.321306] dump_stack_lvl+0x8c/0xd0 [ 35.321463] print_report+0x118/0x608 [ 35.321561] kasan_report+0xdc/0x128 [ 35.321824] kasan_check_range+0x100/0x1a8 [ 35.321908] __kasan_check_write+0x20/0x30 [ 35.321969] kasan_atomics_helper+0xf20/0x4858 [ 35.322029] kasan_atomics+0x198/0x2e0 [ 35.322078] kunit_try_run_case+0x170/0x3f0 [ 35.322131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.322208] kthread+0x328/0x630 [ 35.322253] ret_from_fork+0x10/0x20 [ 35.322304] [ 35.322351] Allocated by task 296: [ 35.322397] kasan_save_stack+0x3c/0x68 [ 35.322452] kasan_save_track+0x20/0x40 [ 35.322518] kasan_save_alloc_info+0x40/0x58 [ 35.322564] __kasan_kmalloc+0xd4/0xd8 [ 35.322619] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.322665] kasan_atomics+0xb8/0x2e0 [ 35.322712] kunit_try_run_case+0x170/0x3f0 [ 35.322764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.322819] kthread+0x328/0x630 [ 35.322864] ret_from_fork+0x10/0x20 [ 35.322903] [ 35.322936] The buggy address belongs to the object at fff00000c997d800 [ 35.322936] which belongs to the cache kmalloc-64 of size 64 [ 35.323002] The buggy address is located 0 bytes to the right of [ 35.323002] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.323076] [ 35.323100] The buggy address belongs to the physical page: [ 35.323132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.323416] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.323755] page_type: f5(slab) [ 35.323803] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.324734] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.324852] page dumped because: kasan: bad access detected [ 35.325287] [ 35.325400] Memory state around the buggy address: [ 35.325793] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.325916] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.326014] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.326056] ^ [ 35.326288] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.326459] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.326688] ================================================================== [ 35.421001] ================================================================== [ 35.421074] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 35.421153] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.421282] [ 35.421330] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.421429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.421490] Hardware name: linux,dummy-virt (DT) [ 35.421523] Call trace: [ 35.421549] show_stack+0x20/0x38 (C) [ 35.421612] dump_stack_lvl+0x8c/0xd0 [ 35.421664] print_report+0x118/0x608 [ 35.421713] kasan_report+0xdc/0x128 [ 35.421762] kasan_check_range+0x100/0x1a8 [ 35.422023] __kasan_check_write+0x20/0x30 [ 35.422084] kasan_atomics_helper+0x16d0/0x4858 [ 35.422231] kasan_atomics+0x198/0x2e0 [ 35.422321] kunit_try_run_case+0x170/0x3f0 [ 35.422543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.422630] kthread+0x328/0x630 [ 35.422702] ret_from_fork+0x10/0x20 [ 35.422786] [ 35.422816] Allocated by task 296: [ 35.422865] kasan_save_stack+0x3c/0x68 [ 35.422922] kasan_save_track+0x20/0x40 [ 35.422963] kasan_save_alloc_info+0x40/0x58 [ 35.423045] __kasan_kmalloc+0xd4/0xd8 [ 35.423091] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.423134] kasan_atomics+0xb8/0x2e0 [ 35.423203] kunit_try_run_case+0x170/0x3f0 [ 35.423274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.423331] kthread+0x328/0x630 [ 35.423373] ret_from_fork+0x10/0x20 [ 35.423418] [ 35.423449] The buggy address belongs to the object at fff00000c997d800 [ 35.423449] which belongs to the cache kmalloc-64 of size 64 [ 35.423519] The buggy address is located 0 bytes to the right of [ 35.423519] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.423588] [ 35.423612] The buggy address belongs to the physical page: [ 35.423645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.423698] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.423747] page_type: f5(slab) [ 35.423787] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.423839] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.423882] page dumped because: kasan: bad access detected [ 35.423927] [ 35.423953] Memory state around the buggy address: [ 35.423997] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.424043] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.424096] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.424137] ^ [ 35.424181] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.424227] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.424267] ================================================================== [ 35.280099] ================================================================== [ 35.280261] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 35.280318] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.280371] [ 35.280734] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.280835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.281110] Hardware name: linux,dummy-virt (DT) [ 35.281191] Call trace: [ 35.281220] show_stack+0x20/0x38 (C) [ 35.281405] dump_stack_lvl+0x8c/0xd0 [ 35.281459] print_report+0x118/0x608 [ 35.281516] kasan_report+0xdc/0x128 [ 35.281565] __asan_report_load8_noabort+0x20/0x30 [ 35.281618] kasan_atomics_helper+0x3f58/0x4858 [ 35.281670] kasan_atomics+0x198/0x2e0 [ 35.281720] kunit_try_run_case+0x170/0x3f0 [ 35.281772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.281830] kthread+0x328/0x630 [ 35.281876] ret_from_fork+0x10/0x20 [ 35.281927] [ 35.282632] Allocated by task 296: [ 35.283078] kasan_save_stack+0x3c/0x68 [ 35.283307] kasan_save_track+0x20/0x40 [ 35.283678] kasan_save_alloc_info+0x40/0x58 [ 35.283849] __kasan_kmalloc+0xd4/0xd8 [ 35.283920] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.284319] kasan_atomics+0xb8/0x2e0 [ 35.284460] kunit_try_run_case+0x170/0x3f0 [ 35.284535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.284797] kthread+0x328/0x630 [ 35.284942] ret_from_fork+0x10/0x20 [ 35.285109] [ 35.285279] The buggy address belongs to the object at fff00000c997d800 [ 35.285279] which belongs to the cache kmalloc-64 of size 64 [ 35.285712] The buggy address is located 0 bytes to the right of [ 35.285712] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.285888] [ 35.285962] The buggy address belongs to the physical page: [ 35.286030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.286372] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.286564] page_type: f5(slab) [ 35.286716] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.286775] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.286924] page dumped because: kasan: bad access detected [ 35.287333] [ 35.287444] Memory state around the buggy address: [ 35.287597] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.287669] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.288110] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.288250] ^ [ 35.288394] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.288473] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.288530] ================================================================== [ 35.342765] ================================================================== [ 35.342819] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 35.342870] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.343051] [ 35.343108] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.343315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.343364] Hardware name: linux,dummy-virt (DT) [ 35.343408] Call trace: [ 35.343444] show_stack+0x20/0x38 (C) [ 35.343742] dump_stack_lvl+0x8c/0xd0 [ 35.343840] print_report+0x118/0x608 [ 35.343954] kasan_report+0xdc/0x128 [ 35.344049] kasan_check_range+0x100/0x1a8 [ 35.344208] __kasan_check_write+0x20/0x30 [ 35.344305] kasan_atomics_helper+0x10c0/0x4858 [ 35.344417] kasan_atomics+0x198/0x2e0 [ 35.344502] kunit_try_run_case+0x170/0x3f0 [ 35.344558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.344755] kthread+0x328/0x630 [ 35.344810] ret_from_fork+0x10/0x20 [ 35.345094] [ 35.345154] Allocated by task 296: [ 35.345222] kasan_save_stack+0x3c/0x68 [ 35.345345] kasan_save_track+0x20/0x40 [ 35.345415] kasan_save_alloc_info+0x40/0x58 [ 35.345675] __kasan_kmalloc+0xd4/0xd8 [ 35.345772] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.345858] kasan_atomics+0xb8/0x2e0 [ 35.345949] kunit_try_run_case+0x170/0x3f0 [ 35.346025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.346109] kthread+0x328/0x630 [ 35.346195] ret_from_fork+0x10/0x20 [ 35.346255] [ 35.346278] The buggy address belongs to the object at fff00000c997d800 [ 35.346278] which belongs to the cache kmalloc-64 of size 64 [ 35.346374] The buggy address is located 0 bytes to the right of [ 35.346374] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.346751] [ 35.346924] The buggy address belongs to the physical page: [ 35.347090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.347250] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.347309] page_type: f5(slab) [ 35.347364] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.347418] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.347461] page dumped because: kasan: bad access detected [ 35.347517] [ 35.347539] Memory state around the buggy address: [ 35.347583] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.347633] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.347679] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.347731] ^ [ 35.347775] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.347820] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.347871] ================================================================== [ 35.385587] ================================================================== [ 35.385639] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 35.385707] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.385971] [ 35.386047] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.386148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.386206] Hardware name: linux,dummy-virt (DT) [ 35.386242] Call trace: [ 35.386273] show_stack+0x20/0x38 (C) [ 35.386332] dump_stack_lvl+0x8c/0xd0 [ 35.386383] print_report+0x118/0x608 [ 35.386433] kasan_report+0xdc/0x128 [ 35.386481] kasan_check_range+0x100/0x1a8 [ 35.386528] __kasan_check_write+0x20/0x30 [ 35.386709] kasan_atomics_helper+0x147c/0x4858 [ 35.386794] kasan_atomics+0x198/0x2e0 [ 35.386845] kunit_try_run_case+0x170/0x3f0 [ 35.386904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.386980] kthread+0x328/0x630 [ 35.387193] ret_from_fork+0x10/0x20 [ 35.387313] [ 35.387340] Allocated by task 296: [ 35.387389] kasan_save_stack+0x3c/0x68 [ 35.387488] kasan_save_track+0x20/0x40 [ 35.387575] kasan_save_alloc_info+0x40/0x58 [ 35.387689] __kasan_kmalloc+0xd4/0xd8 [ 35.387755] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.387798] kasan_atomics+0xb8/0x2e0 [ 35.387838] kunit_try_run_case+0x170/0x3f0 [ 35.387880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.387928] kthread+0x328/0x630 [ 35.388096] ret_from_fork+0x10/0x20 [ 35.388143] [ 35.388176] The buggy address belongs to the object at fff00000c997d800 [ 35.388176] which belongs to the cache kmalloc-64 of size 64 [ 35.388290] The buggy address is located 0 bytes to the right of [ 35.388290] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.388434] [ 35.388493] The buggy address belongs to the physical page: [ 35.388596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.388691] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.388751] page_type: f5(slab) [ 35.388791] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.388844] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.389054] page dumped because: kasan: bad access detected [ 35.389193] [ 35.389241] Memory state around the buggy address: [ 35.389297] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.389343] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.389388] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.389701] ^ [ 35.389821] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.389900] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.389992] ================================================================== [ 35.367565] ================================================================== [ 35.367679] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 35.367810] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.367863] [ 35.367895] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.368132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.368270] Hardware name: linux,dummy-virt (DT) [ 35.368324] Call trace: [ 35.368366] show_stack+0x20/0x38 (C) [ 35.368472] dump_stack_lvl+0x8c/0xd0 [ 35.368558] print_report+0x118/0x608 [ 35.368817] kasan_report+0xdc/0x128 [ 35.368976] kasan_check_range+0x100/0x1a8 [ 35.369072] __kasan_check_write+0x20/0x30 [ 35.369180] kasan_atomics_helper+0x12d8/0x4858 [ 35.369283] kasan_atomics+0x198/0x2e0 [ 35.369360] kunit_try_run_case+0x170/0x3f0 [ 35.369449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.369541] kthread+0x328/0x630 [ 35.369585] ret_from_fork+0x10/0x20 [ 35.369636] [ 35.369668] Allocated by task 296: [ 35.369712] kasan_save_stack+0x3c/0x68 [ 35.369772] kasan_save_track+0x20/0x40 [ 35.369823] kasan_save_alloc_info+0x40/0x58 [ 35.369864] __kasan_kmalloc+0xd4/0xd8 [ 35.369904] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.369947] kasan_atomics+0xb8/0x2e0 [ 35.369986] kunit_try_run_case+0x170/0x3f0 [ 35.370028] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.370077] kthread+0x328/0x630 [ 35.370113] ret_from_fork+0x10/0x20 [ 35.370153] [ 35.370184] The buggy address belongs to the object at fff00000c997d800 [ 35.370184] which belongs to the cache kmalloc-64 of size 64 [ 35.370245] The buggy address is located 0 bytes to the right of [ 35.370245] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.370335] [ 35.370558] The buggy address belongs to the physical page: [ 35.370672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.370755] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.370840] page_type: f5(slab) [ 35.370993] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.371142] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.371228] page dumped because: kasan: bad access detected [ 35.371315] [ 35.371352] Memory state around the buggy address: [ 35.371386] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.371433] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.371478] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.371519] ^ [ 35.371755] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.371828] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.371879] ================================================================== [ 35.192406] ================================================================== [ 35.192481] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 35.192617] Write of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.192704] [ 35.192738] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.192964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.193000] Hardware name: linux,dummy-virt (DT) [ 35.193034] Call trace: [ 35.193066] show_stack+0x20/0x38 (C) [ 35.193189] dump_stack_lvl+0x8c/0xd0 [ 35.193246] print_report+0x118/0x608 [ 35.193363] kasan_check_range+0x100/0x1a8 [ 35.194356] __kasan_kmalloc+0xd4/0xd8 [ 35.195228] [ 35.195720] page dumped because: kasan: bad access detected [ 35.196304] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.197657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.198677] kthread+0x328/0x630 [ 35.200443] [ 35.200503] The buggy address belongs to the physical page: [ 35.200562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.200618] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.200668] page_type: f5(slab) [ 35.200884] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.201046] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.201101] page dumped because: kasan: bad access detected [ 35.201152] [ 35.201361] Memory state around the buggy address: [ 35.201547] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.201639] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.201770] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.201829] ^ [ 35.201901] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.202134] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.202255] ================================================================== [ 35.396807] ================================================================== [ 35.396871] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 35.396940] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.397010] [ 35.397054] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.397142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.397186] Hardware name: linux,dummy-virt (DT) [ 35.397226] Call trace: [ 35.397310] show_stack+0x20/0x38 (C) [ 35.397361] dump_stack_lvl+0x8c/0xd0 [ 35.397423] print_report+0x118/0x608 [ 35.397474] kasan_report+0xdc/0x128 [ 35.397701] kasan_check_range+0x100/0x1a8 [ 35.397763] __kasan_check_write+0x20/0x30 [ 35.397945] kasan_atomics_helper+0x154c/0x4858 [ 35.398096] kasan_atomics+0x198/0x2e0 [ 35.398182] kunit_try_run_case+0x170/0x3f0 [ 35.398311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.398459] kthread+0x328/0x630 [ 35.398557] ret_from_fork+0x10/0x20 [ 35.398610] [ 35.398649] Allocated by task 296: [ 35.398688] kasan_save_stack+0x3c/0x68 [ 35.398874] kasan_save_track+0x20/0x40 [ 35.398930] kasan_save_alloc_info+0x40/0x58 [ 35.399006] __kasan_kmalloc+0xd4/0xd8 [ 35.399069] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.399113] kasan_atomics+0xb8/0x2e0 [ 35.399544] kunit_try_run_case+0x170/0x3f0 [ 35.399625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.399674] kthread+0x328/0x630 [ 35.399710] ret_from_fork+0x10/0x20 [ 35.399750] [ 35.399773] The buggy address belongs to the object at fff00000c997d800 [ 35.399773] which belongs to the cache kmalloc-64 of size 64 [ 35.399834] The buggy address is located 0 bytes to the right of [ 35.399834] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.399901] [ 35.399924] The buggy address belongs to the physical page: [ 35.399959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.400010] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.400060] page_type: f5(slab) [ 35.400101] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.400165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.400253] page dumped because: kasan: bad access detected [ 35.400332] [ 35.400472] Memory state around the buggy address: [ 35.400610] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.400660] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.400763] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.400806] ^ [ 35.400996] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.401199] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.401250] ================================================================== [ 35.308924] ================================================================== [ 35.309008] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 35.309063] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.309229] [ 35.309583] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.309696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.309726] Hardware name: linux,dummy-virt (DT) [ 35.309763] Call trace: [ 35.309790] show_stack+0x20/0x38 (C) [ 35.310067] dump_stack_lvl+0x8c/0xd0 [ 35.310606] print_report+0x118/0x608 [ 35.310848] kasan_report+0xdc/0x128 [ 35.311263] kasan_check_range+0x100/0x1a8 [ 35.311343] __kasan_check_write+0x20/0x30 [ 35.311393] kasan_atomics_helper+0xeb8/0x4858 [ 35.311454] kasan_atomics+0x198/0x2e0 [ 35.311502] kunit_try_run_case+0x170/0x3f0 [ 35.312099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.312313] kthread+0x328/0x630 [ 35.312362] ret_from_fork+0x10/0x20 [ 35.312724] [ 35.312918] Allocated by task 296: [ 35.313150] kasan_save_stack+0x3c/0x68 [ 35.313220] kasan_save_track+0x20/0x40 [ 35.313478] kasan_save_alloc_info+0x40/0x58 [ 35.313779] __kasan_kmalloc+0xd4/0xd8 [ 35.313945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.314303] kasan_atomics+0xb8/0x2e0 [ 35.314558] kunit_try_run_case+0x170/0x3f0 [ 35.314788] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.314957] kthread+0x328/0x630 [ 35.314998] ret_from_fork+0x10/0x20 [ 35.315181] [ 35.315265] The buggy address belongs to the object at fff00000c997d800 [ 35.315265] which belongs to the cache kmalloc-64 of size 64 [ 35.315488] The buggy address is located 0 bytes to the right of [ 35.315488] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.315673] [ 35.315848] The buggy address belongs to the physical page: [ 35.316229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.316321] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.316590] page_type: f5(slab) [ 35.316897] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.317081] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.317211] page dumped because: kasan: bad access detected [ 35.317256] [ 35.317597] Memory state around the buggy address: [ 35.317660] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.318129] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.318201] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.318558] ^ [ 35.318672] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.318753] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.318847] ================================================================== [ 35.328877] ================================================================== [ 35.328944] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 35.328997] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.329059] [ 35.329093] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.329196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.329228] Hardware name: linux,dummy-virt (DT) [ 35.329262] Call trace: [ 35.329286] show_stack+0x20/0x38 (C) [ 35.329337] dump_stack_lvl+0x8c/0xd0 [ 35.329388] print_report+0x118/0x608 [ 35.329437] kasan_report+0xdc/0x128 [ 35.329490] kasan_check_range+0x100/0x1a8 [ 35.329538] __kasan_check_write+0x20/0x30 [ 35.329588] kasan_atomics_helper+0xf88/0x4858 [ 35.329638] kasan_atomics+0x198/0x2e0 [ 35.329686] kunit_try_run_case+0x170/0x3f0 [ 35.329737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.329791] kthread+0x328/0x630 [ 35.329835] ret_from_fork+0x10/0x20 [ 35.329885] [ 35.329906] Allocated by task 296: [ 35.329937] kasan_save_stack+0x3c/0x68 [ 35.329981] kasan_save_track+0x20/0x40 [ 35.330022] kasan_save_alloc_info+0x40/0x58 [ 35.330063] __kasan_kmalloc+0xd4/0xd8 [ 35.330104] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.330147] kasan_atomics+0xb8/0x2e0 [ 35.330197] kunit_try_run_case+0x170/0x3f0 [ 35.330238] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.330285] kthread+0x328/0x630 [ 35.330320] ret_from_fork+0x10/0x20 [ 35.330360] [ 35.330381] The buggy address belongs to the object at fff00000c997d800 [ 35.330381] which belongs to the cache kmalloc-64 of size 64 [ 35.330442] The buggy address is located 0 bytes to the right of [ 35.330442] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.330508] [ 35.330530] The buggy address belongs to the physical page: [ 35.330563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.330615] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.330665] page_type: f5(slab) [ 35.330707] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.330760] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.330803] page dumped because: kasan: bad access detected [ 35.330835] [ 35.330857] Memory state around the buggy address: [ 35.330888] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.330932] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.330977] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.331018] ^ [ 35.331054] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.331098] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.331139] ================================================================== [ 35.289989] ================================================================== [ 35.290050] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 35.290116] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.290514] [ 35.290553] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.290657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.290689] Hardware name: linux,dummy-virt (DT) [ 35.290726] Call trace: [ 35.290751] show_stack+0x20/0x38 (C) [ 35.290805] dump_stack_lvl+0x8c/0xd0 [ 35.290866] print_report+0x118/0x608 [ 35.290919] kasan_report+0xdc/0x128 [ 35.290969] kasan_check_range+0x100/0x1a8 [ 35.291016] __kasan_check_write+0x20/0x30 [ 35.291065] kasan_atomics_helper+0xe44/0x4858 [ 35.291117] kasan_atomics+0x198/0x2e0 [ 35.291184] kunit_try_run_case+0x170/0x3f0 [ 35.291238] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.291294] kthread+0x328/0x630 [ 35.291339] ret_from_fork+0x10/0x20 [ 35.291758] [ 35.292060] Allocated by task 296: [ 35.292148] kasan_save_stack+0x3c/0x68 [ 35.292472] kasan_save_track+0x20/0x40 [ 35.292661] kasan_save_alloc_info+0x40/0x58 [ 35.292878] __kasan_kmalloc+0xd4/0xd8 [ 35.292945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.293017] kasan_atomics+0xb8/0x2e0 [ 35.293263] kunit_try_run_case+0x170/0x3f0 [ 35.293678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.293973] kthread+0x328/0x630 [ 35.294424] ret_from_fork+0x10/0x20 [ 35.294576] [ 35.294604] The buggy address belongs to the object at fff00000c997d800 [ 35.294604] which belongs to the cache kmalloc-64 of size 64 [ 35.294822] The buggy address is located 0 bytes to the right of [ 35.294822] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.295045] [ 35.295428] The buggy address belongs to the physical page: [ 35.295591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.295685] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.295769] page_type: f5(slab) [ 35.296049] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.296189] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.296430] page dumped because: kasan: bad access detected [ 35.296789] [ 35.296830] Memory state around the buggy address: [ 35.296983] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.297175] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.297395] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.297492] ^ [ 35.297560] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.297718] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.297811] ================================================================== [ 35.250986] ================================================================== [ 35.251062] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 35.251457] Write of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.251922] [ 35.251985] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.252368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.252419] Hardware name: linux,dummy-virt (DT) [ 35.252974] Call trace: [ 35.253103] show_stack+0x20/0x38 (C) [ 35.253200] dump_stack_lvl+0x8c/0xd0 [ 35.253432] print_report+0x118/0x608 [ 35.253510] kasan_report+0xdc/0x128 [ 35.253570] kasan_check_range+0x100/0x1a8 [ 35.253618] __kasan_check_write+0x20/0x30 [ 35.253674] kasan_atomics_helper+0xd3c/0x4858 [ 35.253726] kasan_atomics+0x198/0x2e0 [ 35.253775] kunit_try_run_case+0x170/0x3f0 [ 35.253830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.253888] kthread+0x328/0x630 [ 35.253935] ret_from_fork+0x10/0x20 [ 35.253993] [ 35.254031] Allocated by task 296: [ 35.254073] kasan_save_stack+0x3c/0x68 [ 35.254117] kasan_save_track+0x20/0x40 [ 35.254201] kasan_save_alloc_info+0x40/0x58 [ 35.254798] __kasan_kmalloc+0xd4/0xd8 [ 35.255009] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.255300] kasan_atomics+0xb8/0x2e0 [ 35.255844] kunit_try_run_case+0x170/0x3f0 [ 35.255942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.256153] kthread+0x328/0x630 [ 35.256242] ret_from_fork+0x10/0x20 [ 35.256366] [ 35.256390] The buggy address belongs to the object at fff00000c997d800 [ 35.256390] which belongs to the cache kmalloc-64 of size 64 [ 35.256641] The buggy address is located 0 bytes to the right of [ 35.256641] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.257037] [ 35.257126] The buggy address belongs to the physical page: [ 35.257297] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.257505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.257591] page_type: f5(slab) [ 35.257839] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.258048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.258153] page dumped because: kasan: bad access detected [ 35.258561] [ 35.258696] Memory state around the buggy address: [ 35.258765] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.258945] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.258993] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.259058] ^ [ 35.259105] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.259395] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.260003] ================================================================== [ 35.416280] ================================================================== [ 35.416333] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 35.416384] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.416653] [ 35.416694] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.416784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.416839] Hardware name: linux,dummy-virt (DT) [ 35.416875] Call trace: [ 35.416904] show_stack+0x20/0x38 (C) [ 35.416959] dump_stack_lvl+0x8c/0xd0 [ 35.417008] print_report+0x118/0x608 [ 35.417149] kasan_report+0xdc/0x128 [ 35.417215] __asan_report_load8_noabort+0x20/0x30 [ 35.417382] kasan_atomics_helper+0x3df4/0x4858 [ 35.417470] kasan_atomics+0x198/0x2e0 [ 35.417526] kunit_try_run_case+0x170/0x3f0 [ 35.417597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.417656] kthread+0x328/0x630 [ 35.417715] ret_from_fork+0x10/0x20 [ 35.417783] [ 35.417823] Allocated by task 296: [ 35.417862] kasan_save_stack+0x3c/0x68 [ 35.417949] kasan_save_track+0x20/0x40 [ 35.417996] kasan_save_alloc_info+0x40/0x58 [ 35.418043] __kasan_kmalloc+0xd4/0xd8 [ 35.418085] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.418127] kasan_atomics+0xb8/0x2e0 [ 35.418176] kunit_try_run_case+0x170/0x3f0 [ 35.418431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.418495] kthread+0x328/0x630 [ 35.418595] ret_from_fork+0x10/0x20 [ 35.418639] [ 35.418679] The buggy address belongs to the object at fff00000c997d800 [ 35.418679] which belongs to the cache kmalloc-64 of size 64 [ 35.418849] The buggy address is located 0 bytes to the right of [ 35.418849] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.419028] [ 35.419096] The buggy address belongs to the physical page: [ 35.419174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.419232] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.419282] page_type: f5(slab) [ 35.419323] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.419464] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.419700] page dumped because: kasan: bad access detected [ 35.419758] [ 35.419807] Memory state around the buggy address: [ 35.419937] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.420021] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.420294] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.420351] ^ [ 35.420408] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.420464] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.420505] ================================================================== [ 35.381907] ================================================================== [ 35.381957] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 35.382007] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.382059] [ 35.382089] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.382191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.382219] Hardware name: linux,dummy-virt (DT) [ 35.382253] Call trace: [ 35.382287] show_stack+0x20/0x38 (C) [ 35.382339] dump_stack_lvl+0x8c/0xd0 [ 35.382389] print_report+0x118/0x608 [ 35.382439] kasan_report+0xdc/0x128 [ 35.382488] kasan_check_range+0x100/0x1a8 [ 35.382535] __kasan_check_write+0x20/0x30 [ 35.382583] kasan_atomics_helper+0x1414/0x4858 [ 35.382646] kasan_atomics+0x198/0x2e0 [ 35.382694] kunit_try_run_case+0x170/0x3f0 [ 35.382745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.382811] kthread+0x328/0x630 [ 35.382855] ret_from_fork+0x10/0x20 [ 35.382905] [ 35.382928] Allocated by task 296: [ 35.382966] kasan_save_stack+0x3c/0x68 [ 35.383010] kasan_save_track+0x20/0x40 [ 35.383066] kasan_save_alloc_info+0x40/0x58 [ 35.383107] __kasan_kmalloc+0xd4/0xd8 [ 35.383147] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.383199] kasan_atomics+0xb8/0x2e0 [ 35.383238] kunit_try_run_case+0x170/0x3f0 [ 35.383280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.383334] kthread+0x328/0x630 [ 35.383371] ret_from_fork+0x10/0x20 [ 35.383410] [ 35.383431] The buggy address belongs to the object at fff00000c997d800 [ 35.383431] which belongs to the cache kmalloc-64 of size 64 [ 35.383491] The buggy address is located 0 bytes to the right of [ 35.383491] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.383557] [ 35.383579] The buggy address belongs to the physical page: [ 35.383614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.383664] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.383714] page_type: f5(slab) [ 35.384207] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.384285] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.384328] page dumped because: kasan: bad access detected [ 35.384515] [ 35.384540] Memory state around the buggy address: [ 35.384610] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.384657] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.384732] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.384774] ^ [ 35.384811] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.384980] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.385022] ================================================================== [ 35.239262] ================================================================== [ 35.239619] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 35.239775] Read of size 4 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.240064] [ 35.240106] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.240571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.240811] Hardware name: linux,dummy-virt (DT) [ 35.240947] Call trace: [ 35.241349] show_stack+0x20/0x38 (C) [ 35.241645] dump_stack_lvl+0x8c/0xd0 [ 35.241813] print_report+0x118/0x608 [ 35.241875] kasan_report+0xdc/0x128 [ 35.242213] __asan_report_load4_noabort+0x20/0x30 [ 35.242840] kasan_atomics_helper+0x3dd8/0x4858 [ 35.243295] kasan_atomics+0x198/0x2e0 [ 35.243396] kunit_try_run_case+0x170/0x3f0 [ 35.243691] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.243899] kthread+0x328/0x630 [ 35.243957] ret_from_fork+0x10/0x20 [ 35.244008] [ 35.244031] Allocated by task 296: [ 35.244510] kasan_save_stack+0x3c/0x68 [ 35.244667] kasan_save_track+0x20/0x40 [ 35.244871] kasan_save_alloc_info+0x40/0x58 [ 35.244931] __kasan_kmalloc+0xd4/0xd8 [ 35.245232] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.245466] kasan_atomics+0xb8/0x2e0 [ 35.245811] kunit_try_run_case+0x170/0x3f0 [ 35.246016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.246182] kthread+0x328/0x630 [ 35.246273] ret_from_fork+0x10/0x20 [ 35.246352] [ 35.246691] The buggy address belongs to the object at fff00000c997d800 [ 35.246691] which belongs to the cache kmalloc-64 of size 64 [ 35.246777] The buggy address is located 0 bytes to the right of [ 35.246777] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.246981] [ 35.247311] The buggy address belongs to the physical page: [ 35.247500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.247812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.248079] page_type: f5(slab) [ 35.248267] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.248342] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.248680] page dumped because: kasan: bad access detected [ 35.248745] [ 35.249001] Memory state around the buggy address: [ 35.249217] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.249294] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.249457] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.249522] ^ [ 35.249559] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.249612] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.249730] ================================================================== [ 35.390706] ================================================================== [ 35.390780] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 35.390833] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.390886] [ 35.391057] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.391272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.391344] Hardware name: linux,dummy-virt (DT) [ 35.391378] Call trace: [ 35.391405] show_stack+0x20/0x38 (C) [ 35.391456] dump_stack_lvl+0x8c/0xd0 [ 35.391518] print_report+0x118/0x608 [ 35.391708] kasan_report+0xdc/0x128 [ 35.391849] kasan_check_range+0x100/0x1a8 [ 35.391932] __kasan_check_write+0x20/0x30 [ 35.392057] kasan_atomics_helper+0x14e4/0x4858 [ 35.392143] kasan_atomics+0x198/0x2e0 [ 35.392311] kunit_try_run_case+0x170/0x3f0 [ 35.392396] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.392520] kthread+0x328/0x630 [ 35.392565] ret_from_fork+0x10/0x20 [ 35.392615] [ 35.392638] Allocated by task 296: [ 35.392667] kasan_save_stack+0x3c/0x68 [ 35.392714] kasan_save_track+0x20/0x40 [ 35.392755] kasan_save_alloc_info+0x40/0x58 [ 35.392794] __kasan_kmalloc+0xd4/0xd8 [ 35.393122] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.393599] kasan_atomics+0xb8/0x2e0 [ 35.393718] kunit_try_run_case+0x170/0x3f0 [ 35.393795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.393883] kthread+0x328/0x630 [ 35.393950] ret_from_fork+0x10/0x20 [ 35.394231] [ 35.394311] The buggy address belongs to the object at fff00000c997d800 [ 35.394311] which belongs to the cache kmalloc-64 of size 64 [ 35.394388] The buggy address is located 0 bytes to the right of [ 35.394388] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.394456] [ 35.394674] The buggy address belongs to the physical page: [ 35.394783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.394863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.394937] page_type: f5(slab) [ 35.394989] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.395200] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.395305] page dumped because: kasan: bad access detected [ 35.395383] [ 35.395446] Memory state around the buggy address: [ 35.395531] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.395577] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.395637] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.395678] ^ [ 35.395715] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.395799] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.395842] ================================================================== [ 35.372699] ================================================================== [ 35.372764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 35.372817] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.372869] [ 35.372907] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.372997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.373032] Hardware name: linux,dummy-virt (DT) [ 35.373077] Call trace: [ 35.373101] show_stack+0x20/0x38 (C) [ 35.373167] dump_stack_lvl+0x8c/0xd0 [ 35.373219] print_report+0x118/0x608 [ 35.373371] kasan_report+0xdc/0x128 [ 35.373425] kasan_check_range+0x100/0x1a8 [ 35.373472] __kasan_check_write+0x20/0x30 [ 35.373525] kasan_atomics_helper+0x1384/0x4858 [ 35.373723] kasan_atomics+0x198/0x2e0 [ 35.373787] kunit_try_run_case+0x170/0x3f0 [ 35.373858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.374091] kthread+0x328/0x630 [ 35.374173] ret_from_fork+0x10/0x20 [ 35.374229] [ 35.374269] Allocated by task 296: [ 35.374310] kasan_save_stack+0x3c/0x68 [ 35.374356] kasan_save_track+0x20/0x40 [ 35.374403] kasan_save_alloc_info+0x40/0x58 [ 35.374467] __kasan_kmalloc+0xd4/0xd8 [ 35.374507] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.374550] kasan_atomics+0xb8/0x2e0 [ 35.374886] kunit_try_run_case+0x170/0x3f0 [ 35.374963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.375035] kthread+0x328/0x630 [ 35.375268] ret_from_fork+0x10/0x20 [ 35.375362] [ 35.375388] The buggy address belongs to the object at fff00000c997d800 [ 35.375388] which belongs to the cache kmalloc-64 of size 64 [ 35.375460] The buggy address is located 0 bytes to the right of [ 35.375460] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.375563] [ 35.375615] The buggy address belongs to the physical page: [ 35.375667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.375718] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.375876] page_type: f5(slab) [ 35.375917] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.375971] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.376127] page dumped because: kasan: bad access detected [ 35.376187] [ 35.376233] Memory state around the buggy address: [ 35.376268] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.376322] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.376376] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.376423] ^ [ 35.376466] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.376526] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.376567] ================================================================== [ 35.377056] ================================================================== [ 35.377260] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 35.377355] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.377410] [ 35.377443] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.377671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.377779] Hardware name: linux,dummy-virt (DT) [ 35.377847] Call trace: [ 35.377874] show_stack+0x20/0x38 (C) [ 35.377926] dump_stack_lvl+0x8c/0xd0 [ 35.377995] print_report+0x118/0x608 [ 35.378047] kasan_report+0xdc/0x128 [ 35.378095] __asan_report_load8_noabort+0x20/0x30 [ 35.378146] kasan_atomics_helper+0x3f04/0x4858 [ 35.378209] kasan_atomics+0x198/0x2e0 [ 35.378258] kunit_try_run_case+0x170/0x3f0 [ 35.378311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.378368] kthread+0x328/0x630 [ 35.378412] ret_from_fork+0x10/0x20 [ 35.378603] [ 35.378678] Allocated by task 296: [ 35.378715] kasan_save_stack+0x3c/0x68 [ 35.378777] kasan_save_track+0x20/0x40 [ 35.379007] kasan_save_alloc_info+0x40/0x58 [ 35.379072] __kasan_kmalloc+0xd4/0xd8 [ 35.379131] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.379191] kasan_atomics+0xb8/0x2e0 [ 35.379231] kunit_try_run_case+0x170/0x3f0 [ 35.379272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.379330] kthread+0x328/0x630 [ 35.379376] ret_from_fork+0x10/0x20 [ 35.379530] [ 35.379592] The buggy address belongs to the object at fff00000c997d800 [ 35.379592] which belongs to the cache kmalloc-64 of size 64 [ 35.379756] The buggy address is located 0 bytes to the right of [ 35.379756] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.379849] [ 35.380093] The buggy address belongs to the physical page: [ 35.380133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.380200] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.380249] page_type: f5(slab) [ 35.380292] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.380559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.380608] page dumped because: kasan: bad access detected [ 35.380672] [ 35.380711] Memory state around the buggy address: [ 35.380775] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.381065] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.381152] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.381259] ^ [ 35.381329] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.381455] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.381537] ================================================================== [ 35.410994] ================================================================== [ 35.411050] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 35.411125] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.411190] [ 35.411221] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.411375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.411439] Hardware name: linux,dummy-virt (DT) [ 35.411488] Call trace: [ 35.411612] show_stack+0x20/0x38 (C) [ 35.411688] dump_stack_lvl+0x8c/0xd0 [ 35.411786] print_report+0x118/0x608 [ 35.411847] kasan_report+0xdc/0x128 [ 35.411896] kasan_check_range+0x100/0x1a8 [ 35.412097] __kasan_check_write+0x20/0x30 [ 35.412185] kasan_atomics_helper+0x1644/0x4858 [ 35.412299] kasan_atomics+0x198/0x2e0 [ 35.412377] kunit_try_run_case+0x170/0x3f0 [ 35.412490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.412585] kthread+0x328/0x630 [ 35.412637] ret_from_fork+0x10/0x20 [ 35.412696] [ 35.412719] Allocated by task 296: [ 35.412751] kasan_save_stack+0x3c/0x68 [ 35.412943] kasan_save_track+0x20/0x40 [ 35.412999] kasan_save_alloc_info+0x40/0x58 [ 35.413174] __kasan_kmalloc+0xd4/0xd8 [ 35.413241] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.413295] kasan_atomics+0xb8/0x2e0 [ 35.413358] kunit_try_run_case+0x170/0x3f0 [ 35.413438] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.413779] kthread+0x328/0x630 [ 35.413856] ret_from_fork+0x10/0x20 [ 35.413960] [ 35.414009] The buggy address belongs to the object at fff00000c997d800 [ 35.414009] which belongs to the cache kmalloc-64 of size 64 [ 35.414106] The buggy address is located 0 bytes to the right of [ 35.414106] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.414184] [ 35.414207] The buggy address belongs to the physical page: [ 35.414561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.414647] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.414845] page_type: f5(slab) [ 35.414969] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.415023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.415066] page dumped because: kasan: bad access detected [ 35.415101] [ 35.415122] Memory state around the buggy address: [ 35.415166] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.415213] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.415326] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.415375] ^ [ 35.415426] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.415472] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.415513] ================================================================== [ 35.299103] ================================================================== [ 35.299504] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 35.299716] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.300025] [ 35.300084] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.300390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.300566] Hardware name: linux,dummy-virt (DT) [ 35.300658] Call trace: [ 35.300706] show_stack+0x20/0x38 (C) [ 35.300796] dump_stack_lvl+0x8c/0xd0 [ 35.301204] print_report+0x118/0x608 [ 35.301292] kasan_report+0xdc/0x128 [ 35.301368] __asan_report_store8_noabort+0x20/0x30 [ 35.301717] kasan_atomics_helper+0x3e5c/0x4858 [ 35.302030] kasan_atomics+0x198/0x2e0 [ 35.302229] kunit_try_run_case+0x170/0x3f0 [ 35.302847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.303057] kthread+0x328/0x630 [ 35.303168] ret_from_fork+0x10/0x20 [ 35.303252] [ 35.303416] Allocated by task 296: [ 35.303756] kasan_save_stack+0x3c/0x68 [ 35.303944] kasan_save_track+0x20/0x40 [ 35.304435] kasan_save_alloc_info+0x40/0x58 [ 35.304508] __kasan_kmalloc+0xd4/0xd8 [ 35.304667] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.304912] kasan_atomics+0xb8/0x2e0 [ 35.304977] kunit_try_run_case+0x170/0x3f0 [ 35.305018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.305109] kthread+0x328/0x630 [ 35.305165] ret_from_fork+0x10/0x20 [ 35.305216] [ 35.305239] The buggy address belongs to the object at fff00000c997d800 [ 35.305239] which belongs to the cache kmalloc-64 of size 64 [ 35.305301] The buggy address is located 0 bytes to the right of [ 35.305301] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.305369] [ 35.305401] The buggy address belongs to the physical page: [ 35.305444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.305512] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.305564] page_type: f5(slab) [ 35.305606] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.305659] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.305703] page dumped because: kasan: bad access detected [ 35.305736] [ 35.305763] Memory state around the buggy address: [ 35.305799] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.305850] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.305904] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.305945] ^ [ 35.305989] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.306051] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.306098] ================================================================== [ 35.406270] ================================================================== [ 35.406325] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 35.406377] Read of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.406456] [ 35.406504] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.406599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.406647] Hardware name: linux,dummy-virt (DT) [ 35.406680] Call trace: [ 35.406718] show_stack+0x20/0x38 (C) [ 35.406769] dump_stack_lvl+0x8c/0xd0 [ 35.406828] print_report+0x118/0x608 [ 35.406879] kasan_report+0xdc/0x128 [ 35.406927] __asan_report_load8_noabort+0x20/0x30 [ 35.407093] kasan_atomics_helper+0x3db0/0x4858 [ 35.407304] kasan_atomics+0x198/0x2e0 [ 35.407368] kunit_try_run_case+0x170/0x3f0 [ 35.407431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.407497] kthread+0x328/0x630 [ 35.407684] ret_from_fork+0x10/0x20 [ 35.407803] [ 35.407853] Allocated by task 296: [ 35.407907] kasan_save_stack+0x3c/0x68 [ 35.407996] kasan_save_track+0x20/0x40 [ 35.408050] kasan_save_alloc_info+0x40/0x58 [ 35.408115] __kasan_kmalloc+0xd4/0xd8 [ 35.408185] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.408228] kasan_atomics+0xb8/0x2e0 [ 35.408267] kunit_try_run_case+0x170/0x3f0 [ 35.408308] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.408388] kthread+0x328/0x630 [ 35.408423] ret_from_fork+0x10/0x20 [ 35.408462] [ 35.408484] The buggy address belongs to the object at fff00000c997d800 [ 35.408484] which belongs to the cache kmalloc-64 of size 64 [ 35.408665] The buggy address is located 0 bytes to the right of [ 35.408665] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.408762] [ 35.408840] The buggy address belongs to the physical page: [ 35.408905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.409003] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.409339] page_type: f5(slab) [ 35.409438] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.409525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.409580] page dumped because: kasan: bad access detected [ 35.409614] [ 35.409635] Memory state around the buggy address: [ 35.409780] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.410000] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.410064] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.410146] ^ [ 35.410454] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.410559] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.410629] ================================================================== [ 35.348098] ================================================================== [ 35.348391] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 35.348457] Write of size 8 at addr fff00000c997d830 by task kunit_try_catch/296 [ 35.348511] [ 35.348593] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.348796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.348846] Hardware name: linux,dummy-virt (DT) [ 35.348902] Call trace: [ 35.348927] show_stack+0x20/0x38 (C) [ 35.348980] dump_stack_lvl+0x8c/0xd0 [ 35.349050] print_report+0x118/0x608 [ 35.349125] kasan_report+0xdc/0x128 [ 35.349202] kasan_check_range+0x100/0x1a8 [ 35.349490] __kasan_check_write+0x20/0x30 [ 35.349556] kasan_atomics_helper+0x1128/0x4858 [ 35.349681] kasan_atomics+0x198/0x2e0 [ 35.349738] kunit_try_run_case+0x170/0x3f0 [ 35.349806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.349880] kthread+0x328/0x630 [ 35.349932] ret_from_fork+0x10/0x20 [ 35.350000] [ 35.350040] Allocated by task 296: [ 35.350084] kasan_save_stack+0x3c/0x68 [ 35.350131] kasan_save_track+0x20/0x40 [ 35.350190] kasan_save_alloc_info+0x40/0x58 [ 35.350244] __kasan_kmalloc+0xd4/0xd8 [ 35.350285] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.350329] kasan_atomics+0xb8/0x2e0 [ 35.350369] kunit_try_run_case+0x170/0x3f0 [ 35.350513] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.350666] kthread+0x328/0x630 [ 35.350712] ret_from_fork+0x10/0x20 [ 35.351014] [ 35.351080] The buggy address belongs to the object at fff00000c997d800 [ 35.351080] which belongs to the cache kmalloc-64 of size 64 [ 35.351173] The buggy address is located 0 bytes to the right of [ 35.351173] allocated 48-byte region [fff00000c997d800, fff00000c997d830) [ 35.351259] [ 35.351283] The buggy address belongs to the physical page: [ 35.351324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10997d [ 35.351389] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.351447] page_type: f5(slab) [ 35.351500] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 35.351586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 35.351663] page dumped because: kasan: bad access detected [ 35.351715] [ 35.351736] Memory state around the buggy address: [ 35.351770] fff00000c997d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.351964] fff00000c997d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 35.352017] >fff00000c997d800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.352058] ^ [ 35.352254] fff00000c997d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.352323] fff00000c997d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.352410] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 35.076677] ================================================================== [ 35.076753] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 35.076893] Read of size 8 at addr fff00000c57889e8 by task kunit_try_catch/292 [ 35.077126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.077321] dump_stack_lvl+0x8c/0xd0 [ 35.077731] kasan_bitops_generic+0x11c/0x1c8 [ 35.077926] kthread+0x328/0x630 [ 35.078401] kasan_save_stack+0x3c/0x68 [ 35.078648] __kmalloc_cache_noprof+0x16c/0x3c0 [ 35.079009] kthread+0x328/0x630 [ 35.079320] [ 35.079826] page_type: f5(slab) [ 35.080368] [ 35.080599] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 35.081350] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 34.885114] ================================================================== [ 34.885206] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.885475] Free of addr fff00000c8dbdc01 by task kunit_try_catch/272 [ 34.885556] [ 34.885652] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.885767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.885861] Hardware name: linux,dummy-virt (DT) [ 34.885929] Call trace: [ 34.885970] show_stack+0x20/0x38 (C) [ 34.886023] dump_stack_lvl+0x8c/0xd0 [ 34.886128] print_report+0x118/0x608 [ 34.886190] kasan_report_invalid_free+0xc0/0xe8 [ 34.886259] check_slab_allocation+0xfc/0x108 [ 34.886308] __kasan_mempool_poison_object+0x78/0x150 [ 34.886362] mempool_free+0x28c/0x328 [ 34.886629] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 34.886742] mempool_kmalloc_invalid_free+0xc0/0x118 [ 34.886810] kunit_try_run_case+0x170/0x3f0 [ 34.886924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.886990] kthread+0x328/0x630 [ 34.887047] ret_from_fork+0x10/0x20 [ 34.887143] [ 34.887190] Allocated by task 272: [ 34.887225] kasan_save_stack+0x3c/0x68 [ 34.887272] kasan_save_track+0x20/0x40 [ 34.887380] kasan_save_alloc_info+0x40/0x58 [ 34.887420] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.887482] remove_element+0x130/0x1f8 [ 34.887827] mempool_alloc_preallocated+0x58/0xc0 [ 34.887917] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 34.887984] mempool_kmalloc_invalid_free+0xc0/0x118 [ 34.888123] kunit_try_run_case+0x170/0x3f0 [ 34.888219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.888384] kthread+0x328/0x630 [ 34.888452] ret_from_fork+0x10/0x20 [ 34.888616] [ 34.888814] The buggy address belongs to the object at fff00000c8dbdc00 [ 34.888814] which belongs to the cache kmalloc-128 of size 128 [ 34.888907] The buggy address is located 1 bytes inside of [ 34.888907] 128-byte region [fff00000c8dbdc00, fff00000c8dbdc80) [ 34.888993] [ 34.889032] The buggy address belongs to the physical page: [ 34.889143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.889232] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.889368] page_type: f5(slab) [ 34.889446] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.889614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.889683] page dumped because: kasan: bad access detected [ 34.889786] [ 34.889826] Memory state around the buggy address: [ 34.889859] fff00000c8dbdb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.889914] fff00000c8dbdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.890078] >fff00000c8dbdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.890128] ^ [ 34.890171] fff00000c8dbdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.890215] fff00000c8dbdd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.898534] dump_stack_lvl+0x8c/0xd0 [ 34.900841] [ 34.901942] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 34.876826] ================================================================== [ 34.876889] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.876965] Free of addr fff00000c9af4000 by task kunit_try_catch/270 [ 34.877068] [ 34.877104] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.877408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.877503] Hardware name: linux,dummy-virt (DT) [ 34.877561] Call trace: [ 34.877600] show_stack+0x20/0x38 (C) [ 34.877712] dump_stack_lvl+0x8c/0xd0 [ 34.877787] print_report+0x118/0x608 [ 34.877850] kasan_report_invalid_free+0xc0/0xe8 [ 34.878046] __kasan_mempool_poison_pages+0xe0/0xe8 [ 34.878114] mempool_free+0x24c/0x328 [ 34.878206] mempool_double_free_helper+0x150/0x2e8 [ 34.878304] mempool_page_alloc_double_free+0xbc/0x118 [ 34.878359] kunit_try_run_case+0x170/0x3f0 [ 34.878426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.878521] kthread+0x328/0x630 [ 34.878566] ret_from_fork+0x10/0x20 [ 34.878634] [ 34.878671] The buggy address belongs to the physical page: [ 34.878704] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af4 [ 34.878767] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.878962] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 34.879086] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.879130] page dumped because: kasan: bad access detected [ 34.879239] [ 34.879270] Memory state around the buggy address: [ 34.879305] fff00000c9af3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879365] fff00000c9af3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879416] >fff00000c9af4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879649] ^ [ 34.879788] fff00000c9af4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879867] fff00000c9af4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.879981] ================================================================== [ 34.863470] ================================================================== [ 34.863549] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.863885] Free of addr fff00000c9af4000 by task kunit_try_catch/268 [ 34.863963] [ 34.864182] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.864295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.864474] Hardware name: linux,dummy-virt (DT) [ 34.864517] Call trace: [ 34.864540] show_stack+0x20/0x38 (C) [ 34.864712] dump_stack_lvl+0x8c/0xd0 [ 34.864919] print_report+0x118/0x608 [ 34.865030] kasan_report_invalid_free+0xc0/0xe8 [ 34.865109] __kasan_mempool_poison_object+0x14c/0x150 [ 34.865280] mempool_free+0x28c/0x328 [ 34.865366] mempool_double_free_helper+0x150/0x2e8 [ 34.865570] mempool_kmalloc_large_double_free+0xc0/0x118 [ 34.865647] kunit_try_run_case+0x170/0x3f0 [ 34.865953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.866043] kthread+0x328/0x630 [ 34.866131] ret_from_fork+0x10/0x20 [ 34.866290] [ 34.866313] The buggy address belongs to the physical page: [ 34.866363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af4 [ 34.866800] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.866878] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.866977] page_type: f8(unknown) [ 34.867148] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.867242] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.867453] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.867598] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.867707] head: 0bfffe0000000002 ffffc1ffc326bd01 00000000ffffffff 00000000ffffffff [ 34.867800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.867860] page dumped because: kasan: bad access detected [ 34.867927] [ 34.868038] Memory state around the buggy address: [ 34.868096] fff00000c9af3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868170] fff00000c9af3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868222] >fff00000c9af4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868552] ^ [ 34.868849] fff00000c9af4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.868954] fff00000c9af4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.869034] ================================================================== [ 34.846738] ================================================================== [ 34.847015] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 34.847191] Free of addr fff00000c8dbd800 by task kunit_try_catch/266 [ 34.847259] [ 34.847295] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.847546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.847736] Hardware name: linux,dummy-virt (DT) [ 34.847816] Call trace: [ 34.847851] show_stack+0x20/0x38 (C) [ 34.847921] dump_stack_lvl+0x8c/0xd0 [ 34.848027] print_report+0x118/0x608 [ 34.848076] kasan_report_invalid_free+0xc0/0xe8 [ 34.848126] check_slab_allocation+0xd4/0x108 [ 34.848188] __kasan_mempool_poison_object+0x78/0x150 [ 34.848240] mempool_free+0x28c/0x328 [ 34.848296] mempool_double_free_helper+0x150/0x2e8 [ 34.848355] mempool_kmalloc_double_free+0xc0/0x118 [ 34.848423] kunit_try_run_case+0x170/0x3f0 [ 34.848474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.848688] kthread+0x328/0x630 [ 34.848891] ret_from_fork+0x10/0x20 [ 34.848973] [ 34.849078] Allocated by task 266: [ 34.849136] kasan_save_stack+0x3c/0x68 [ 34.849278] kasan_save_track+0x20/0x40 [ 34.849337] kasan_save_alloc_info+0x40/0x58 [ 34.849404] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.849488] remove_element+0x130/0x1f8 [ 34.849706] mempool_alloc_preallocated+0x58/0xc0 [ 34.849808] mempool_double_free_helper+0x94/0x2e8 [ 34.849961] mempool_kmalloc_double_free+0xc0/0x118 [ 34.850020] kunit_try_run_case+0x170/0x3f0 [ 34.850175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.850263] kthread+0x328/0x630 [ 34.850388] ret_from_fork+0x10/0x20 [ 34.850455] [ 34.850480] Freed by task 266: [ 34.850520] kasan_save_stack+0x3c/0x68 [ 34.850758] kasan_save_track+0x20/0x40 [ 34.850805] kasan_save_free_info+0x4c/0x78 [ 34.850848] __kasan_mempool_poison_object+0xc0/0x150 [ 34.851017] mempool_free+0x28c/0x328 [ 34.851136] mempool_double_free_helper+0x100/0x2e8 [ 34.851232] mempool_kmalloc_double_free+0xc0/0x118 [ 34.851366] kunit_try_run_case+0x170/0x3f0 [ 34.851473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.851627] kthread+0x328/0x630 [ 34.851684] ret_from_fork+0x10/0x20 [ 34.851732] [ 34.851879] The buggy address belongs to the object at fff00000c8dbd800 [ 34.851879] which belongs to the cache kmalloc-128 of size 128 [ 34.851996] The buggy address is located 0 bytes inside of [ 34.851996] 128-byte region [fff00000c8dbd800, fff00000c8dbd880) [ 34.852179] [ 34.852204] The buggy address belongs to the physical page: [ 34.852236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.852296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.852346] page_type: f5(slab) [ 34.852386] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.852437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.852478] page dumped because: kasan: bad access detected [ 34.852508] [ 34.852527] Memory state around the buggy address: [ 34.852559] fff00000c8dbd700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.852602] fff00000c8dbd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.852645] >fff00000c8dbd800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.852683] ^ [ 34.852712] fff00000c8dbd880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.852752] fff00000c8dbd900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.852792] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 34.833727] ================================================================== [ 34.833797] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 34.833881] Read of size 1 at addr fff00000c9af4000 by task kunit_try_catch/264 [ 34.833956] [ 34.833999] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.834092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.834121] Hardware name: linux,dummy-virt (DT) [ 34.834168] Call trace: [ 34.834558] show_stack+0x20/0x38 (C) [ 34.834626] dump_stack_lvl+0x8c/0xd0 [ 34.834690] print_report+0x118/0x608 [ 34.834741] kasan_report+0xdc/0x128 [ 34.834902] __asan_report_load1_noabort+0x20/0x30 [ 34.834956] mempool_uaf_helper+0x314/0x340 [ 34.835010] mempool_page_alloc_uaf+0xc0/0x118 [ 34.835294] kunit_try_run_case+0x170/0x3f0 [ 34.835419] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.835518] kthread+0x328/0x630 [ 34.835696] ret_from_fork+0x10/0x20 [ 34.835762] [ 34.835786] The buggy address belongs to the physical page: [ 34.835822] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af4 [ 34.835886] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.835957] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 34.836008] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.836113] page dumped because: kasan: bad access detected [ 34.836174] [ 34.836218] Memory state around the buggy address: [ 34.836387] fff00000c9af3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.836467] fff00000c9af3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.836583] >fff00000c9af4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.836651] ^ [ 34.836709] fff00000c9af4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.836753] fff00000c9af4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.837052] ================================================================== [ 34.785986] ================================================================== [ 34.786134] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 34.786229] Read of size 1 at addr fff00000c9af0000 by task kunit_try_catch/260 [ 34.786314] [ 34.786364] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.786458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.786495] Hardware name: linux,dummy-virt (DT) [ 34.786529] Call trace: [ 34.786552] show_stack+0x20/0x38 (C) [ 34.786603] dump_stack_lvl+0x8c/0xd0 [ 34.786654] print_report+0x118/0x608 [ 34.786702] kasan_report+0xdc/0x128 [ 34.786748] __asan_report_load1_noabort+0x20/0x30 [ 34.786797] mempool_uaf_helper+0x314/0x340 [ 34.786845] mempool_kmalloc_large_uaf+0xc4/0x120 [ 34.786896] kunit_try_run_case+0x170/0x3f0 [ 34.786954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.787010] kthread+0x328/0x630 [ 34.787052] ret_from_fork+0x10/0x20 [ 34.787100] [ 34.787129] The buggy address belongs to the physical page: [ 34.787454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af0 [ 34.787709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.787765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.787821] page_type: f8(unknown) [ 34.787861] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.787913] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.788137] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.788434] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.788524] head: 0bfffe0000000002 ffffc1ffc326bc01 00000000ffffffff 00000000ffffffff [ 34.788764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.788894] page dumped because: kasan: bad access detected [ 34.788945] [ 34.788987] Memory state around the buggy address: [ 34.789096] fff00000c9aeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.789170] fff00000c9aeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.789231] >fff00000c9af0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.789370] ^ [ 34.789468] fff00000c9af0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.789575] fff00000c9af0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.789645] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 34.800286] ================================================================== [ 34.800355] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 34.800412] Read of size 1 at addr fff00000c8806240 by task kunit_try_catch/262 [ 34.800463] [ 34.800497] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.800794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.800923] Hardware name: linux,dummy-virt (DT) [ 34.801063] Call trace: [ 34.801152] show_stack+0x20/0x38 (C) [ 34.801280] dump_stack_lvl+0x8c/0xd0 [ 34.801356] print_report+0x118/0x608 [ 34.801516] kasan_report+0xdc/0x128 [ 34.801604] __asan_report_load1_noabort+0x20/0x30 [ 34.801728] mempool_uaf_helper+0x314/0x340 [ 34.801788] mempool_slab_uaf+0xc0/0x118 [ 34.801862] kunit_try_run_case+0x170/0x3f0 [ 34.802166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.802302] kthread+0x328/0x630 [ 34.802385] ret_from_fork+0x10/0x20 [ 34.802472] [ 34.802568] Allocated by task 262: [ 34.802628] kasan_save_stack+0x3c/0x68 [ 34.802684] kasan_save_track+0x20/0x40 [ 34.802730] kasan_save_alloc_info+0x40/0x58 [ 34.803021] __kasan_mempool_unpoison_object+0xbc/0x180 [ 34.803142] remove_element+0x16c/0x1f8 [ 34.803228] mempool_alloc_preallocated+0x58/0xc0 [ 34.803283] mempool_uaf_helper+0xa4/0x340 [ 34.803622] mempool_slab_uaf+0xc0/0x118 [ 34.803708] kunit_try_run_case+0x170/0x3f0 [ 34.803813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.803899] kthread+0x328/0x630 [ 34.804022] ret_from_fork+0x10/0x20 [ 34.804090] [ 34.804215] Freed by task 262: [ 34.804276] kasan_save_stack+0x3c/0x68 [ 34.804354] kasan_save_track+0x20/0x40 [ 34.804527] kasan_save_free_info+0x4c/0x78 [ 34.804798] __kasan_mempool_poison_object+0xc0/0x150 [ 34.804907] mempool_free+0x28c/0x328 [ 34.804967] mempool_uaf_helper+0x104/0x340 [ 34.805037] mempool_slab_uaf+0xc0/0x118 [ 34.805147] kunit_try_run_case+0x170/0x3f0 [ 34.805258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.805387] kthread+0x328/0x630 [ 34.805468] ret_from_fork+0x10/0x20 [ 34.805557] [ 34.805653] The buggy address belongs to the object at fff00000c8806240 [ 34.805653] which belongs to the cache test_cache of size 123 [ 34.805726] The buggy address is located 0 bytes inside of [ 34.805726] freed 123-byte region [fff00000c8806240, fff00000c88062bb) [ 34.805955] [ 34.806037] The buggy address belongs to the physical page: [ 34.806184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108806 [ 34.806311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.806398] page_type: f5(slab) [ 34.806471] raw: 0bfffe0000000000 fff00000c5711dc0 dead000000000122 0000000000000000 [ 34.806591] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 34.806660] page dumped because: kasan: bad access detected [ 34.806900] [ 34.806930] Memory state around the buggy address: [ 34.806965] fff00000c8806100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.807009] fff00000c8806180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.807059] >fff00000c8806200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 34.807124] ^ [ 34.807191] fff00000c8806280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.807287] fff00000c8806300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.807361] ================================================================== [ 34.773504] ================================================================== [ 34.773742] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 34.773885] Read of size 1 at addr fff00000c8dbd400 by task kunit_try_catch/258 [ 34.773962] [ 34.774006] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.774191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.774242] Hardware name: linux,dummy-virt (DT) [ 34.774279] Call trace: [ 34.774309] show_stack+0x20/0x38 (C) [ 34.774421] dump_stack_lvl+0x8c/0xd0 [ 34.774486] print_report+0x118/0x608 [ 34.774661] kasan_report+0xdc/0x128 [ 34.774724] __asan_report_load1_noabort+0x20/0x30 [ 34.774826] mempool_uaf_helper+0x314/0x340 [ 34.774895] mempool_kmalloc_uaf+0xc4/0x120 [ 34.774952] kunit_try_run_case+0x170/0x3f0 [ 34.775016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.775113] kthread+0x328/0x630 [ 34.775190] ret_from_fork+0x10/0x20 [ 34.775457] [ 34.775522] Allocated by task 258: [ 34.775664] kasan_save_stack+0x3c/0x68 [ 34.775723] kasan_save_track+0x20/0x40 [ 34.775810] kasan_save_alloc_info+0x40/0x58 [ 34.775861] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.775905] remove_element+0x130/0x1f8 [ 34.776045] mempool_alloc_preallocated+0x58/0xc0 [ 34.776091] mempool_uaf_helper+0xa4/0x340 [ 34.776130] mempool_kmalloc_uaf+0xc4/0x120 [ 34.776182] kunit_try_run_case+0x170/0x3f0 [ 34.776223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.776268] kthread+0x328/0x630 [ 34.776367] ret_from_fork+0x10/0x20 [ 34.776440] [ 34.776548] Freed by task 258: [ 34.776619] kasan_save_stack+0x3c/0x68 [ 34.776738] kasan_save_track+0x20/0x40 [ 34.776807] kasan_save_free_info+0x4c/0x78 [ 34.776892] __kasan_mempool_poison_object+0xc0/0x150 [ 34.776974] mempool_free+0x28c/0x328 [ 34.777034] mempool_uaf_helper+0x104/0x340 [ 34.777178] mempool_kmalloc_uaf+0xc4/0x120 [ 34.777220] kunit_try_run_case+0x170/0x3f0 [ 34.777273] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.777495] kthread+0x328/0x630 [ 34.777531] ret_from_fork+0x10/0x20 [ 34.777568] [ 34.777598] The buggy address belongs to the object at fff00000c8dbd400 [ 34.777598] which belongs to the cache kmalloc-128 of size 128 [ 34.777673] The buggy address is located 0 bytes inside of [ 34.777673] freed 128-byte region [fff00000c8dbd400, fff00000c8dbd480) [ 34.777788] [ 34.777828] The buggy address belongs to the physical page: [ 34.777912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.778028] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.778092] page_type: f5(slab) [ 34.778139] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.778203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.778245] page dumped because: kasan: bad access detected [ 34.778282] [ 34.778300] Memory state around the buggy address: [ 34.778343] fff00000c8dbd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.778398] fff00000c8dbd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.778470] >fff00000c8dbd400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.778510] ^ [ 34.778539] fff00000c8dbd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.778583] fff00000c8dbd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.778623] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 34.738571] ================================================================== [ 34.738661] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.738737] Read of size 1 at addr fff00000c90ba2bb by task kunit_try_catch/256 [ 34.738796] [ 34.738832] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.738922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.738950] Hardware name: linux,dummy-virt (DT) [ 34.738984] Call trace: [ 34.739008] show_stack+0x20/0x38 (C) [ 34.739069] dump_stack_lvl+0x8c/0xd0 [ 34.739123] print_report+0x118/0x608 [ 34.739500] kasan_report+0xdc/0x128 [ 34.739953] __asan_report_load1_noabort+0x20/0x30 [ 34.740034] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.740113] mempool_slab_oob_right+0xc0/0x118 [ 34.740211] kunit_try_run_case+0x170/0x3f0 [ 34.740286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.740340] kthread+0x328/0x630 [ 34.740382] ret_from_fork+0x10/0x20 [ 34.740450] [ 34.740634] Allocated by task 256: [ 34.740705] kasan_save_stack+0x3c/0x68 [ 34.740790] kasan_save_track+0x20/0x40 [ 34.740948] kasan_save_alloc_info+0x40/0x58 [ 34.741043] __kasan_mempool_unpoison_object+0xbc/0x180 [ 34.741109] remove_element+0x16c/0x1f8 [ 34.741225] mempool_alloc_preallocated+0x58/0xc0 [ 34.741292] mempool_oob_right_helper+0x98/0x2f0 [ 34.741370] mempool_slab_oob_right+0xc0/0x118 [ 34.741409] kunit_try_run_case+0x170/0x3f0 [ 34.741582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.741763] kthread+0x328/0x630 [ 34.741866] ret_from_fork+0x10/0x20 [ 34.741935] [ 34.741984] The buggy address belongs to the object at fff00000c90ba240 [ 34.741984] which belongs to the cache test_cache of size 123 [ 34.742084] The buggy address is located 0 bytes to the right of [ 34.742084] allocated 123-byte region [fff00000c90ba240, fff00000c90ba2bb) [ 34.742182] [ 34.742268] The buggy address belongs to the physical page: [ 34.742329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1090ba [ 34.742402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.742702] page_type: f5(slab) [ 34.742752] raw: 0bfffe0000000000 fff00000c5711c80 dead000000000122 0000000000000000 [ 34.742833] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 34.742945] page dumped because: kasan: bad access detected [ 34.743024] [ 34.743073] Memory state around the buggy address: [ 34.743127] fff00000c90ba180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.743197] fff00000c90ba200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 34.743276] >fff00000c90ba280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 34.743369] ^ [ 34.743403] fff00000c90ba300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.743490] fff00000c90ba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.743655] ================================================================== [ 34.714291] ================================================================== [ 34.714362] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.714425] Read of size 1 at addr fff00000c9aee001 by task kunit_try_catch/254 [ 34.714818] [ 34.714861] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.715082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.715272] Hardware name: linux,dummy-virt (DT) [ 34.715384] Call trace: [ 34.715411] show_stack+0x20/0x38 (C) [ 34.715819] dump_stack_lvl+0x8c/0xd0 [ 34.715917] print_report+0x118/0x608 [ 34.715964] kasan_report+0xdc/0x128 [ 34.716013] __asan_report_load1_noabort+0x20/0x30 [ 34.716062] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.716112] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 34.716174] kunit_try_run_case+0x170/0x3f0 [ 34.716223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.716277] kthread+0x328/0x630 [ 34.717933] ret_from_fork+0x10/0x20 [ 34.718422] [ 34.718492] The buggy address belongs to the physical page: [ 34.719040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aec [ 34.719685] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 34.719765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 34.720088] page_type: f8(unknown) [ 34.720232] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.720286] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.720699] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 34.721064] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 34.721242] head: 0bfffe0000000002 ffffc1ffc326bb01 00000000ffffffff 00000000ffffffff [ 34.721294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 34.721334] page dumped because: kasan: bad access detected [ 34.721369] [ 34.721388] Memory state around the buggy address: [ 34.722420] fff00000c9aedf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.722775] fff00000c9aedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.723231] >fff00000c9aee000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723372] ^ [ 34.723457] fff00000c9aee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723612] fff00000c9aee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 34.723654] ================================================================== [ 34.699197] ================================================================== [ 34.699277] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 34.699353] Read of size 1 at addr fff00000c8dbd073 by task kunit_try_catch/252 [ 34.699405] [ 34.699469] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.699571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.699598] Hardware name: linux,dummy-virt (DT) [ 34.699633] Call trace: [ 34.699660] show_stack+0x20/0x38 (C) [ 34.699716] dump_stack_lvl+0x8c/0xd0 [ 34.699770] print_report+0x118/0x608 [ 34.699818] kasan_report+0xdc/0x128 [ 34.699865] __asan_report_load1_noabort+0x20/0x30 [ 34.699915] mempool_oob_right_helper+0x2ac/0x2f0 [ 34.699966] mempool_kmalloc_oob_right+0xc4/0x120 [ 34.700016] kunit_try_run_case+0x170/0x3f0 [ 34.700069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.700123] kthread+0x328/0x630 [ 34.700181] ret_from_fork+0x10/0x20 [ 34.700232] [ 34.700251] Allocated by task 252: [ 34.700281] kasan_save_stack+0x3c/0x68 [ 34.700324] kasan_save_track+0x20/0x40 [ 34.700362] kasan_save_alloc_info+0x40/0x58 [ 34.700400] __kasan_mempool_unpoison_object+0x11c/0x180 [ 34.700445] remove_element+0x130/0x1f8 [ 34.700484] mempool_alloc_preallocated+0x58/0xc0 [ 34.700524] mempool_oob_right_helper+0x98/0x2f0 [ 34.700564] mempool_kmalloc_oob_right+0xc4/0x120 [ 34.700603] kunit_try_run_case+0x170/0x3f0 [ 34.700642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.700687] kthread+0x328/0x630 [ 34.700719] ret_from_fork+0x10/0x20 [ 34.700756] [ 34.700778] The buggy address belongs to the object at fff00000c8dbd000 [ 34.700778] which belongs to the cache kmalloc-128 of size 128 [ 34.700837] The buggy address is located 0 bytes to the right of [ 34.700837] allocated 115-byte region [fff00000c8dbd000, fff00000c8dbd073) [ 34.700902] [ 34.700924] The buggy address belongs to the physical page: [ 34.700960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd [ 34.701017] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.701070] page_type: f5(slab) [ 34.701114] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.701176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.701219] page dumped because: kasan: bad access detected [ 34.701252] [ 34.701271] Memory state around the buggy address: [ 34.701307] fff00000c8dbcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701351] fff00000c8dbcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.701396] >fff00000c8dbd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 34.701436] ^ [ 34.701477] fff00000c8dbd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.701528] fff00000c8dbd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 34.701569] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 34.133854] ================================================================== [ 34.133932] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 34.134012] Read of size 1 at addr fff00000c5c333c0 by task kunit_try_catch/246 [ 34.134065] [ 34.134107] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.137223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.137255] Hardware name: linux,dummy-virt (DT) [ 34.137295] Call trace: [ 34.137320] show_stack+0x20/0x38 (C) [ 34.137378] dump_stack_lvl+0x8c/0xd0 [ 34.137433] print_report+0x118/0x608 [ 34.137485] kasan_report+0xdc/0x128 [ 34.137532] __kasan_check_byte+0x54/0x70 [ 34.137579] kmem_cache_destroy+0x34/0x218 [ 34.137629] kmem_cache_double_destroy+0x174/0x300 [ 34.137677] kunit_try_run_case+0x170/0x3f0 [ 34.137730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.137783] kthread+0x328/0x630 [ 34.137827] ret_from_fork+0x10/0x20 [ 34.137875] [ 34.137896] Allocated by task 246: [ 34.137926] kasan_save_stack+0x3c/0x68 [ 34.137971] kasan_save_track+0x20/0x40 [ 34.138008] kasan_save_alloc_info+0x40/0x58 [ 34.138046] __kasan_slab_alloc+0xa8/0xb0 [ 34.138086] kmem_cache_alloc_noprof+0x10c/0x398 [ 34.138128] __kmem_cache_create_args+0x178/0x280 [ 34.138178] kmem_cache_double_destroy+0xc0/0x300 [ 34.138248] kunit_try_run_case+0x170/0x3f0 [ 34.138298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.138353] kthread+0x328/0x630 [ 34.138400] ret_from_fork+0x10/0x20 [ 34.138445] [ 34.138464] Freed by task 246: [ 34.138493] kasan_save_stack+0x3c/0x68 [ 34.138532] kasan_save_track+0x20/0x40 [ 34.138574] kasan_save_free_info+0x4c/0x78 [ 34.138612] __kasan_slab_free+0x6c/0x98 [ 34.138649] kmem_cache_free+0x260/0x468 [ 34.138709] slab_kmem_cache_release+0x38/0x50 [ 34.138747] kmem_cache_release+0x1c/0x30 [ 34.138785] kobject_put+0x17c/0x420 [ 34.138831] sysfs_slab_release+0x1c/0x30 [ 34.138877] kmem_cache_destroy+0x118/0x218 [ 34.138914] kmem_cache_double_destroy+0x128/0x300 [ 34.138953] kunit_try_run_case+0x170/0x3f0 [ 34.139002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.139056] kthread+0x328/0x630 [ 34.139089] ret_from_fork+0x10/0x20 [ 34.139126] [ 34.139148] The buggy address belongs to the object at fff00000c5c333c0 [ 34.139148] which belongs to the cache kmem_cache of size 208 [ 34.139217] The buggy address is located 0 bytes inside of [ 34.139217] freed 208-byte region [fff00000c5c333c0, fff00000c5c33490) [ 34.139293] [ 34.139317] The buggy address belongs to the physical page: [ 34.139360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c33 [ 34.139440] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.139523] page_type: f5(slab) [ 34.139568] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 34.139620] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 34.139670] page dumped because: kasan: bad access detected [ 34.139705] [ 34.139745] Memory state around the buggy address: [ 34.139796] fff00000c5c33280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.139840] fff00000c5c33300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 34.139894] >fff00000c5c33380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 34.139947] ^ [ 34.139991] fff00000c5c33400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.140040] fff00000c5c33480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.140079] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 33.896946] ================================================================== [ 33.897068] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 33.897245] Read of size 1 at addr fff00000c9a51000 by task kunit_try_catch/244 [ 33.897377] [ 33.897426] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.897684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.897719] Hardware name: linux,dummy-virt (DT) [ 33.897757] Call trace: [ 33.897784] show_stack+0x20/0x38 (C) [ 33.898054] dump_stack_lvl+0x8c/0xd0 [ 33.898133] print_report+0x118/0x608 [ 33.898276] kasan_report+0xdc/0x128 [ 33.898341] __asan_report_load1_noabort+0x20/0x30 [ 33.898628] kmem_cache_rcu_uaf+0x388/0x468 [ 33.898744] kunit_try_run_case+0x170/0x3f0 [ 33.898807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.898863] kthread+0x328/0x630 [ 33.898968] ret_from_fork+0x10/0x20 [ 33.899050] [ 33.899079] Allocated by task 244: [ 33.899129] kasan_save_stack+0x3c/0x68 [ 33.899246] kasan_save_track+0x20/0x40 [ 33.899284] kasan_save_alloc_info+0x40/0x58 [ 33.899324] __kasan_slab_alloc+0xa8/0xb0 [ 33.899361] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.899746] kmem_cache_rcu_uaf+0x12c/0x468 [ 33.899809] kunit_try_run_case+0x170/0x3f0 [ 33.899981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.900058] kthread+0x328/0x630 [ 33.900201] ret_from_fork+0x10/0x20 [ 33.900269] [ 33.900296] Freed by task 0: [ 33.900326] kasan_save_stack+0x3c/0x68 [ 33.900659] kasan_save_track+0x20/0x40 [ 33.900826] kasan_save_free_info+0x4c/0x78 [ 33.900895] __kasan_slab_free+0x6c/0x98 [ 33.901026] slab_free_after_rcu_debug+0xd4/0x2f8 [ 33.901116] rcu_core+0x9f4/0x1e20 [ 33.901198] rcu_core_si+0x18/0x30 [ 33.901344] handle_softirqs+0x374/0xb28 [ 33.901389] __do_softirq+0x1c/0x28 [ 33.901448] [ 33.902077] Last potentially related work creation: [ 33.902133] kasan_save_stack+0x3c/0x68 [ 33.902827] kasan_record_aux_stack+0xb4/0xc8 [ 33.903270] kmem_cache_free+0x120/0x468 [ 33.903374] kmem_cache_rcu_uaf+0x16c/0x468 [ 33.903507] kunit_try_run_case+0x170/0x3f0 [ 33.903585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.903879] kthread+0x328/0x630 [ 33.904006] ret_from_fork+0x10/0x20 [ 33.904383] [ 33.904443] The buggy address belongs to the object at fff00000c9a51000 [ 33.904443] which belongs to the cache test_cache of size 200 [ 33.904568] The buggy address is located 0 bytes inside of [ 33.904568] freed 200-byte region [fff00000c9a51000, fff00000c9a510c8) [ 33.904663] [ 33.904754] The buggy address belongs to the physical page: [ 33.904821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a51 [ 33.904928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.904986] page_type: f5(slab) [ 33.905030] raw: 0bfffe0000000000 fff00000c5c33280 dead000000000122 0000000000000000 [ 33.905223] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.905378] page dumped because: kasan: bad access detected [ 33.905563] [ 33.905766] Memory state around the buggy address: [ 33.905836] fff00000c9a50f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.905948] fff00000c9a50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.906049] >fff00000c9a51000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.906179] ^ [ 33.906236] fff00000c9a51080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 33.906311] fff00000c9a51100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.906388] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 33.319020] ================================================================== [ 33.319194] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 33.319277] Free of addr fff00000c9a51001 by task kunit_try_catch/242 [ 33.319628] [ 33.319700] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.319805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.319970] Hardware name: linux,dummy-virt (DT) [ 33.320236] Call trace: [ 33.320284] show_stack+0x20/0x38 (C) [ 33.320382] dump_stack_lvl+0x8c/0xd0 [ 33.320579] print_report+0x118/0x608 [ 33.320765] kasan_report_invalid_free+0xc0/0xe8 [ 33.320848] check_slab_allocation+0xfc/0x108 [ 33.321001] __kasan_slab_pre_free+0x2c/0x48 [ 33.321086] kmem_cache_free+0xf0/0x468 [ 33.321341] kmem_cache_invalid_free+0x184/0x3c8 [ 33.321505] kunit_try_run_case+0x170/0x3f0 [ 33.321705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.321900] kthread+0x328/0x630 [ 33.321982] ret_from_fork+0x10/0x20 [ 33.322337] [ 33.322491] Allocated by task 242: [ 33.322581] kasan_save_stack+0x3c/0x68 [ 33.322630] kasan_save_track+0x20/0x40 [ 33.322826] kasan_save_alloc_info+0x40/0x58 [ 33.323041] __kasan_slab_alloc+0xa8/0xb0 [ 33.323144] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.323265] kmem_cache_invalid_free+0x12c/0x3c8 [ 33.323334] kunit_try_run_case+0x170/0x3f0 [ 33.323372] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.323732] kthread+0x328/0x630 [ 33.323893] ret_from_fork+0x10/0x20 [ 33.323944] [ 33.323966] The buggy address belongs to the object at fff00000c9a51000 [ 33.323966] which belongs to the cache test_cache of size 200 [ 33.324025] The buggy address is located 1 bytes inside of [ 33.324025] 200-byte region [fff00000c9a51000, fff00000c9a510c8) [ 33.324240] [ 33.324381] The buggy address belongs to the physical page: [ 33.324428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a51 [ 33.324498] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.325044] page_type: f5(slab) [ 33.325171] raw: 0bfffe0000000000 fff00000c5c33140 dead000000000122 0000000000000000 [ 33.325267] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.325382] page dumped because: kasan: bad access detected [ 33.325453] [ 33.325515] Memory state around the buggy address: [ 33.325713] fff00000c9a50f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.325782] fff00000c9a50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.325837] >fff00000c9a51000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.325976] ^ [ 33.326027] fff00000c9a51080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 33.326271] fff00000c9a51100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.326319] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 33.260832] ================================================================== [ 33.260900] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 33.260974] Free of addr fff00000c9a1c000 by task kunit_try_catch/240 [ 33.261019] [ 33.261061] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.261153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.261194] Hardware name: linux,dummy-virt (DT) [ 33.261230] Call trace: [ 33.261255] show_stack+0x20/0x38 (C) [ 33.261311] dump_stack_lvl+0x8c/0xd0 [ 33.261363] print_report+0x118/0x608 [ 33.261412] kasan_report_invalid_free+0xc0/0xe8 [ 33.261463] check_slab_allocation+0xd4/0x108 [ 33.261520] __kasan_slab_pre_free+0x2c/0x48 [ 33.261567] kmem_cache_free+0xf0/0x468 [ 33.261617] kmem_cache_double_free+0x190/0x3c8 [ 33.261665] kunit_try_run_case+0x170/0x3f0 [ 33.261718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.261772] kthread+0x328/0x630 [ 33.261816] ret_from_fork+0x10/0x20 [ 33.261866] [ 33.261884] Allocated by task 240: [ 33.261913] kasan_save_stack+0x3c/0x68 [ 33.261955] kasan_save_track+0x20/0x40 [ 33.261992] kasan_save_alloc_info+0x40/0x58 [ 33.262053] __kasan_slab_alloc+0xa8/0xb0 [ 33.262236] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.262301] kmem_cache_double_free+0x12c/0x3c8 [ 33.262403] kunit_try_run_case+0x170/0x3f0 [ 33.262451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.262639] kthread+0x328/0x630 [ 33.262693] ret_from_fork+0x10/0x20 [ 33.262812] [ 33.262831] Freed by task 240: [ 33.262857] kasan_save_stack+0x3c/0x68 [ 33.262896] kasan_save_track+0x20/0x40 [ 33.262934] kasan_save_free_info+0x4c/0x78 [ 33.262975] __kasan_slab_free+0x6c/0x98 [ 33.263153] kmem_cache_free+0x260/0x468 [ 33.263202] kmem_cache_double_free+0x140/0x3c8 [ 33.263240] kunit_try_run_case+0x170/0x3f0 [ 33.263278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.263322] kthread+0x328/0x630 [ 33.263353] ret_from_fork+0x10/0x20 [ 33.263390] [ 33.263409] The buggy address belongs to the object at fff00000c9a1c000 [ 33.263409] which belongs to the cache test_cache of size 200 [ 33.263493] The buggy address is located 0 bytes inside of [ 33.263493] 200-byte region [fff00000c9a1c000, fff00000c9a1c0c8) [ 33.263557] [ 33.263579] The buggy address belongs to the physical page: [ 33.263613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a1c [ 33.263671] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.263726] page_type: f5(slab) [ 33.263770] raw: 0bfffe0000000000 fff00000c5711b40 dead000000000122 0000000000000000 [ 33.263832] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.263964] page dumped because: kasan: bad access detected [ 33.264026] [ 33.264050] Memory state around the buggy address: [ 33.264140] fff00000c9a1bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.264195] fff00000c9a1bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.264239] >fff00000c9a1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.264278] ^ [ 33.264332] fff00000c9a1c080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 33.264374] fff00000c9a1c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.264414] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 33.069135] ================================================================== [ 33.069270] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 33.069332] Read of size 1 at addr fff00000c9a1e0c8 by task kunit_try_catch/238 [ 33.069385] [ 33.069423] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.069721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.070319] Hardware name: linux,dummy-virt (DT) [ 33.070389] Call trace: [ 33.070606] show_stack+0x20/0x38 (C) [ 33.070666] dump_stack_lvl+0x8c/0xd0 [ 33.070721] print_report+0x118/0x608 [ 33.071534] kasan_report+0xdc/0x128 [ 33.071650] __asan_report_load1_noabort+0x20/0x30 [ 33.071714] kmem_cache_oob+0x344/0x430 [ 33.071904] kunit_try_run_case+0x170/0x3f0 [ 33.072319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.072386] kthread+0x328/0x630 [ 33.072430] ret_from_fork+0x10/0x20 [ 33.073114] [ 33.073573] Allocated by task 238: [ 33.073606] kasan_save_stack+0x3c/0x68 [ 33.073781] kasan_save_track+0x20/0x40 [ 33.074013] kasan_save_alloc_info+0x40/0x58 [ 33.074064] __kasan_slab_alloc+0xa8/0xb0 [ 33.074225] kmem_cache_alloc_noprof+0x10c/0x398 [ 33.074742] kmem_cache_oob+0x12c/0x430 [ 33.074982] kunit_try_run_case+0x170/0x3f0 [ 33.075540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.075599] kthread+0x328/0x630 [ 33.075653] ret_from_fork+0x10/0x20 [ 33.075772] [ 33.075816] The buggy address belongs to the object at fff00000c9a1e000 [ 33.075816] which belongs to the cache test_cache of size 200 [ 33.075903] The buggy address is located 0 bytes to the right of [ 33.075903] allocated 200-byte region [fff00000c9a1e000, fff00000c9a1e0c8) [ 33.076209] [ 33.076534] The buggy address belongs to the physical page: [ 33.076583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a1e [ 33.076640] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.077091] page_type: f5(slab) [ 33.077140] raw: 0bfffe0000000000 fff00000c5711a00 dead000000000122 0000000000000000 [ 33.077203] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 33.077244] page dumped because: kasan: bad access detected [ 33.077276] [ 33.077908] Memory state around the buggy address: [ 33.078179] fff00000c9a1df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.078232] fff00000c9a1e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.078276] >fff00000c9a1e080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 33.078315] ^ [ 33.078452] fff00000c9a1e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.078653] fff00000c9a1e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.078896] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 33.013082] ================================================================== [ 33.013169] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 33.014398] Read of size 8 at addr fff00000c8db83c0 by task kunit_try_catch/231 [ 33.015508] [ 33.015743] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.015903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.015933] Hardware name: linux,dummy-virt (DT) [ 33.016213] Call trace: [ 33.016379] show_stack+0x20/0x38 (C) [ 33.016485] dump_stack_lvl+0x8c/0xd0 [ 33.016925] print_report+0x118/0x608 [ 33.017185] kasan_report+0xdc/0x128 [ 33.017423] __asan_report_load8_noabort+0x20/0x30 [ 33.017813] workqueue_uaf+0x480/0x4a8 [ 33.018030] kunit_try_run_case+0x170/0x3f0 [ 33.018295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.018379] kthread+0x328/0x630 [ 33.018424] ret_from_fork+0x10/0x20 [ 33.018473] [ 33.018492] Allocated by task 231: [ 33.019224] kasan_save_stack+0x3c/0x68 [ 33.019297] kasan_save_track+0x20/0x40 [ 33.019369] kasan_save_alloc_info+0x40/0x58 [ 33.019862] __kasan_kmalloc+0xd4/0xd8 [ 33.020013] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.020065] workqueue_uaf+0x13c/0x4a8 [ 33.020415] kunit_try_run_case+0x170/0x3f0 [ 33.020493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.020539] kthread+0x328/0x630 [ 33.020760] ret_from_fork+0x10/0x20 [ 33.020798] [ 33.020818] Freed by task 47: [ 33.021315] kasan_save_stack+0x3c/0x68 [ 33.021589] kasan_save_track+0x20/0x40 [ 33.021753] kasan_save_free_info+0x4c/0x78 [ 33.021870] __kasan_slab_free+0x6c/0x98 [ 33.021938] kfree+0x214/0x3c8 [ 33.021971] workqueue_uaf_work+0x18/0x30 [ 33.022311] process_one_work+0x530/0xf98 [ 33.022633] worker_thread+0x618/0xf38 [ 33.022703] kthread+0x328/0x630 [ 33.022738] ret_from_fork+0x10/0x20 [ 33.022799] [ 33.022821] Last potentially related work creation: [ 33.022848] kasan_save_stack+0x3c/0x68 [ 33.023379] kasan_record_aux_stack+0xb4/0xc8 [ 33.023434] __queue_work+0x65c/0xfe0 [ 33.023660] queue_work_on+0xbc/0xf8 [ 33.023736] workqueue_uaf+0x210/0x4a8 [ 33.023774] kunit_try_run_case+0x170/0x3f0 [ 33.024040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.024088] kthread+0x328/0x630 [ 33.024393] ret_from_fork+0x10/0x20 [ 33.024437] [ 33.024457] The buggy address belongs to the object at fff00000c8db83c0 [ 33.024457] which belongs to the cache kmalloc-32 of size 32 [ 33.025027] The buggy address is located 0 bytes inside of [ 33.025027] freed 32-byte region [fff00000c8db83c0, fff00000c8db83e0) [ 33.025597] [ 33.025672] The buggy address belongs to the physical page: [ 33.025775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108db8 [ 33.026021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.026077] page_type: f5(slab) [ 33.026121] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.026185] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.026515] page dumped because: kasan: bad access detected [ 33.026709] [ 33.026839] Memory state around the buggy address: [ 33.026877] fff00000c8db8280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.027314] fff00000c8db8300: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 33.027437] >fff00000c8db8380: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 33.027758] ^ [ 33.027801] fff00000c8db8400: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.028037] fff00000c8db8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.028276] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 32.961526] ================================================================== [ 32.961661] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 32.962677] Read of size 4 at addr fff00000c8db81c0 by task swapper/1/0 [ 32.962811] [ 32.962855] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.963600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.963646] Hardware name: linux,dummy-virt (DT) [ 32.963688] Call trace: [ 32.963979] show_stack+0x20/0x38 (C) [ 32.964878] dump_stack_lvl+0x8c/0xd0 [ 32.965042] print_report+0x118/0x608 [ 32.965525] kasan_report+0xdc/0x128 [ 32.965612] __asan_report_load4_noabort+0x20/0x30 [ 32.965816] rcu_uaf_reclaim+0x64/0x70 [ 32.966212] rcu_core+0x9f4/0x1e20 [ 32.966652] rcu_core_si+0x18/0x30 [ 32.967039] handle_softirqs+0x374/0xb28 [ 32.967102] __do_softirq+0x1c/0x28 [ 32.967477] ____do_softirq+0x18/0x30 [ 32.967565] call_on_irq_stack+0x24/0x30 [ 32.967906] do_softirq_own_stack+0x24/0x38 [ 32.968001] __irq_exit_rcu+0x1fc/0x318 [ 32.968105] irq_exit_rcu+0x1c/0x80 [ 32.968169] el1_interrupt+0x38/0x58 [ 32.968887] el1h_64_irq_handler+0x18/0x28 [ 32.969196] el1h_64_irq+0x6c/0x70 [ 32.969304] arch_local_irq_enable+0x4/0x8 (P) [ 32.969554] do_idle+0x384/0x4e8 [ 32.969609] cpu_startup_entry+0x64/0x80 [ 32.970089] secondary_start_kernel+0x288/0x340 [ 32.970192] __secondary_switched+0xc0/0xc8 [ 32.970526] [ 32.970555] Allocated by task 229: [ 32.971167] kasan_save_stack+0x3c/0x68 [ 32.971516] kasan_save_track+0x20/0x40 [ 32.971669] kasan_save_alloc_info+0x40/0x58 [ 32.971739] __kasan_kmalloc+0xd4/0xd8 [ 32.971780] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.971955] rcu_uaf+0xb0/0x2d8 [ 32.972004] kunit_try_run_case+0x170/0x3f0 [ 32.972430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.972483] kthread+0x328/0x630 [ 32.972519] ret_from_fork+0x10/0x20 [ 32.972559] [ 32.973293] Freed by task 0: [ 32.973386] kasan_save_stack+0x3c/0x68 [ 32.973742] kasan_save_track+0x20/0x40 [ 32.974025] kasan_save_free_info+0x4c/0x78 [ 32.974436] __kasan_slab_free+0x6c/0x98 [ 32.974482] kfree+0x214/0x3c8 [ 32.974519] rcu_uaf_reclaim+0x28/0x70 [ 32.974557] rcu_core+0x9f4/0x1e20 [ 32.975103] rcu_core_si+0x18/0x30 [ 32.975301] handle_softirqs+0x374/0xb28 [ 32.975398] __do_softirq+0x1c/0x28 [ 32.975437] [ 32.975475] Last potentially related work creation: [ 32.975511] kasan_save_stack+0x3c/0x68 [ 32.975553] kasan_record_aux_stack+0xb4/0xc8 [ 32.975593] __call_rcu_common.constprop.0+0x74/0x8c8 [ 32.975634] call_rcu+0x18/0x30 [ 32.975669] rcu_uaf+0x14c/0x2d8 [ 32.975704] kunit_try_run_case+0x170/0x3f0 [ 32.975744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.975973] kthread+0x328/0x630 [ 32.976049] ret_from_fork+0x10/0x20 [ 32.976131] [ 32.976549] The buggy address belongs to the object at fff00000c8db81c0 [ 32.976549] which belongs to the cache kmalloc-32 of size 32 [ 32.976701] The buggy address is located 0 bytes inside of [ 32.976701] freed 32-byte region [fff00000c8db81c0, fff00000c8db81e0) [ 32.977025] [ 32.977055] The buggy address belongs to the physical page: [ 32.977328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108db8 [ 32.977531] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.977886] page_type: f5(slab) [ 32.978069] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 32.978313] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 32.978636] page dumped because: kasan: bad access detected [ 32.978690] [ 32.979055] Memory state around the buggy address: [ 32.979108] fff00000c8db8080: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 32.979205] fff00000c8db8100: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 32.979399] >fff00000c8db8180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 32.979440] ^ [ 32.979796] fff00000c8db8200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.979995] fff00000c8db8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.980110] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 32.760313] ================================================================== [ 32.760446] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 32.760515] Read of size 1 at addr fff00000c63fbd78 by task kunit_try_catch/227 [ 32.760584] [ 32.760679] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.760769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.760811] Hardware name: linux,dummy-virt (DT) [ 32.760845] Call trace: [ 32.760903] show_stack+0x20/0x38 (C) [ 32.760961] dump_stack_lvl+0x8c/0xd0 [ 32.761027] print_report+0x118/0x608 [ 32.761131] kasan_report+0xdc/0x128 [ 32.761191] __asan_report_load1_noabort+0x20/0x30 [ 32.761403] ksize_uaf+0x544/0x5f8 [ 32.761470] kunit_try_run_case+0x170/0x3f0 [ 32.761584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.761660] kthread+0x328/0x630 [ 32.761712] ret_from_fork+0x10/0x20 [ 32.761813] [ 32.761854] Allocated by task 227: [ 32.761901] kasan_save_stack+0x3c/0x68 [ 32.762002] kasan_save_track+0x20/0x40 [ 32.762063] kasan_save_alloc_info+0x40/0x58 [ 32.762111] __kasan_kmalloc+0xd4/0xd8 [ 32.762326] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.762514] ksize_uaf+0xb8/0x5f8 [ 32.762558] kunit_try_run_case+0x170/0x3f0 [ 32.762606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.762660] kthread+0x328/0x630 [ 32.762747] ret_from_fork+0x10/0x20 [ 32.762805] [ 32.762845] Freed by task 227: [ 32.762883] kasan_save_stack+0x3c/0x68 [ 32.762930] kasan_save_track+0x20/0x40 [ 32.763018] kasan_save_free_info+0x4c/0x78 [ 32.763087] __kasan_slab_free+0x6c/0x98 [ 32.763133] kfree+0x214/0x3c8 [ 32.763178] ksize_uaf+0x11c/0x5f8 [ 32.763212] kunit_try_run_case+0x170/0x3f0 [ 32.763473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.763616] kthread+0x328/0x630 [ 32.763678] ret_from_fork+0x10/0x20 [ 32.763773] [ 32.763796] The buggy address belongs to the object at fff00000c63fbd00 [ 32.763796] which belongs to the cache kmalloc-128 of size 128 [ 32.763856] The buggy address is located 120 bytes inside of [ 32.763856] freed 128-byte region [fff00000c63fbd00, fff00000c63fbd80) [ 32.763920] [ 32.764117] The buggy address belongs to the physical page: [ 32.764224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.764308] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.764440] page_type: f5(slab) [ 32.764505] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.764572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.764671] page dumped because: kasan: bad access detected [ 32.764707] [ 32.764725] Memory state around the buggy address: [ 32.764766] fff00000c63fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.764811] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.764853] >fff00000c63fbd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.764892] ^ [ 32.764950] fff00000c63fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.764994] fff00000c63fbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.765033] ================================================================== [ 32.753373] ================================================================== [ 32.753537] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 32.753591] Read of size 1 at addr fff00000c63fbd00 by task kunit_try_catch/227 [ 32.753732] [ 32.753781] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.753910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.753960] Hardware name: linux,dummy-virt (DT) [ 32.753994] Call trace: [ 32.754035] show_stack+0x20/0x38 (C) [ 32.754139] dump_stack_lvl+0x8c/0xd0 [ 32.754203] print_report+0x118/0x608 [ 32.754251] kasan_report+0xdc/0x128 [ 32.754304] __asan_report_load1_noabort+0x20/0x30 [ 32.754353] ksize_uaf+0x598/0x5f8 [ 32.754397] kunit_try_run_case+0x170/0x3f0 [ 32.754611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.754792] kthread+0x328/0x630 [ 32.754870] ret_from_fork+0x10/0x20 [ 32.754922] [ 32.754941] Allocated by task 227: [ 32.754990] kasan_save_stack+0x3c/0x68 [ 32.755072] kasan_save_track+0x20/0x40 [ 32.755129] kasan_save_alloc_info+0x40/0x58 [ 32.755321] __kasan_kmalloc+0xd4/0xd8 [ 32.755482] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.755556] ksize_uaf+0xb8/0x5f8 [ 32.755619] kunit_try_run_case+0x170/0x3f0 [ 32.755687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.755784] kthread+0x328/0x630 [ 32.755816] ret_from_fork+0x10/0x20 [ 32.755870] [ 32.755909] Freed by task 227: [ 32.756231] kasan_save_stack+0x3c/0x68 [ 32.756309] kasan_save_track+0x20/0x40 [ 32.756427] kasan_save_free_info+0x4c/0x78 [ 32.756496] __kasan_slab_free+0x6c/0x98 [ 32.756618] kfree+0x214/0x3c8 [ 32.756697] ksize_uaf+0x11c/0x5f8 [ 32.756765] kunit_try_run_case+0x170/0x3f0 [ 32.756892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.756968] kthread+0x328/0x630 [ 32.757002] ret_from_fork+0x10/0x20 [ 32.757256] [ 32.757303] The buggy address belongs to the object at fff00000c63fbd00 [ 32.757303] which belongs to the cache kmalloc-128 of size 128 [ 32.757476] The buggy address is located 0 bytes inside of [ 32.757476] freed 128-byte region [fff00000c63fbd00, fff00000c63fbd80) [ 32.757620] [ 32.757668] The buggy address belongs to the physical page: [ 32.757737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.757842] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.757940] page_type: f5(slab) [ 32.758045] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.758100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.758176] page dumped because: kasan: bad access detected [ 32.758470] [ 32.758510] Memory state around the buggy address: [ 32.758629] fff00000c63fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.758692] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.758755] >fff00000c63fbd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.758884] ^ [ 32.758933] fff00000c63fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.758989] fff00000c63fbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.759142] ================================================================== [ 32.747404] ================================================================== [ 32.747774] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 32.747863] Read of size 1 at addr fff00000c63fbd00 by task kunit_try_catch/227 [ 32.747970] [ 32.748028] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.748150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.748186] Hardware name: linux,dummy-virt (DT) [ 32.748385] Call trace: [ 32.748538] show_stack+0x20/0x38 (C) [ 32.748593] dump_stack_lvl+0x8c/0xd0 [ 32.748643] print_report+0x118/0x608 [ 32.748692] kasan_report+0xdc/0x128 [ 32.748750] __kasan_check_byte+0x54/0x70 [ 32.748797] ksize+0x30/0x88 [ 32.748844] ksize_uaf+0x168/0x5f8 [ 32.748897] kunit_try_run_case+0x170/0x3f0 [ 32.748947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.749002] kthread+0x328/0x630 [ 32.749045] ret_from_fork+0x10/0x20 [ 32.749094] [ 32.749130] Allocated by task 227: [ 32.749170] kasan_save_stack+0x3c/0x68 [ 32.749213] kasan_save_track+0x20/0x40 [ 32.749260] kasan_save_alloc_info+0x40/0x58 [ 32.749298] __kasan_kmalloc+0xd4/0xd8 [ 32.749336] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.749375] ksize_uaf+0xb8/0x5f8 [ 32.749412] kunit_try_run_case+0x170/0x3f0 [ 32.749460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.749511] kthread+0x328/0x630 [ 32.749551] ret_from_fork+0x10/0x20 [ 32.749589] [ 32.749626] Freed by task 227: [ 32.749669] kasan_save_stack+0x3c/0x68 [ 32.749708] kasan_save_track+0x20/0x40 [ 32.749747] kasan_save_free_info+0x4c/0x78 [ 32.749793] __kasan_slab_free+0x6c/0x98 [ 32.749832] kfree+0x214/0x3c8 [ 32.749867] ksize_uaf+0x11c/0x5f8 [ 32.749908] kunit_try_run_case+0x170/0x3f0 [ 32.749949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.750003] kthread+0x328/0x630 [ 32.750036] ret_from_fork+0x10/0x20 [ 32.750072] [ 32.750091] The buggy address belongs to the object at fff00000c63fbd00 [ 32.750091] which belongs to the cache kmalloc-128 of size 128 [ 32.750272] The buggy address is located 0 bytes inside of [ 32.750272] freed 128-byte region [fff00000c63fbd00, fff00000c63fbd80) [ 32.750349] [ 32.750370] The buggy address belongs to the physical page: [ 32.750402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.750657] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.750923] page_type: f5(slab) [ 32.751003] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.751230] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.751484] page dumped because: kasan: bad access detected [ 32.751551] [ 32.751655] Memory state around the buggy address: [ 32.751713] fff00000c63fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.751784] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751889] >fff00000c63fbd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.751929] ^ [ 32.751959] fff00000c63fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.752127] fff00000c63fbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.752314] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 32.732274] ================================================================== [ 32.732325] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 32.732687] Read of size 1 at addr fff00000c63fbc78 by task kunit_try_catch/225 [ 32.732776] [ 32.732815] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.732992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.733062] Hardware name: linux,dummy-virt (DT) [ 32.733139] Call trace: [ 32.733247] show_stack+0x20/0x38 (C) [ 32.733335] dump_stack_lvl+0x8c/0xd0 [ 32.733431] print_report+0x118/0x608 [ 32.733584] kasan_report+0xdc/0x128 [ 32.733667] __asan_report_load1_noabort+0x20/0x30 [ 32.733754] ksize_unpoisons_memory+0x618/0x740 [ 32.733822] kunit_try_run_case+0x170/0x3f0 [ 32.733890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.734287] kthread+0x328/0x630 [ 32.734364] ret_from_fork+0x10/0x20 [ 32.734512] [ 32.734561] Allocated by task 225: [ 32.734626] kasan_save_stack+0x3c/0x68 [ 32.734762] kasan_save_track+0x20/0x40 [ 32.734830] kasan_save_alloc_info+0x40/0x58 [ 32.734916] __kasan_kmalloc+0xd4/0xd8 [ 32.735028] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.735068] ksize_unpoisons_memory+0xc0/0x740 [ 32.735126] kunit_try_run_case+0x170/0x3f0 [ 32.735200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.735432] kthread+0x328/0x630 [ 32.735584] ret_from_fork+0x10/0x20 [ 32.735652] [ 32.735741] The buggy address belongs to the object at fff00000c63fbc00 [ 32.735741] which belongs to the cache kmalloc-128 of size 128 [ 32.735847] The buggy address is located 5 bytes to the right of [ 32.735847] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.735923] [ 32.735943] The buggy address belongs to the physical page: [ 32.735975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.736303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.736453] page_type: f5(slab) [ 32.736531] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.736604] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.736657] page dumped because: kasan: bad access detected [ 32.736702] [ 32.736734] Memory state around the buggy address: [ 32.736766] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.736825] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.736868] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.736907] ^ [ 32.736971] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.737019] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.737058] ================================================================== [ 32.737707] ================================================================== [ 32.737774] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 32.737856] Read of size 1 at addr fff00000c63fbc7f by task kunit_try_catch/225 [ 32.737923] [ 32.737959] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.738046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.738908] Hardware name: linux,dummy-virt (DT) [ 32.738954] Call trace: [ 32.738978] show_stack+0x20/0x38 (C) [ 32.739029] dump_stack_lvl+0x8c/0xd0 [ 32.739102] print_report+0x118/0x608 [ 32.739181] kasan_report+0xdc/0x128 [ 32.739230] __asan_report_load1_noabort+0x20/0x30 [ 32.739279] ksize_unpoisons_memory+0x690/0x740 [ 32.739327] kunit_try_run_case+0x170/0x3f0 [ 32.739376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.739431] kthread+0x328/0x630 [ 32.739849] ret_from_fork+0x10/0x20 [ 32.739900] [ 32.739920] Allocated by task 225: [ 32.739951] kasan_save_stack+0x3c/0x68 [ 32.739993] kasan_save_track+0x20/0x40 [ 32.740033] kasan_save_alloc_info+0x40/0x58 [ 32.740068] __kasan_kmalloc+0xd4/0xd8 [ 32.740105] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.740145] ksize_unpoisons_memory+0xc0/0x740 [ 32.740198] kunit_try_run_case+0x170/0x3f0 [ 32.740237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.740282] kthread+0x328/0x630 [ 32.740317] ret_from_fork+0x10/0x20 [ 32.740353] [ 32.740371] The buggy address belongs to the object at fff00000c63fbc00 [ 32.740371] which belongs to the cache kmalloc-128 of size 128 [ 32.740430] The buggy address is located 12 bytes to the right of [ 32.740430] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.740496] [ 32.740517] The buggy address belongs to the physical page: [ 32.740548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.740601] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.740648] page_type: f5(slab) [ 32.740685] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.740735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.740776] page dumped because: kasan: bad access detected [ 32.740808] [ 32.740825] Memory state around the buggy address: [ 32.740856] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.740899] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.740942] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.740980] ^ [ 32.741020] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.741063] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.741102] ================================================================== [ 32.727785] ================================================================== [ 32.727846] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 32.728061] Read of size 1 at addr fff00000c63fbc73 by task kunit_try_catch/225 [ 32.728298] [ 32.728355] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.728514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.728558] Hardware name: linux,dummy-virt (DT) [ 32.728610] Call trace: [ 32.728644] show_stack+0x20/0x38 (C) [ 32.728733] dump_stack_lvl+0x8c/0xd0 [ 32.728789] print_report+0x118/0x608 [ 32.728845] kasan_report+0xdc/0x128 [ 32.728897] __asan_report_load1_noabort+0x20/0x30 [ 32.728985] ksize_unpoisons_memory+0x628/0x740 [ 32.729040] kunit_try_run_case+0x170/0x3f0 [ 32.729096] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.729151] kthread+0x328/0x630 [ 32.729332] ret_from_fork+0x10/0x20 [ 32.729382] [ 32.729400] Allocated by task 225: [ 32.729547] kasan_save_stack+0x3c/0x68 [ 32.729600] kasan_save_track+0x20/0x40 [ 32.729675] kasan_save_alloc_info+0x40/0x58 [ 32.729732] __kasan_kmalloc+0xd4/0xd8 [ 32.729769] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.729821] ksize_unpoisons_memory+0xc0/0x740 [ 32.729919] kunit_try_run_case+0x170/0x3f0 [ 32.729977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.730021] kthread+0x328/0x630 [ 32.730076] ret_from_fork+0x10/0x20 [ 32.730111] [ 32.730182] The buggy address belongs to the object at fff00000c63fbc00 [ 32.730182] which belongs to the cache kmalloc-128 of size 128 [ 32.730259] The buggy address is located 0 bytes to the right of [ 32.730259] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.730325] [ 32.730346] The buggy address belongs to the physical page: [ 32.730378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.730508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.730652] page_type: f5(slab) [ 32.730697] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.730795] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.730880] page dumped because: kasan: bad access detected [ 32.730915] [ 32.730973] Memory state around the buggy address: [ 32.731008] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.731050] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731192] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.731233] ^ [ 32.731299] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731343] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731405] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 32.717533] ================================================================== [ 32.717606] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 32.717654] Free of addr fff00000c57889c0 by task kunit_try_catch/223 [ 32.717698] [ 32.717726] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.717814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.717840] Hardware name: linux,dummy-virt (DT) [ 32.717871] Call trace: [ 32.717893] show_stack+0x20/0x38 (C) [ 32.717942] dump_stack_lvl+0x8c/0xd0 [ 32.717988] print_report+0x118/0x608 [ 32.718036] kasan_report_invalid_free+0xc0/0xe8 [ 32.718088] check_slab_allocation+0xd4/0x108 [ 32.718137] __kasan_slab_pre_free+0x2c/0x48 [ 32.718204] kfree+0xe8/0x3c8 [ 32.718289] kfree_sensitive+0x3c/0xb0 [ 32.718338] kmalloc_double_kzfree+0x168/0x308 [ 32.718387] kunit_try_run_case+0x170/0x3f0 [ 32.718436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.718489] kthread+0x328/0x630 [ 32.718532] ret_from_fork+0x10/0x20 [ 32.718584] [ 32.718632] Allocated by task 223: [ 32.718671] kasan_save_stack+0x3c/0x68 [ 32.718714] kasan_save_track+0x20/0x40 [ 32.718752] kasan_save_alloc_info+0x40/0x58 [ 32.718789] __kasan_kmalloc+0xd4/0xd8 [ 32.718835] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.718883] kmalloc_double_kzfree+0xb8/0x308 [ 32.718923] kunit_try_run_case+0x170/0x3f0 [ 32.718961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.719005] kthread+0x328/0x630 [ 32.719038] ret_from_fork+0x10/0x20 [ 32.719212] [ 32.719234] Freed by task 223: [ 32.719262] kasan_save_stack+0x3c/0x68 [ 32.719324] kasan_save_track+0x20/0x40 [ 32.719371] kasan_save_free_info+0x4c/0x78 [ 32.719417] __kasan_slab_free+0x6c/0x98 [ 32.719478] kfree+0x214/0x3c8 [ 32.719544] kfree_sensitive+0x80/0xb0 [ 32.719614] kmalloc_double_kzfree+0x11c/0x308 [ 32.719695] kunit_try_run_case+0x170/0x3f0 [ 32.719776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.719876] kthread+0x328/0x630 [ 32.719944] ret_from_fork+0x10/0x20 [ 32.720058] [ 32.720121] The buggy address belongs to the object at fff00000c57889c0 [ 32.720121] which belongs to the cache kmalloc-16 of size 16 [ 32.720299] The buggy address is located 0 bytes inside of [ 32.720299] 16-byte region [fff00000c57889c0, fff00000c57889d0) [ 32.720363] [ 32.720397] The buggy address belongs to the physical page: [ 32.720430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.720481] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.720674] page_type: f5(slab) [ 32.720746] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.720867] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.720947] page dumped because: kasan: bad access detected [ 32.721021] [ 32.721070] Memory state around the buggy address: [ 32.721181] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.721254] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.721367] >fff00000c5788980: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.721425] ^ [ 32.721504] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.721596] fff00000c5788a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.721672] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 32.709923] ================================================================== [ 32.709990] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 32.710154] Read of size 1 at addr fff00000c57889c0 by task kunit_try_catch/223 [ 32.710238] [ 32.710341] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.710519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.710555] Hardware name: linux,dummy-virt (DT) [ 32.710628] Call trace: [ 32.710655] show_stack+0x20/0x38 (C) [ 32.710714] dump_stack_lvl+0x8c/0xd0 [ 32.710785] print_report+0x118/0x608 [ 32.710834] kasan_report+0xdc/0x128 [ 32.710881] __kasan_check_byte+0x54/0x70 [ 32.710931] kfree_sensitive+0x30/0xb0 [ 32.710987] kmalloc_double_kzfree+0x168/0x308 [ 32.711119] kunit_try_run_case+0x170/0x3f0 [ 32.711192] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.711259] kthread+0x328/0x630 [ 32.711303] ret_from_fork+0x10/0x20 [ 32.711503] [ 32.711600] Allocated by task 223: [ 32.711633] kasan_save_stack+0x3c/0x68 [ 32.711679] kasan_save_track+0x20/0x40 [ 32.711716] kasan_save_alloc_info+0x40/0x58 [ 32.711755] __kasan_kmalloc+0xd4/0xd8 [ 32.711793] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.712066] kmalloc_double_kzfree+0xb8/0x308 [ 32.712211] kunit_try_run_case+0x170/0x3f0 [ 32.712279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.712376] kthread+0x328/0x630 [ 32.712436] ret_from_fork+0x10/0x20 [ 32.712525] [ 32.712546] Freed by task 223: [ 32.712575] kasan_save_stack+0x3c/0x68 [ 32.712632] kasan_save_track+0x20/0x40 [ 32.712814] kasan_save_free_info+0x4c/0x78 [ 32.712951] __kasan_slab_free+0x6c/0x98 [ 32.713109] kfree+0x214/0x3c8 [ 32.713239] kfree_sensitive+0x80/0xb0 [ 32.713331] kmalloc_double_kzfree+0x11c/0x308 [ 32.713423] kunit_try_run_case+0x170/0x3f0 [ 32.713532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.713612] kthread+0x328/0x630 [ 32.713686] ret_from_fork+0x10/0x20 [ 32.713785] [ 32.713844] The buggy address belongs to the object at fff00000c57889c0 [ 32.713844] which belongs to the cache kmalloc-16 of size 16 [ 32.713924] The buggy address is located 0 bytes inside of [ 32.713924] freed 16-byte region [fff00000c57889c0, fff00000c57889d0) [ 32.714105] [ 32.714237] The buggy address belongs to the physical page: [ 32.714293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.714380] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.714457] page_type: f5(slab) [ 32.714524] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.714602] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.714643] page dumped because: kasan: bad access detected [ 32.714696] [ 32.714728] Memory state around the buggy address: [ 32.714767] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.714830] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.714873] >fff00000c5788980: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.714912] ^ [ 32.714964] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.715014] fff00000c5788a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.715063] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 32.691461] ================================================================== [ 32.691556] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 32.691628] Read of size 1 at addr fff00000c990ba28 by task kunit_try_catch/219 [ 32.691681] [ 32.691727] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.691815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.691843] Hardware name: linux,dummy-virt (DT) [ 32.691874] Call trace: [ 32.691897] show_stack+0x20/0x38 (C) [ 32.691948] dump_stack_lvl+0x8c/0xd0 [ 32.692128] print_report+0x118/0x608 [ 32.692218] kasan_report+0xdc/0x128 [ 32.692287] __asan_report_load1_noabort+0x20/0x30 [ 32.692349] kmalloc_uaf2+0x3f4/0x468 [ 32.692422] kunit_try_run_case+0x170/0x3f0 [ 32.692502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.692629] kthread+0x328/0x630 [ 32.692707] ret_from_fork+0x10/0x20 [ 32.692782] [ 32.692876] Allocated by task 219: [ 32.692935] kasan_save_stack+0x3c/0x68 [ 32.693009] kasan_save_track+0x20/0x40 [ 32.693092] kasan_save_alloc_info+0x40/0x58 [ 32.693129] __kasan_kmalloc+0xd4/0xd8 [ 32.693196] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.693383] kmalloc_uaf2+0xc4/0x468 [ 32.693538] kunit_try_run_case+0x170/0x3f0 [ 32.693687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.693776] kthread+0x328/0x630 [ 32.693851] ret_from_fork+0x10/0x20 [ 32.693947] [ 32.693996] Freed by task 219: [ 32.694060] kasan_save_stack+0x3c/0x68 [ 32.694139] kasan_save_track+0x20/0x40 [ 32.694226] kasan_save_free_info+0x4c/0x78 [ 32.694308] __kasan_slab_free+0x6c/0x98 [ 32.694346] kfree+0x214/0x3c8 [ 32.694715] kmalloc_uaf2+0x134/0x468 [ 32.694838] kunit_try_run_case+0x170/0x3f0 [ 32.694934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.695018] kthread+0x328/0x630 [ 32.695087] ret_from_fork+0x10/0x20 [ 32.695142] [ 32.695234] The buggy address belongs to the object at fff00000c990ba00 [ 32.695234] which belongs to the cache kmalloc-64 of size 64 [ 32.695339] The buggy address is located 40 bytes inside of [ 32.695339] freed 64-byte region [fff00000c990ba00, fff00000c990ba40) [ 32.695485] [ 32.695534] The buggy address belongs to the physical page: [ 32.695569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b [ 32.695621] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.695670] page_type: f5(slab) [ 32.695709] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.695985] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.696070] page dumped because: kasan: bad access detected [ 32.696321] [ 32.696358] Memory state around the buggy address: [ 32.696398] fff00000c990b900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.696445] fff00000c990b980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.696489] >fff00000c990ba00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.696528] ^ [ 32.696561] fff00000c990ba80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 32.696603] fff00000c990bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.696642] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 32.681255] ================================================================== [ 32.681318] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 32.681375] Write of size 33 at addr fff00000c990b880 by task kunit_try_catch/217 [ 32.681430] [ 32.681462] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.681557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.681586] Hardware name: linux,dummy-virt (DT) [ 32.681643] Call trace: [ 32.681668] show_stack+0x20/0x38 (C) [ 32.681721] dump_stack_lvl+0x8c/0xd0 [ 32.681773] print_report+0x118/0x608 [ 32.681822] kasan_report+0xdc/0x128 [ 32.681869] kasan_check_range+0x100/0x1a8 [ 32.681916] __asan_memset+0x34/0x78 [ 32.681959] kmalloc_uaf_memset+0x170/0x310 [ 32.682007] kunit_try_run_case+0x170/0x3f0 [ 32.682057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.682111] kthread+0x328/0x630 [ 32.682167] ret_from_fork+0x10/0x20 [ 32.682217] [ 32.682235] Allocated by task 217: [ 32.682272] kasan_save_stack+0x3c/0x68 [ 32.682318] kasan_save_track+0x20/0x40 [ 32.682367] kasan_save_alloc_info+0x40/0x58 [ 32.682405] __kasan_kmalloc+0xd4/0xd8 [ 32.682446] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.682489] kmalloc_uaf_memset+0xb8/0x310 [ 32.682526] kunit_try_run_case+0x170/0x3f0 [ 32.682564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.682608] kthread+0x328/0x630 [ 32.682646] ret_from_fork+0x10/0x20 [ 32.682690] [ 32.682710] Freed by task 217: [ 32.682738] kasan_save_stack+0x3c/0x68 [ 32.682779] kasan_save_track+0x20/0x40 [ 32.682817] kasan_save_free_info+0x4c/0x78 [ 32.682857] __kasan_slab_free+0x6c/0x98 [ 32.682895] kfree+0x214/0x3c8 [ 32.682927] kmalloc_uaf_memset+0x11c/0x310 [ 32.682965] kunit_try_run_case+0x170/0x3f0 [ 32.683011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.683064] kthread+0x328/0x630 [ 32.683096] ret_from_fork+0x10/0x20 [ 32.683133] [ 32.683151] The buggy address belongs to the object at fff00000c990b880 [ 32.683151] which belongs to the cache kmalloc-64 of size 64 [ 32.683531] The buggy address is located 0 bytes inside of [ 32.683531] freed 64-byte region [fff00000c990b880, fff00000c990b8c0) [ 32.683657] [ 32.683677] The buggy address belongs to the physical page: [ 32.686169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b [ 32.686239] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.686292] page_type: f5(slab) [ 32.686331] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.686384] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.686424] page dumped because: kasan: bad access detected [ 32.686456] [ 32.686476] Memory state around the buggy address: [ 32.686506] fff00000c990b780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.686550] fff00000c990b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.686593] >fff00000c990b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.686632] ^ [ 32.686659] fff00000c990b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.686703] fff00000c990b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.686744] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 32.669449] ================================================================== [ 32.669516] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 32.669568] Read of size 1 at addr fff00000c57889a8 by task kunit_try_catch/215 [ 32.669617] [ 32.669646] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.669761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.669790] Hardware name: linux,dummy-virt (DT) [ 32.669822] Call trace: [ 32.669845] show_stack+0x20/0x38 (C) [ 32.669893] dump_stack_lvl+0x8c/0xd0 [ 32.669941] print_report+0x118/0x608 [ 32.669989] kasan_report+0xdc/0x128 [ 32.670036] __asan_report_load1_noabort+0x20/0x30 [ 32.670085] kmalloc_uaf+0x300/0x338 [ 32.670134] kunit_try_run_case+0x170/0x3f0 [ 32.670197] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.670251] kthread+0x328/0x630 [ 32.670524] ret_from_fork+0x10/0x20 [ 32.670742] [ 32.670787] Allocated by task 215: [ 32.670817] kasan_save_stack+0x3c/0x68 [ 32.670875] kasan_save_track+0x20/0x40 [ 32.670915] kasan_save_alloc_info+0x40/0x58 [ 32.670962] __kasan_kmalloc+0xd4/0xd8 [ 32.671010] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.671073] kmalloc_uaf+0xb8/0x338 [ 32.671300] kunit_try_run_case+0x170/0x3f0 [ 32.671344] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.671389] kthread+0x328/0x630 [ 32.671461] ret_from_fork+0x10/0x20 [ 32.671524] [ 32.671574] Freed by task 215: [ 32.671654] kasan_save_stack+0x3c/0x68 [ 32.671712] kasan_save_track+0x20/0x40 [ 32.671780] kasan_save_free_info+0x4c/0x78 [ 32.671874] __kasan_slab_free+0x6c/0x98 [ 32.671941] kfree+0x214/0x3c8 [ 32.671986] kmalloc_uaf+0x11c/0x338 [ 32.672021] kunit_try_run_case+0x170/0x3f0 [ 32.672060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.672104] kthread+0x328/0x630 [ 32.672138] ret_from_fork+0x10/0x20 [ 32.672185] [ 32.672474] The buggy address belongs to the object at fff00000c57889a0 [ 32.672474] which belongs to the cache kmalloc-16 of size 16 [ 32.672571] The buggy address is located 8 bytes inside of [ 32.672571] freed 16-byte region [fff00000c57889a0, fff00000c57889b0) [ 32.672849] [ 32.672917] The buggy address belongs to the physical page: [ 32.672970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.673037] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.673122] page_type: f5(slab) [ 32.673180] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.673250] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.673329] page dumped because: kasan: bad access detected [ 32.673397] [ 32.673477] Memory state around the buggy address: [ 32.673544] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.673613] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.673694] >fff00000c5788980: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 32.673750] ^ [ 32.673805] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.673878] fff00000c5788a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.673946] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 32.661070] ================================================================== [ 32.661135] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 32.661249] Read of size 64 at addr fff00000c990b584 by task kunit_try_catch/213 [ 32.661316] [ 32.661365] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.661454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.661485] Hardware name: linux,dummy-virt (DT) [ 32.661764] Call trace: [ 32.661825] show_stack+0x20/0x38 (C) [ 32.661881] dump_stack_lvl+0x8c/0xd0 [ 32.661968] print_report+0x118/0x608 [ 32.662025] kasan_report+0xdc/0x128 [ 32.662071] kasan_check_range+0x100/0x1a8 [ 32.662135] __asan_memmove+0x3c/0x98 [ 32.662221] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 32.662279] kunit_try_run_case+0x170/0x3f0 [ 32.662331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.662396] kthread+0x328/0x630 [ 32.662475] ret_from_fork+0x10/0x20 [ 32.662532] [ 32.662561] Allocated by task 213: [ 32.662599] kasan_save_stack+0x3c/0x68 [ 32.662640] kasan_save_track+0x20/0x40 [ 32.662728] kasan_save_alloc_info+0x40/0x58 [ 32.662765] __kasan_kmalloc+0xd4/0xd8 [ 32.662804] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.662851] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 32.662894] kunit_try_run_case+0x170/0x3f0 [ 32.663053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.663104] kthread+0x328/0x630 [ 32.663231] ret_from_fork+0x10/0x20 [ 32.663296] [ 32.663363] The buggy address belongs to the object at fff00000c990b580 [ 32.663363] which belongs to the cache kmalloc-64 of size 64 [ 32.663431] The buggy address is located 4 bytes inside of [ 32.663431] allocated 64-byte region [fff00000c990b580, fff00000c990b5c0) [ 32.663525] [ 32.663566] The buggy address belongs to the physical page: [ 32.663647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b [ 32.663725] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.663797] page_type: f5(slab) [ 32.663899] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.663975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.664026] page dumped because: kasan: bad access detected [ 32.664080] [ 32.664099] Memory state around the buggy address: [ 32.664130] fff00000c990b480: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.664183] fff00000c990b500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.664226] >fff00000c990b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.664264] ^ [ 32.664298] fff00000c990b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.664341] fff00000c990b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.664379] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 32.651301] ================================================================== [ 32.651370] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 32.651425] Read of size 18446744073709551614 at addr fff00000c990b384 by task kunit_try_catch/211 [ 32.651672] [ 32.651715] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.651831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.651915] Hardware name: linux,dummy-virt (DT) [ 32.651984] Call trace: [ 32.652036] show_stack+0x20/0x38 (C) [ 32.652137] dump_stack_lvl+0x8c/0xd0 [ 32.652243] print_report+0x118/0x608 [ 32.652299] kasan_report+0xdc/0x128 [ 32.652368] kasan_check_range+0x100/0x1a8 [ 32.652415] __asan_memmove+0x3c/0x98 [ 32.652458] kmalloc_memmove_negative_size+0x154/0x2e0 [ 32.652608] kunit_try_run_case+0x170/0x3f0 [ 32.652685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.652802] kthread+0x328/0x630 [ 32.652869] ret_from_fork+0x10/0x20 [ 32.652943] [ 32.653016] Allocated by task 211: [ 32.653066] kasan_save_stack+0x3c/0x68 [ 32.653148] kasan_save_track+0x20/0x40 [ 32.653255] kasan_save_alloc_info+0x40/0x58 [ 32.653313] __kasan_kmalloc+0xd4/0xd8 [ 32.653399] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.653473] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 32.653545] kunit_try_run_case+0x170/0x3f0 [ 32.653618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.653699] kthread+0x328/0x630 [ 32.653742] ret_from_fork+0x10/0x20 [ 32.653778] [ 32.653797] The buggy address belongs to the object at fff00000c990b380 [ 32.653797] which belongs to the cache kmalloc-64 of size 64 [ 32.653863] The buggy address is located 4 bytes inside of [ 32.653863] 64-byte region [fff00000c990b380, fff00000c990b3c0) [ 32.653931] [ 32.653961] The buggy address belongs to the physical page: [ 32.653997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b [ 32.654049] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.654113] page_type: f5(slab) [ 32.654151] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.654220] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.654270] page dumped because: kasan: bad access detected [ 32.654302] [ 32.654319] Memory state around the buggy address: [ 32.654350] fff00000c990b280: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 32.654403] fff00000c990b300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.654446] >fff00000c990b380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.654485] ^ [ 32.654520] fff00000c990b400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.654563] fff00000c990b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.654601] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 32.642241] ================================================================== [ 32.642301] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 32.642351] Write of size 16 at addr fff00000c63fbb69 by task kunit_try_catch/209 [ 32.642647] [ 32.642708] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.642795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.642828] Hardware name: linux,dummy-virt (DT) [ 32.642888] Call trace: [ 32.642925] show_stack+0x20/0x38 (C) [ 32.642977] dump_stack_lvl+0x8c/0xd0 [ 32.643042] print_report+0x118/0x608 [ 32.643963] kasan_report+0xdc/0x128 [ 32.644029] kasan_check_range+0x100/0x1a8 [ 32.644077] __asan_memset+0x34/0x78 [ 32.644121] kmalloc_oob_memset_16+0x150/0x2f8 [ 32.644181] kunit_try_run_case+0x170/0x3f0 [ 32.644230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.644284] kthread+0x328/0x630 [ 32.644328] ret_from_fork+0x10/0x20 [ 32.644374] [ 32.644392] Allocated by task 209: [ 32.644421] kasan_save_stack+0x3c/0x68 [ 32.644464] kasan_save_track+0x20/0x40 [ 32.644502] kasan_save_alloc_info+0x40/0x58 [ 32.644541] __kasan_kmalloc+0xd4/0xd8 [ 32.644579] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.644618] kmalloc_oob_memset_16+0xb0/0x2f8 [ 32.644657] kunit_try_run_case+0x170/0x3f0 [ 32.644695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.644742] kthread+0x328/0x630 [ 32.644777] ret_from_fork+0x10/0x20 [ 32.644814] [ 32.644833] The buggy address belongs to the object at fff00000c63fbb00 [ 32.644833] which belongs to the cache kmalloc-128 of size 128 [ 32.644891] The buggy address is located 105 bytes inside of [ 32.644891] allocated 120-byte region [fff00000c63fbb00, fff00000c63fbb78) [ 32.644955] [ 32.644975] The buggy address belongs to the physical page: [ 32.645007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.645058] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.645106] page_type: f5(slab) [ 32.645143] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.645202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.645243] page dumped because: kasan: bad access detected [ 32.645276] [ 32.645294] Memory state around the buggy address: [ 32.645324] fff00000c63fba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.645367] fff00000c63fba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645410] >fff00000c63fbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.645449] ^ [ 32.645494] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645536] fff00000c63fbc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645572] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 32.630309] ================================================================== [ 32.630369] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 32.630798] Write of size 8 at addr fff00000c63fba71 by task kunit_try_catch/207 [ 32.630875] [ 32.631148] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.631497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.631525] Hardware name: linux,dummy-virt (DT) [ 32.631574] Call trace: [ 32.631597] show_stack+0x20/0x38 (C) [ 32.631647] dump_stack_lvl+0x8c/0xd0 [ 32.631696] print_report+0x118/0x608 [ 32.631742] kasan_report+0xdc/0x128 [ 32.631789] kasan_check_range+0x100/0x1a8 [ 32.631833] __asan_memset+0x34/0x78 [ 32.631876] kmalloc_oob_memset_8+0x150/0x2f8 [ 32.632153] kunit_try_run_case+0x170/0x3f0 [ 32.632226] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.632279] kthread+0x328/0x630 [ 32.632320] ret_from_fork+0x10/0x20 [ 32.632748] [ 32.632836] Allocated by task 207: [ 32.632919] kasan_save_stack+0x3c/0x68 [ 32.632963] kasan_save_track+0x20/0x40 [ 32.633007] kasan_save_alloc_info+0x40/0x58 [ 32.633049] __kasan_kmalloc+0xd4/0xd8 [ 32.633220] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.633280] kmalloc_oob_memset_8+0xb0/0x2f8 [ 32.633419] kunit_try_run_case+0x170/0x3f0 [ 32.633457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.633503] kthread+0x328/0x630 [ 32.633550] ret_from_fork+0x10/0x20 [ 32.633585] [ 32.633661] The buggy address belongs to the object at fff00000c63fba00 [ 32.633661] which belongs to the cache kmalloc-128 of size 128 [ 32.633717] The buggy address is located 113 bytes inside of [ 32.633717] allocated 120-byte region [fff00000c63fba00, fff00000c63fba78) [ 32.633817] [ 32.633895] The buggy address belongs to the physical page: [ 32.633984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.634034] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.634080] page_type: f5(slab) [ 32.634174] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.634224] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.634263] page dumped because: kasan: bad access detected [ 32.634293] [ 32.634311] Memory state around the buggy address: [ 32.634340] fff00000c63fb900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.634381] fff00000c63fb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.634474] >fff00000c63fba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.634511] ^ [ 32.634550] fff00000c63fba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.634590] fff00000c63fbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.634627] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 32.618278] ================================================================== [ 32.618610] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 32.618665] Write of size 4 at addr fff00000c63fb975 by task kunit_try_catch/205 [ 32.618715] [ 32.618745] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.618832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618858] Hardware name: linux,dummy-virt (DT) [ 32.618888] Call trace: [ 32.618912] show_stack+0x20/0x38 (C) [ 32.618959] dump_stack_lvl+0x8c/0xd0 [ 32.619007] print_report+0x118/0x608 [ 32.619066] kasan_report+0xdc/0x128 [ 32.619112] kasan_check_range+0x100/0x1a8 [ 32.619169] __asan_memset+0x34/0x78 [ 32.619223] kmalloc_oob_memset_4+0x150/0x300 [ 32.619377] kunit_try_run_case+0x170/0x3f0 [ 32.619815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.619907] kthread+0x328/0x630 [ 32.619952] ret_from_fork+0x10/0x20 [ 32.619999] [ 32.620018] Allocated by task 205: [ 32.620045] kasan_save_stack+0x3c/0x68 [ 32.620176] kasan_save_track+0x20/0x40 [ 32.620256] kasan_save_alloc_info+0x40/0x58 [ 32.620293] __kasan_kmalloc+0xd4/0xd8 [ 32.620370] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.620474] kmalloc_oob_memset_4+0xb0/0x300 [ 32.620631] kunit_try_run_case+0x170/0x3f0 [ 32.620668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.620718] kthread+0x328/0x630 [ 32.620784] ret_from_fork+0x10/0x20 [ 32.620879] [ 32.620900] The buggy address belongs to the object at fff00000c63fb900 [ 32.620900] which belongs to the cache kmalloc-128 of size 128 [ 32.620958] The buggy address is located 117 bytes inside of [ 32.620958] allocated 120-byte region [fff00000c63fb900, fff00000c63fb978) [ 32.621018] [ 32.621038] The buggy address belongs to the physical page: [ 32.621077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.621127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.621182] page_type: f5(slab) [ 32.621246] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.621639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.621715] page dumped because: kasan: bad access detected [ 32.621773] [ 32.621872] Memory state around the buggy address: [ 32.621903] fff00000c63fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.621978] fff00000c63fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622055] >fff00000c63fb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.622116] ^ [ 32.622527] fff00000c63fb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622576] fff00000c63fba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622613] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 32.601450] ================================================================== [ 32.601517] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 32.601570] Write of size 2 at addr fff00000c63fb877 by task kunit_try_catch/203 [ 32.601618] [ 32.601648] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.602353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.602522] Hardware name: linux,dummy-virt (DT) [ 32.602557] Call trace: [ 32.602713] show_stack+0x20/0x38 (C) [ 32.602908] dump_stack_lvl+0x8c/0xd0 [ 32.603004] print_report+0x118/0x608 [ 32.603226] kasan_report+0xdc/0x128 [ 32.603316] kasan_check_range+0x100/0x1a8 [ 32.603485] __asan_memset+0x34/0x78 [ 32.603530] kmalloc_oob_memset_2+0x150/0x2f8 [ 32.603576] kunit_try_run_case+0x170/0x3f0 [ 32.603624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.603676] kthread+0x328/0x630 [ 32.604029] ret_from_fork+0x10/0x20 [ 32.604080] [ 32.604099] Allocated by task 203: [ 32.604253] kasan_save_stack+0x3c/0x68 [ 32.604299] kasan_save_track+0x20/0x40 [ 32.604337] kasan_save_alloc_info+0x40/0x58 [ 32.604374] __kasan_kmalloc+0xd4/0xd8 [ 32.604410] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.604449] kmalloc_oob_memset_2+0xb0/0x2f8 [ 32.604486] kunit_try_run_case+0x170/0x3f0 [ 32.604761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.604827] kthread+0x328/0x630 [ 32.604907] ret_from_fork+0x10/0x20 [ 32.604943] [ 32.604992] The buggy address belongs to the object at fff00000c63fb800 [ 32.604992] which belongs to the cache kmalloc-128 of size 128 [ 32.605373] The buggy address is located 119 bytes inside of [ 32.605373] allocated 120-byte region [fff00000c63fb800, fff00000c63fb878) [ 32.605452] [ 32.605472] The buggy address belongs to the physical page: [ 32.605590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.605640] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.605687] page_type: f5(slab) [ 32.605725] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.605774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.605973] page dumped because: kasan: bad access detected [ 32.606006] [ 32.606086] Memory state around the buggy address: [ 32.606123] fff00000c63fb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.606210] fff00000c63fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.606266] >fff00000c63fb800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.606303] ^ [ 32.606603] fff00000c63fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.606690] fff00000c63fb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.606729] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 32.591918] ================================================================== [ 32.591976] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 32.592043] Write of size 128 at addr fff00000c63fb700 by task kunit_try_catch/201 [ 32.592200] [ 32.592229] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.592314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.592340] Hardware name: linux,dummy-virt (DT) [ 32.592378] Call trace: [ 32.592480] show_stack+0x20/0x38 (C) [ 32.592564] dump_stack_lvl+0x8c/0xd0 [ 32.592718] print_report+0x118/0x608 [ 32.592935] kasan_report+0xdc/0x128 [ 32.592988] kasan_check_range+0x100/0x1a8 [ 32.593137] __asan_memset+0x34/0x78 [ 32.593327] kmalloc_oob_in_memset+0x144/0x2d0 [ 32.593379] kunit_try_run_case+0x170/0x3f0 [ 32.593427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.593479] kthread+0x328/0x630 [ 32.593525] ret_from_fork+0x10/0x20 [ 32.593571] [ 32.593590] Allocated by task 201: [ 32.593617] kasan_save_stack+0x3c/0x68 [ 32.593890] kasan_save_track+0x20/0x40 [ 32.594052] kasan_save_alloc_info+0x40/0x58 [ 32.594197] __kasan_kmalloc+0xd4/0xd8 [ 32.594298] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.594343] kmalloc_oob_in_memset+0xb0/0x2d0 [ 32.594534] kunit_try_run_case+0x170/0x3f0 [ 32.594606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.594795] kthread+0x328/0x630 [ 32.594836] ret_from_fork+0x10/0x20 [ 32.594949] [ 32.595049] The buggy address belongs to the object at fff00000c63fb700 [ 32.595049] which belongs to the cache kmalloc-128 of size 128 [ 32.595134] The buggy address is located 0 bytes inside of [ 32.595134] allocated 120-byte region [fff00000c63fb700, fff00000c63fb778) [ 32.595205] [ 32.595224] The buggy address belongs to the physical page: [ 32.595255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.595303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.595359] page_type: f5(slab) [ 32.595510] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.595560] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.595598] page dumped because: kasan: bad access detected [ 32.595628] [ 32.595648] Memory state around the buggy address: [ 32.595688] fff00000c63fb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.595760] fff00000c63fb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.595801] >fff00000c63fb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.595855] ^ [ 32.595895] fff00000c63fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.595935] fff00000c63fb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.595971] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 32.581466] ================================================================== [ 32.581644] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 32.581835] Read of size 16 at addr fff00000c5788980 by task kunit_try_catch/199 [ 32.581995] [ 32.582026] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.582110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.582136] Hardware name: linux,dummy-virt (DT) [ 32.582179] Call trace: [ 32.582201] show_stack+0x20/0x38 (C) [ 32.582417] dump_stack_lvl+0x8c/0xd0 [ 32.582578] print_report+0x118/0x608 [ 32.582659] kasan_report+0xdc/0x128 [ 32.582705] __asan_report_load16_noabort+0x20/0x30 [ 32.582753] kmalloc_uaf_16+0x3bc/0x438 [ 32.582797] kunit_try_run_case+0x170/0x3f0 [ 32.582845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.582898] kthread+0x328/0x630 [ 32.582940] ret_from_fork+0x10/0x20 [ 32.582987] [ 32.583005] Allocated by task 199: [ 32.583033] kasan_save_stack+0x3c/0x68 [ 32.583080] kasan_save_track+0x20/0x40 [ 32.583228] kasan_save_alloc_info+0x40/0x58 [ 32.583275] __kasan_kmalloc+0xd4/0xd8 [ 32.583312] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.583350] kmalloc_uaf_16+0x140/0x438 [ 32.583385] kunit_try_run_case+0x170/0x3f0 [ 32.583423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.583512] kthread+0x328/0x630 [ 32.583544] ret_from_fork+0x10/0x20 [ 32.583578] [ 32.583596] Freed by task 199: [ 32.583622] kasan_save_stack+0x3c/0x68 [ 32.583658] kasan_save_track+0x20/0x40 [ 32.583913] kasan_save_free_info+0x4c/0x78 [ 32.584142] __kasan_slab_free+0x6c/0x98 [ 32.584283] kfree+0x214/0x3c8 [ 32.584345] kmalloc_uaf_16+0x190/0x438 [ 32.584380] kunit_try_run_case+0x170/0x3f0 [ 32.584417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.584460] kthread+0x328/0x630 [ 32.584491] ret_from_fork+0x10/0x20 [ 32.584526] [ 32.584545] The buggy address belongs to the object at fff00000c5788980 [ 32.584545] which belongs to the cache kmalloc-16 of size 16 [ 32.584703] The buggy address is located 0 bytes inside of [ 32.584703] freed 16-byte region [fff00000c5788980, fff00000c5788990) [ 32.584824] [ 32.584844] The buggy address belongs to the physical page: [ 32.584873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.584943] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.585012] page_type: f5(slab) [ 32.585051] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.585100] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.585140] page dumped because: kasan: bad access detected [ 32.585182] [ 32.585200] Memory state around the buggy address: [ 32.585239] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.585283] fff00000c5788900: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 32.585327] >fff00000c5788980: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.585440] ^ [ 32.585470] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.585539] fff00000c5788a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.585596] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 32.569251] ================================================================== [ 32.569462] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 32.569613] Write of size 16 at addr fff00000c5788920 by task kunit_try_catch/197 [ 32.569764] [ 32.569795] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.569879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.569905] Hardware name: linux,dummy-virt (DT) [ 32.569947] Call trace: [ 32.569969] show_stack+0x20/0x38 (C) [ 32.570018] dump_stack_lvl+0x8c/0xd0 [ 32.570300] print_report+0x118/0x608 [ 32.570437] kasan_report+0xdc/0x128 [ 32.570483] __asan_report_store16_noabort+0x20/0x30 [ 32.570548] kmalloc_oob_16+0x3a0/0x3f8 [ 32.570593] kunit_try_run_case+0x170/0x3f0 [ 32.570642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.570896] kthread+0x328/0x630 [ 32.570944] ret_from_fork+0x10/0x20 [ 32.570992] [ 32.571010] Allocated by task 197: [ 32.571037] kasan_save_stack+0x3c/0x68 [ 32.571077] kasan_save_track+0x20/0x40 [ 32.571114] kasan_save_alloc_info+0x40/0x58 [ 32.571170] __kasan_kmalloc+0xd4/0xd8 [ 32.571207] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.571246] kmalloc_oob_16+0xb4/0x3f8 [ 32.571280] kunit_try_run_case+0x170/0x3f0 [ 32.571544] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.571758] kthread+0x328/0x630 [ 32.571794] ret_from_fork+0x10/0x20 [ 32.571855] [ 32.571875] The buggy address belongs to the object at fff00000c5788920 [ 32.571875] which belongs to the cache kmalloc-16 of size 16 [ 32.571932] The buggy address is located 0 bytes inside of [ 32.571932] allocated 13-byte region [fff00000c5788920, fff00000c578892d) [ 32.572067] [ 32.572090] The buggy address belongs to the physical page: [ 32.572127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788 [ 32.572238] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.572383] page_type: f5(slab) [ 32.572452] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 32.572502] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.572541] page dumped because: kasan: bad access detected [ 32.572571] [ 32.572588] Memory state around the buggy address: [ 32.572617] fff00000c5788800: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 32.572659] fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.572756] >fff00000c5788900: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 32.572894] ^ [ 32.572925] fff00000c5788980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.572972] fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573047] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 32.558374] ================================================================== [ 32.558421] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 32.558467] Read of size 1 at addr fff00000c893f600 by task kunit_try_catch/195 [ 32.558515] [ 32.558542] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.558625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.558651] Hardware name: linux,dummy-virt (DT) [ 32.558681] Call trace: [ 32.558703] show_stack+0x20/0x38 (C) [ 32.558750] dump_stack_lvl+0x8c/0xd0 [ 32.558799] print_report+0x118/0x608 [ 32.559269] kasan_report+0xdc/0x128 [ 32.559341] __asan_report_load1_noabort+0x20/0x30 [ 32.559503] krealloc_uaf+0x4c8/0x520 [ 32.559550] kunit_try_run_case+0x170/0x3f0 [ 32.559598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.559650] kthread+0x328/0x630 [ 32.559713] ret_from_fork+0x10/0x20 [ 32.559760] [ 32.559778] Allocated by task 195: [ 32.559855] kasan_save_stack+0x3c/0x68 [ 32.559904] kasan_save_track+0x20/0x40 [ 32.559942] kasan_save_alloc_info+0x40/0x58 [ 32.560135] __kasan_kmalloc+0xd4/0xd8 [ 32.560304] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.560350] krealloc_uaf+0xc8/0x520 [ 32.560385] kunit_try_run_case+0x170/0x3f0 [ 32.560422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.560482] kthread+0x328/0x630 [ 32.560553] ret_from_fork+0x10/0x20 [ 32.560643] [ 32.560662] Freed by task 195: [ 32.560708] kasan_save_stack+0x3c/0x68 [ 32.560853] kasan_save_track+0x20/0x40 [ 32.560906] kasan_save_free_info+0x4c/0x78 [ 32.560981] __kasan_slab_free+0x6c/0x98 [ 32.561019] kfree+0x214/0x3c8 [ 32.561091] krealloc_uaf+0x12c/0x520 [ 32.561186] kunit_try_run_case+0x170/0x3f0 [ 32.561223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.561265] kthread+0x328/0x630 [ 32.561296] ret_from_fork+0x10/0x20 [ 32.561330] [ 32.561348] The buggy address belongs to the object at fff00000c893f600 [ 32.561348] which belongs to the cache kmalloc-256 of size 256 [ 32.561695] The buggy address is located 0 bytes inside of [ 32.561695] freed 256-byte region [fff00000c893f600, fff00000c893f700) [ 32.561758] [ 32.561845] The buggy address belongs to the physical page: [ 32.561919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.562178] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.562224] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.562273] page_type: f5(slab) [ 32.562318] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.562636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.562689] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.562758] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.562806] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.563035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.563138] page dumped because: kasan: bad access detected [ 32.563180] [ 32.563197] Memory state around the buggy address: [ 32.563227] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.563275] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.563315] >fff00000c893f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.563351] ^ [ 32.563378] fff00000c893f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.563791] fff00000c893f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.563849] ================================================================== [ 32.552140] ================================================================== [ 32.552229] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 32.552283] Read of size 1 at addr fff00000c893f600 by task kunit_try_catch/195 [ 32.552397] [ 32.552481] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.552569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.552594] Hardware name: linux,dummy-virt (DT) [ 32.552624] Call trace: [ 32.552646] show_stack+0x20/0x38 (C) [ 32.552996] dump_stack_lvl+0x8c/0xd0 [ 32.553068] print_report+0x118/0x608 [ 32.553116] kasan_report+0xdc/0x128 [ 32.553175] __kasan_check_byte+0x54/0x70 [ 32.553221] krealloc_noprof+0x44/0x360 [ 32.553269] krealloc_uaf+0x180/0x520 [ 32.553314] kunit_try_run_case+0x170/0x3f0 [ 32.553361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.553412] kthread+0x328/0x630 [ 32.553454] ret_from_fork+0x10/0x20 [ 32.553506] [ 32.553524] Allocated by task 195: [ 32.553587] kasan_save_stack+0x3c/0x68 [ 32.553635] kasan_save_track+0x20/0x40 [ 32.553771] kasan_save_alloc_info+0x40/0x58 [ 32.553806] __kasan_kmalloc+0xd4/0xd8 [ 32.553848] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.553931] krealloc_uaf+0xc8/0x520 [ 32.554063] kunit_try_run_case+0x170/0x3f0 [ 32.554101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.554144] kthread+0x328/0x630 [ 32.554191] ret_from_fork+0x10/0x20 [ 32.554351] [ 32.554446] Freed by task 195: [ 32.554538] kasan_save_stack+0x3c/0x68 [ 32.554617] kasan_save_track+0x20/0x40 [ 32.554659] kasan_save_free_info+0x4c/0x78 [ 32.554783] __kasan_slab_free+0x6c/0x98 [ 32.554820] kfree+0x214/0x3c8 [ 32.554852] krealloc_uaf+0x12c/0x520 [ 32.554887] kunit_try_run_case+0x170/0x3f0 [ 32.554924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.554971] kthread+0x328/0x630 [ 32.555091] ret_from_fork+0x10/0x20 [ 32.555126] [ 32.555474] The buggy address belongs to the object at fff00000c893f600 [ 32.555474] which belongs to the cache kmalloc-256 of size 256 [ 32.556010] The buggy address is located 0 bytes inside of [ 32.556010] freed 256-byte region [fff00000c893f600, fff00000c893f700) [ 32.556240] [ 32.556265] The buggy address belongs to the physical page: [ 32.556298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.556350] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.556396] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.556542] page_type: f5(slab) [ 32.556584] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.556633] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.556681] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.556729] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.556777] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.556824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.556862] page dumped because: kasan: bad access detected [ 32.556989] [ 32.557066] Memory state around the buggy address: [ 32.557378] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.557512] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.557620] >fff00000c893f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.557657] ^ [ 32.557685] fff00000c893f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.557726] fff00000c893f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.557762] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 32.534045] ================================================================== [ 32.534094] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.534143] Write of size 1 at addr fff00000c99f20ea by task kunit_try_catch/193 [ 32.534243] [ 32.534274] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.534358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.534384] Hardware name: linux,dummy-virt (DT) [ 32.534414] Call trace: [ 32.534437] show_stack+0x20/0x38 (C) [ 32.534486] dump_stack_lvl+0x8c/0xd0 [ 32.535310] print_report+0x118/0x608 [ 32.535601] kasan_report+0xdc/0x128 [ 32.535662] __asan_report_store1_noabort+0x20/0x30 [ 32.535709] krealloc_less_oob_helper+0xae4/0xc50 [ 32.535780] krealloc_large_less_oob+0x20/0x38 [ 32.535828] kunit_try_run_case+0x170/0x3f0 [ 32.535877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.535929] kthread+0x328/0x630 [ 32.536224] ret_from_fork+0x10/0x20 [ 32.536331] [ 32.536352] The buggy address belongs to the physical page: [ 32.536419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.536505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.536550] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.536600] page_type: f8(unknown) [ 32.536638] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.536686] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.536734] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.536955] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.537076] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.537126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.537176] page dumped because: kasan: bad access detected [ 32.537215] [ 32.537250] Memory state around the buggy address: [ 32.537280] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.537377] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.537418] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.537453] ^ [ 32.537623] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.537922] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.537960] ================================================================== [ 32.490861] ================================================================== [ 32.490930] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.490997] Write of size 1 at addr fff00000c893f4eb by task kunit_try_catch/189 [ 32.491052] [ 32.491087] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.491184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.491219] Hardware name: linux,dummy-virt (DT) [ 32.491250] Call trace: [ 32.491271] show_stack+0x20/0x38 (C) [ 32.491392] dump_stack_lvl+0x8c/0xd0 [ 32.491447] print_report+0x118/0x608 [ 32.491495] kasan_report+0xdc/0x128 [ 32.491541] __asan_report_store1_noabort+0x20/0x30 [ 32.491589] krealloc_less_oob_helper+0xa58/0xc50 [ 32.491637] krealloc_less_oob+0x20/0x38 [ 32.491683] kunit_try_run_case+0x170/0x3f0 [ 32.491893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.492020] kthread+0x328/0x630 [ 32.492077] ret_from_fork+0x10/0x20 [ 32.492225] [ 32.492290] Allocated by task 189: [ 32.492377] kasan_save_stack+0x3c/0x68 [ 32.492419] kasan_save_track+0x20/0x40 [ 32.492477] kasan_save_alloc_info+0x40/0x58 [ 32.492514] __kasan_krealloc+0x118/0x178 [ 32.492845] krealloc_noprof+0x128/0x360 [ 32.492923] krealloc_less_oob_helper+0x168/0xc50 [ 32.493011] krealloc_less_oob+0x20/0x38 [ 32.493082] kunit_try_run_case+0x170/0x3f0 [ 32.493187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.493257] kthread+0x328/0x630 [ 32.493289] ret_from_fork+0x10/0x20 [ 32.493324] [ 32.493343] The buggy address belongs to the object at fff00000c893f400 [ 32.493343] which belongs to the cache kmalloc-256 of size 256 [ 32.493398] The buggy address is located 34 bytes to the right of [ 32.493398] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.493474] [ 32.493521] The buggy address belongs to the physical page: [ 32.493673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.493780] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.493858] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.493936] page_type: f5(slab) [ 32.493983] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.494039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.494089] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.494137] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.494194] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.494247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.494297] page dumped because: kasan: bad access detected [ 32.494327] [ 32.494345] Memory state around the buggy address: [ 32.494374] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494417] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.494468] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.494505] ^ [ 32.494542] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494583] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.494629] ================================================================== [ 32.516976] ================================================================== [ 32.517035] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.517091] Write of size 1 at addr fff00000c99f20c9 by task kunit_try_catch/193 [ 32.517152] [ 32.517199] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.517462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.517501] Hardware name: linux,dummy-virt (DT) [ 32.517535] Call trace: [ 32.517557] show_stack+0x20/0x38 (C) [ 32.517618] dump_stack_lvl+0x8c/0xd0 [ 32.517784] print_report+0x118/0x608 [ 32.517838] kasan_report+0xdc/0x128 [ 32.517990] __asan_report_store1_noabort+0x20/0x30 [ 32.518037] krealloc_less_oob_helper+0xa48/0xc50 [ 32.518086] krealloc_large_less_oob+0x20/0x38 [ 32.518133] kunit_try_run_case+0x170/0x3f0 [ 32.518192] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.518463] kthread+0x328/0x630 [ 32.518516] ret_from_fork+0x10/0x20 [ 32.518598] [ 32.518618] The buggy address belongs to the physical page: [ 32.518649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.518701] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.518747] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.518808] page_type: f8(unknown) [ 32.518847] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.518898] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.519319] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.519430] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.519527] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.519575] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.519614] page dumped because: kasan: bad access detected [ 32.519644] [ 32.519843] Memory state around the buggy address: [ 32.519927] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.520061] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.520104] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.520172] ^ [ 32.520206] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.520356] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.520393] ================================================================== [ 32.486477] ================================================================== [ 32.486523] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 32.486668] Write of size 1 at addr fff00000c893f4ea by task kunit_try_catch/189 [ 32.486717] [ 32.486774] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.486859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.486885] Hardware name: linux,dummy-virt (DT) [ 32.486915] Call trace: [ 32.486937] show_stack+0x20/0x38 (C) [ 32.486984] dump_stack_lvl+0x8c/0xd0 [ 32.487052] print_report+0x118/0x608 [ 32.487100] kasan_report+0xdc/0x128 [ 32.487147] __asan_report_store1_noabort+0x20/0x30 [ 32.487208] krealloc_less_oob_helper+0xae4/0xc50 [ 32.487256] krealloc_less_oob+0x20/0x38 [ 32.487302] kunit_try_run_case+0x170/0x3f0 [ 32.487350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.487402] kthread+0x328/0x630 [ 32.487480] ret_from_fork+0x10/0x20 [ 32.487528] [ 32.487546] Allocated by task 189: [ 32.487573] kasan_save_stack+0x3c/0x68 [ 32.487613] kasan_save_track+0x20/0x40 [ 32.487823] kasan_save_alloc_info+0x40/0x58 [ 32.487896] __kasan_krealloc+0x118/0x178 [ 32.487935] krealloc_noprof+0x128/0x360 [ 32.487975] krealloc_less_oob_helper+0x168/0xc50 [ 32.488014] krealloc_less_oob+0x20/0x38 [ 32.488050] kunit_try_run_case+0x170/0x3f0 [ 32.488087] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.488129] kthread+0x328/0x630 [ 32.488301] ret_from_fork+0x10/0x20 [ 32.488350] [ 32.488433] The buggy address belongs to the object at fff00000c893f400 [ 32.488433] which belongs to the cache kmalloc-256 of size 256 [ 32.488523] The buggy address is located 33 bytes to the right of [ 32.488523] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.488639] [ 32.488666] The buggy address belongs to the physical page: [ 32.488719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.488815] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.488879] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.488938] page_type: f5(slab) [ 32.488976] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.489024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.489180] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.489291] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.489367] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.489471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.489545] page dumped because: kasan: bad access detected [ 32.489619] [ 32.489685] Memory state around the buggy address: [ 32.489744] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.489807] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.489848] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.490079] ^ [ 32.490131] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.490200] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.490279] ================================================================== [ 32.478027] ================================================================== [ 32.478091] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.478145] Write of size 1 at addr fff00000c893f4d0 by task kunit_try_catch/189 [ 32.478208] [ 32.478237] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.478320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.478423] Hardware name: linux,dummy-virt (DT) [ 32.478461] Call trace: [ 32.478520] show_stack+0x20/0x38 (C) [ 32.478590] dump_stack_lvl+0x8c/0xd0 [ 32.478656] print_report+0x118/0x608 [ 32.478731] kasan_report+0xdc/0x128 [ 32.478796] __asan_report_store1_noabort+0x20/0x30 [ 32.478852] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.478911] krealloc_less_oob+0x20/0x38 [ 32.478957] kunit_try_run_case+0x170/0x3f0 [ 32.479023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.479076] kthread+0x328/0x630 [ 32.479125] ret_from_fork+0x10/0x20 [ 32.479201] [ 32.479241] Allocated by task 189: [ 32.479269] kasan_save_stack+0x3c/0x68 [ 32.479324] kasan_save_track+0x20/0x40 [ 32.479362] kasan_save_alloc_info+0x40/0x58 [ 32.479487] __kasan_krealloc+0x118/0x178 [ 32.479641] krealloc_noprof+0x128/0x360 [ 32.479741] krealloc_less_oob_helper+0x168/0xc50 [ 32.479889] krealloc_less_oob+0x20/0x38 [ 32.479925] kunit_try_run_case+0x170/0x3f0 [ 32.479962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.480005] kthread+0x328/0x630 [ 32.480037] ret_from_fork+0x10/0x20 [ 32.480195] [ 32.480272] The buggy address belongs to the object at fff00000c893f400 [ 32.480272] which belongs to the cache kmalloc-256 of size 256 [ 32.480359] The buggy address is located 7 bytes to the right of [ 32.480359] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.480472] [ 32.480519] The buggy address belongs to the physical page: [ 32.480571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.480639] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.480710] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.480813] page_type: f5(slab) [ 32.480871] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.480959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.481036] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.481103] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.481190] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.481278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.481336] page dumped because: kasan: bad access detected [ 32.481395] [ 32.481457] Memory state around the buggy address: [ 32.481523] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481593] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.481635] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.481672] ^ [ 32.481707] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481859] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481927] ================================================================== [ 32.520571] ================================================================== [ 32.520613] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 32.520658] Write of size 1 at addr fff00000c99f20d0 by task kunit_try_catch/193 [ 32.520705] [ 32.520733] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.520815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.521094] Hardware name: linux,dummy-virt (DT) [ 32.521294] Call trace: [ 32.521323] show_stack+0x20/0x38 (C) [ 32.521445] dump_stack_lvl+0x8c/0xd0 [ 32.521498] print_report+0x118/0x608 [ 32.521550] kasan_report+0xdc/0x128 [ 32.521763] __asan_report_store1_noabort+0x20/0x30 [ 32.521865] krealloc_less_oob_helper+0xb9c/0xc50 [ 32.522034] krealloc_large_less_oob+0x20/0x38 [ 32.522082] kunit_try_run_case+0x170/0x3f0 [ 32.522129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.522189] kthread+0x328/0x630 [ 32.522231] ret_from_fork+0x10/0x20 [ 32.522279] [ 32.522299] The buggy address belongs to the physical page: [ 32.522329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.522380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.522425] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.522474] page_type: f8(unknown) [ 32.522512] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.522567] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.522792] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.522987] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.523059] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.523236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.523340] page dumped because: kasan: bad access detected [ 32.523370] [ 32.523387] Memory state around the buggy address: [ 32.523416] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.523481] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.523523] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.523558] ^ [ 32.523593] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.524345] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.524498] ================================================================== [ 32.538422] ================================================================== [ 32.538472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 32.538520] Write of size 1 at addr fff00000c99f20eb by task kunit_try_catch/193 [ 32.538580] [ 32.538674] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.538904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.539115] Hardware name: linux,dummy-virt (DT) [ 32.539226] Call trace: [ 32.539282] show_stack+0x20/0x38 (C) [ 32.539332] dump_stack_lvl+0x8c/0xd0 [ 32.539379] print_report+0x118/0x608 [ 32.539426] kasan_report+0xdc/0x128 [ 32.539554] __asan_report_store1_noabort+0x20/0x30 [ 32.539603] krealloc_less_oob_helper+0xa58/0xc50 [ 32.539812] krealloc_large_less_oob+0x20/0x38 [ 32.539865] kunit_try_run_case+0x170/0x3f0 [ 32.539913] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.540025] kthread+0x328/0x630 [ 32.540069] ret_from_fork+0x10/0x20 [ 32.540138] [ 32.540398] The buggy address belongs to the physical page: [ 32.540429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.540482] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.540706] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.540945] page_type: f8(unknown) [ 32.541139] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.541215] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.541538] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.541680] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.541728] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.541775] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.541814] page dumped because: kasan: bad access detected [ 32.541844] [ 32.541875] Memory state around the buggy address: [ 32.541934] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.541975] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.542048] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.542085] ^ [ 32.542123] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.542174] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.542392] ================================================================== [ 32.482354] ================================================================== [ 32.482401] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.482449] Write of size 1 at addr fff00000c893f4da by task kunit_try_catch/189 [ 32.482498] [ 32.482544] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.482681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.482709] Hardware name: linux,dummy-virt (DT) [ 32.482833] Call trace: [ 32.482861] show_stack+0x20/0x38 (C) [ 32.482929] dump_stack_lvl+0x8c/0xd0 [ 32.482986] print_report+0x118/0x608 [ 32.483042] kasan_report+0xdc/0x128 [ 32.483099] __asan_report_store1_noabort+0x20/0x30 [ 32.483148] krealloc_less_oob_helper+0xa80/0xc50 [ 32.483211] krealloc_less_oob+0x20/0x38 [ 32.483267] kunit_try_run_case+0x170/0x3f0 [ 32.483315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.483367] kthread+0x328/0x630 [ 32.483408] ret_from_fork+0x10/0x20 [ 32.483483] [ 32.483501] Allocated by task 189: [ 32.483529] kasan_save_stack+0x3c/0x68 [ 32.483685] kasan_save_track+0x20/0x40 [ 32.483750] kasan_save_alloc_info+0x40/0x58 [ 32.483818] __kasan_krealloc+0x118/0x178 [ 32.483885] krealloc_noprof+0x128/0x360 [ 32.483921] krealloc_less_oob_helper+0x168/0xc50 [ 32.483960] krealloc_less_oob+0x20/0x38 [ 32.483995] kunit_try_run_case+0x170/0x3f0 [ 32.484032] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.484075] kthread+0x328/0x630 [ 32.484106] ret_from_fork+0x10/0x20 [ 32.484141] [ 32.484171] The buggy address belongs to the object at fff00000c893f400 [ 32.484171] which belongs to the cache kmalloc-256 of size 256 [ 32.484358] The buggy address is located 17 bytes to the right of [ 32.484358] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.484446] [ 32.484495] The buggy address belongs to the physical page: [ 32.484579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.484646] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.484712] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.484925] page_type: f5(slab) [ 32.484965] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.485042] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.485119] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.485204] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.485280] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.485338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.485403] page dumped because: kasan: bad access detected [ 32.485451] [ 32.485492] Memory state around the buggy address: [ 32.485521] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485563] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.485603] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.485639] ^ [ 32.485675] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485715] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.485839] ================================================================== [ 32.471222] ================================================================== [ 32.471276] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 32.471328] Write of size 1 at addr fff00000c893f4c9 by task kunit_try_catch/189 [ 32.471377] [ 32.471408] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.472367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.472433] Hardware name: linux,dummy-virt (DT) [ 32.472505] Call trace: [ 32.472644] show_stack+0x20/0x38 (C) [ 32.472727] dump_stack_lvl+0x8c/0xd0 [ 32.472816] print_report+0x118/0x608 [ 32.472873] kasan_report+0xdc/0x128 [ 32.472919] __asan_report_store1_noabort+0x20/0x30 [ 32.472967] krealloc_less_oob_helper+0xa48/0xc50 [ 32.473027] krealloc_less_oob+0x20/0x38 [ 32.473074] kunit_try_run_case+0x170/0x3f0 [ 32.473124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.473198] kthread+0x328/0x630 [ 32.473241] ret_from_fork+0x10/0x20 [ 32.473299] [ 32.473317] Allocated by task 189: [ 32.473346] kasan_save_stack+0x3c/0x68 [ 32.473386] kasan_save_track+0x20/0x40 [ 32.473423] kasan_save_alloc_info+0x40/0x58 [ 32.473469] __kasan_krealloc+0x118/0x178 [ 32.473512] krealloc_noprof+0x128/0x360 [ 32.473549] krealloc_less_oob_helper+0x168/0xc50 [ 32.473588] krealloc_less_oob+0x20/0x38 [ 32.473633] kunit_try_run_case+0x170/0x3f0 [ 32.473670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.473714] kthread+0x328/0x630 [ 32.473768] ret_from_fork+0x10/0x20 [ 32.473803] [ 32.473822] The buggy address belongs to the object at fff00000c893f400 [ 32.473822] which belongs to the cache kmalloc-256 of size 256 [ 32.473877] The buggy address is located 0 bytes to the right of [ 32.473877] allocated 201-byte region [fff00000c893f400, fff00000c893f4c9) [ 32.473939] [ 32.473976] The buggy address belongs to the physical page: [ 32.474016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.474066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.474112] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.474589] page_type: f5(slab) [ 32.474647] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.475110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.475276] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.475503] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.475562] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.475610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.475650] page dumped because: kasan: bad access detected [ 32.475682] [ 32.475700] Memory state around the buggy address: [ 32.475764] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476145] fff00000c893f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.476250] >fff00000c893f480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 32.476507] ^ [ 32.476578] fff00000c893f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476655] fff00000c893f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.476695] ================================================================== [ 32.525712] ================================================================== [ 32.525802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 32.525849] Write of size 1 at addr fff00000c99f20da by task kunit_try_catch/193 [ 32.525898] [ 32.525926] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.526010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.526036] Hardware name: linux,dummy-virt (DT) [ 32.526067] Call trace: [ 32.526101] show_stack+0x20/0x38 (C) [ 32.526214] dump_stack_lvl+0x8c/0xd0 [ 32.526420] print_report+0x118/0x608 [ 32.526799] kasan_report+0xdc/0x128 [ 32.526851] __asan_report_store1_noabort+0x20/0x30 [ 32.527053] krealloc_less_oob_helper+0xa80/0xc50 [ 32.527363] krealloc_large_less_oob+0x20/0x38 [ 32.527419] kunit_try_run_case+0x170/0x3f0 [ 32.527526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.527579] kthread+0x328/0x630 [ 32.527621] ret_from_fork+0x10/0x20 [ 32.527668] [ 32.527688] The buggy address belongs to the physical page: [ 32.527813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0 [ 32.527944] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.528115] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.528180] page_type: f8(unknown) [ 32.528219] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.528268] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.528316] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.528382] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.528704] head: 0bfffe0000000002 ffffc1ffc3267c01 00000000ffffffff 00000000ffffffff [ 32.528839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.528965] page dumped because: kasan: bad access detected [ 32.529059] [ 32.529078] Memory state around the buggy address: [ 32.529121] fff00000c99f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.529233] fff00000c99f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.529324] >fff00000c99f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 32.529362] ^ [ 32.529397] fff00000c99f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.529475] fff00000c99f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.529517] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 32.460203] ================================================================== [ 32.460259] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.460365] Write of size 1 at addr fff00000c893f2f0 by task kunit_try_catch/187 [ 32.460415] [ 32.460444] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.460635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.460714] Hardware name: linux,dummy-virt (DT) [ 32.460751] Call trace: [ 32.460773] show_stack+0x20/0x38 (C) [ 32.460821] dump_stack_lvl+0x8c/0xd0 [ 32.460875] print_report+0x118/0x608 [ 32.461062] kasan_report+0xdc/0x128 [ 32.461128] __asan_report_store1_noabort+0x20/0x30 [ 32.461738] krealloc_more_oob_helper+0x5c0/0x678 [ 32.461797] krealloc_more_oob+0x20/0x38 [ 32.461843] kunit_try_run_case+0x170/0x3f0 [ 32.461891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.461944] kthread+0x328/0x630 [ 32.461989] ret_from_fork+0x10/0x20 [ 32.462038] [ 32.462056] Allocated by task 187: [ 32.462090] kasan_save_stack+0x3c/0x68 [ 32.462191] kasan_save_track+0x20/0x40 [ 32.462228] kasan_save_alloc_info+0x40/0x58 [ 32.462263] __kasan_krealloc+0x118/0x178 [ 32.462300] krealloc_noprof+0x128/0x360 [ 32.462336] krealloc_more_oob_helper+0x168/0x678 [ 32.462374] krealloc_more_oob+0x20/0x38 [ 32.462409] kunit_try_run_case+0x170/0x3f0 [ 32.462446] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.462625] kthread+0x328/0x630 [ 32.462739] ret_from_fork+0x10/0x20 [ 32.462775] [ 32.462793] The buggy address belongs to the object at fff00000c893f200 [ 32.462793] which belongs to the cache kmalloc-256 of size 256 [ 32.462848] The buggy address is located 5 bytes to the right of [ 32.462848] allocated 235-byte region [fff00000c893f200, fff00000c893f2eb) [ 32.462909] [ 32.462928] The buggy address belongs to the physical page: [ 32.463352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.463406] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.463451] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.463584] page_type: f5(slab) [ 32.463643] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.463699] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.463762] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.463909] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.464012] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.464166] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.464233] page dumped because: kasan: bad access detected [ 32.464285] [ 32.464389] Memory state around the buggy address: [ 32.464459] fff00000c893f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.464500] fff00000c893f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.464541] >fff00000c893f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.464577] ^ [ 32.464615] fff00000c893f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.464733] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.464773] ================================================================== [ 32.499497] ================================================================== [ 32.499551] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.499602] Write of size 1 at addr fff00000c99ee0eb by task kunit_try_catch/191 [ 32.499666] [ 32.499699] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.499827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.499958] Hardware name: linux,dummy-virt (DT) [ 32.500122] Call trace: [ 32.500148] show_stack+0x20/0x38 (C) [ 32.500211] dump_stack_lvl+0x8c/0xd0 [ 32.500260] print_report+0x118/0x608 [ 32.500306] kasan_report+0xdc/0x128 [ 32.500352] __asan_report_store1_noabort+0x20/0x30 [ 32.500400] krealloc_more_oob_helper+0x60c/0x678 [ 32.500450] krealloc_large_more_oob+0x20/0x38 [ 32.500497] kunit_try_run_case+0x170/0x3f0 [ 32.500545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.500720] kthread+0x328/0x630 [ 32.500806] ret_from_fork+0x10/0x20 [ 32.500906] [ 32.500960] The buggy address belongs to the physical page: [ 32.501036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099ec [ 32.501112] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.501207] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.501293] page_type: f8(unknown) [ 32.501349] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.501432] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.501523] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.501607] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.501862] head: 0bfffe0000000002 ffffc1ffc3267b01 00000000ffffffff 00000000ffffffff [ 32.501932] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.502009] page dumped because: kasan: bad access detected [ 32.502103] [ 32.502121] Memory state around the buggy address: [ 32.502177] fff00000c99edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.502301] fff00000c99ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.502342] >fff00000c99ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.502379] ^ [ 32.502474] fff00000c99ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.502654] fff00000c99ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.502812] ================================================================== [ 32.452544] ================================================================== [ 32.452754] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 32.453217] Write of size 1 at addr fff00000c893f2eb by task kunit_try_catch/187 [ 32.453274] [ 32.453307] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.453440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.453564] Hardware name: linux,dummy-virt (DT) [ 32.453635] Call trace: [ 32.453768] show_stack+0x20/0x38 (C) [ 32.453841] dump_stack_lvl+0x8c/0xd0 [ 32.453929] print_report+0x118/0x608 [ 32.453976] kasan_report+0xdc/0x128 [ 32.454023] __asan_report_store1_noabort+0x20/0x30 [ 32.454256] krealloc_more_oob_helper+0x60c/0x678 [ 32.454398] krealloc_more_oob+0x20/0x38 [ 32.454456] kunit_try_run_case+0x170/0x3f0 [ 32.454533] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.454594] kthread+0x328/0x630 [ 32.454639] ret_from_fork+0x10/0x20 [ 32.454795] [ 32.454853] Allocated by task 187: [ 32.454883] kasan_save_stack+0x3c/0x68 [ 32.454943] kasan_save_track+0x20/0x40 [ 32.454980] kasan_save_alloc_info+0x40/0x58 [ 32.455096] __kasan_krealloc+0x118/0x178 [ 32.455151] krealloc_noprof+0x128/0x360 [ 32.455199] krealloc_more_oob_helper+0x168/0x678 [ 32.455469] krealloc_more_oob+0x20/0x38 [ 32.455512] kunit_try_run_case+0x170/0x3f0 [ 32.455625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.455791] kthread+0x328/0x630 [ 32.455823] ret_from_fork+0x10/0x20 [ 32.455858] [ 32.456097] The buggy address belongs to the object at fff00000c893f200 [ 32.456097] which belongs to the cache kmalloc-256 of size 256 [ 32.456278] The buggy address is located 0 bytes to the right of [ 32.456278] allocated 235-byte region [fff00000c893f200, fff00000c893f2eb) [ 32.456363] [ 32.456439] The buggy address belongs to the physical page: [ 32.456479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10893e [ 32.456549] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.456639] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.456713] page_type: f5(slab) [ 32.456752] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.456801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.456902] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122 [ 32.456994] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.457422] head: 0bfffe0000000001 ffffc1ffc3224f81 00000000ffffffff 00000000ffffffff [ 32.457674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.457902] page dumped because: kasan: bad access detected [ 32.457963] [ 32.457983] Memory state around the buggy address: [ 32.458015] fff00000c893f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.458056] fff00000c893f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.458097] >fff00000c893f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 32.458134] ^ [ 32.458183] fff00000c893f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.458233] fff00000c893f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.458502] ================================================================== [ 32.504604] ================================================================== [ 32.504653] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 32.504778] Write of size 1 at addr fff00000c99ee0f0 by task kunit_try_catch/191 [ 32.504997] [ 32.505105] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.505224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.505250] Hardware name: linux,dummy-virt (DT) [ 32.505287] Call trace: [ 32.505387] show_stack+0x20/0x38 (C) [ 32.505435] dump_stack_lvl+0x8c/0xd0 [ 32.505488] print_report+0x118/0x608 [ 32.505535] kasan_report+0xdc/0x128 [ 32.505581] __asan_report_store1_noabort+0x20/0x30 [ 32.505628] krealloc_more_oob_helper+0x5c0/0x678 [ 32.505683] krealloc_large_more_oob+0x20/0x38 [ 32.505775] kunit_try_run_case+0x170/0x3f0 [ 32.505944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.506168] kthread+0x328/0x630 [ 32.506304] ret_from_fork+0x10/0x20 [ 32.506352] [ 32.506463] The buggy address belongs to the physical page: [ 32.506495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099ec [ 32.506694] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.507017] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.507214] page_type: f8(unknown) [ 32.507254] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.507303] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.507351] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.507398] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.507529] head: 0bfffe0000000002 ffffc1ffc3267b01 00000000ffffffff 00000000ffffffff [ 32.507578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.507616] page dumped because: kasan: bad access detected [ 32.507646] [ 32.507664] Memory state around the buggy address: [ 32.507715] fff00000c99edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.507756] fff00000c99ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.507797] >fff00000c99ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 32.507833] ^ [ 32.507871] fff00000c99ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.507911] fff00000c99ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.508194] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 32.441102] ================================================================== [ 32.441173] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 32.441229] Read of size 1 at addr fff00000c9aa0000 by task kunit_try_catch/185 [ 32.441279] [ 32.441312] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.441397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.441424] Hardware name: linux,dummy-virt (DT) [ 32.441456] Call trace: [ 32.441479] show_stack+0x20/0x38 (C) [ 32.441789] dump_stack_lvl+0x8c/0xd0 [ 32.442080] print_report+0x118/0x608 [ 32.442508] kasan_report+0xdc/0x128 [ 32.442747] __asan_report_load1_noabort+0x20/0x30 [ 32.442901] page_alloc_uaf+0x328/0x350 [ 32.442981] kunit_try_run_case+0x170/0x3f0 [ 32.443030] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.443120] kthread+0x328/0x630 [ 32.443174] ret_from_fork+0x10/0x20 [ 32.443221] [ 32.443241] The buggy address belongs to the physical page: [ 32.443311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aa0 [ 32.443551] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.443705] page_type: f0(buddy) [ 32.443770] raw: 0bfffe0000000000 fff00000ff616148 fff00000ff616148 0000000000000000 [ 32.443820] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 32.444070] page dumped because: kasan: bad access detected [ 32.444104] [ 32.444122] Memory state around the buggy address: [ 32.444166] fff00000c9a9ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.444242] fff00000c9a9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.444290] >fff00000c9aa0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.444448] ^ [ 32.444541] fff00000c9aa0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.444606] fff00000c9aa0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.444651] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 32.424052] ================================================================== [ 32.424135] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 32.424411] Free of addr fff00000c99ec001 by task kunit_try_catch/181 [ 32.424701] [ 32.424969] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.425057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.425083] Hardware name: linux,dummy-virt (DT) [ 32.425114] Call trace: [ 32.425136] show_stack+0x20/0x38 (C) [ 32.425205] dump_stack_lvl+0x8c/0xd0 [ 32.425428] print_report+0x118/0x608 [ 32.425508] kasan_report_invalid_free+0xc0/0xe8 [ 32.425712] __kasan_kfree_large+0x5c/0xa8 [ 32.425915] free_large_kmalloc+0x68/0x150 [ 32.426065] kfree+0x270/0x3c8 [ 32.426146] kmalloc_large_invalid_free+0x108/0x270 [ 32.426203] kunit_try_run_case+0x170/0x3f0 [ 32.426251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.426303] kthread+0x328/0x630 [ 32.426346] ret_from_fork+0x10/0x20 [ 32.426566] [ 32.426591] The buggy address belongs to the physical page: [ 32.426621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099ec [ 32.426673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.426718] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.426768] page_type: f8(unknown) [ 32.426807] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.426917] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.427074] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.427229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.427277] head: 0bfffe0000000002 ffffc1ffc3267b01 00000000ffffffff 00000000ffffffff [ 32.427324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.427364] page dumped because: kasan: bad access detected [ 32.427394] [ 32.427411] Memory state around the buggy address: [ 32.427442] fff00000c99ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.427857] fff00000c99ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.427902] >fff00000c99ec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.427939] ^ [ 32.428152] fff00000c99ec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.428332] fff00000c99ec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.428460] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 32.412984] ================================================================== [ 32.413238] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 32.413290] Read of size 1 at addr fff00000c99e8000 by task kunit_try_catch/179 [ 32.413338] [ 32.413368] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.413453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.413479] Hardware name: linux,dummy-virt (DT) [ 32.413515] Call trace: [ 32.413537] show_stack+0x20/0x38 (C) [ 32.413584] dump_stack_lvl+0x8c/0xd0 [ 32.413632] print_report+0x118/0x608 [ 32.413679] kasan_report+0xdc/0x128 [ 32.413724] __asan_report_load1_noabort+0x20/0x30 [ 32.413778] kmalloc_large_uaf+0x2cc/0x2f8 [ 32.413893] kunit_try_run_case+0x170/0x3f0 [ 32.414037] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.414455] kthread+0x328/0x630 [ 32.414517] ret_from_fork+0x10/0x20 [ 32.414564] [ 32.414584] The buggy address belongs to the physical page: [ 32.414613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099e8 [ 32.414661] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.415435] raw: 0bfffe0000000000 ffffc1ffc3267b08 fff00000da484c80 0000000000000000 [ 32.415498] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 32.415537] page dumped because: kasan: bad access detected [ 32.415567] [ 32.415586] Memory state around the buggy address: [ 32.415616] fff00000c99e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.415657] fff00000c99e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.415698] >fff00000c99e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.415735] ^ [ 32.415762] fff00000c99e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.415814] fff00000c99e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.415850] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 32.402564] ================================================================== [ 32.402631] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 32.402887] Write of size 1 at addr fff00000c99ea00a by task kunit_try_catch/177 [ 32.403121] [ 32.403321] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.403412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.403437] Hardware name: linux,dummy-virt (DT) [ 32.403481] Call trace: [ 32.403641] show_stack+0x20/0x38 (C) [ 32.403795] dump_stack_lvl+0x8c/0xd0 [ 32.403865] print_report+0x118/0x608 [ 32.403962] kasan_report+0xdc/0x128 [ 32.404039] __asan_report_store1_noabort+0x20/0x30 [ 32.404089] kmalloc_large_oob_right+0x278/0x2b8 [ 32.404138] kunit_try_run_case+0x170/0x3f0 [ 32.404198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.404333] kthread+0x328/0x630 [ 32.404415] ret_from_fork+0x10/0x20 [ 32.404463] [ 32.404503] The buggy address belongs to the physical page: [ 32.404561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099e8 [ 32.404719] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.404765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.404821] page_type: f8(unknown) [ 32.404859] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.404908] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.405096] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.405146] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.405247] head: 0bfffe0000000002 ffffc1ffc3267a01 00000000ffffffff 00000000ffffffff [ 32.405429] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.405474] page dumped because: kasan: bad access detected [ 32.405554] [ 32.405572] Memory state around the buggy address: [ 32.405604] fff00000c99e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.405645] fff00000c99e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.405851] >fff00000c99ea000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.405954] ^ [ 32.406014] fff00000c99ea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.406088] fff00000c99ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.406139] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 32.390428] ================================================================== [ 32.391166] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.391230] Write of size 1 at addr fff00000c65bdf00 by task kunit_try_catch/175 [ 32.391279] [ 32.391338] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.391595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.391901] Hardware name: linux,dummy-virt (DT) [ 32.391937] Call trace: [ 32.391959] show_stack+0x20/0x38 (C) [ 32.392009] dump_stack_lvl+0x8c/0xd0 [ 32.392057] print_report+0x118/0x608 [ 32.392103] kasan_report+0xdc/0x128 [ 32.392170] __asan_report_store1_noabort+0x20/0x30 [ 32.392218] kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.392265] kunit_try_run_case+0x170/0x3f0 [ 32.392314] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.392367] kthread+0x328/0x630 [ 32.392588] ret_from_fork+0x10/0x20 [ 32.392638] [ 32.392656] Allocated by task 175: [ 32.392684] kasan_save_stack+0x3c/0x68 [ 32.392844] kasan_save_track+0x20/0x40 [ 32.393093] kasan_save_alloc_info+0x40/0x58 [ 32.393146] __kasan_kmalloc+0xd4/0xd8 [ 32.393307] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.393377] kmalloc_big_oob_right+0xb8/0x2f0 [ 32.393420] kunit_try_run_case+0x170/0x3f0 [ 32.393646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.393728] kthread+0x328/0x630 [ 32.393806] ret_from_fork+0x10/0x20 [ 32.393860] [ 32.393882] The buggy address belongs to the object at fff00000c65bc000 [ 32.393882] which belongs to the cache kmalloc-8k of size 8192 [ 32.393939] The buggy address is located 0 bytes to the right of [ 32.393939] allocated 7936-byte region [fff00000c65bc000, fff00000c65bdf00) [ 32.394153] [ 32.394187] The buggy address belongs to the physical page: [ 32.394219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8 [ 32.394270] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.394445] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.394500] page_type: f5(slab) [ 32.394539] raw: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122 [ 32.394765] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.394933] head: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122 [ 32.395050] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.395098] head: 0bfffe0000000003 ffffc1ffc3196e01 00000000ffffffff 00000000ffffffff [ 32.395146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 32.395197] page dumped because: kasan: bad access detected [ 32.395238] [ 32.395257] Memory state around the buggy address: [ 32.395287] fff00000c65bde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.395467] fff00000c65bde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.395550] >fff00000c65bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395588] ^ [ 32.395641] fff00000c65bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395681] fff00000c65be000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395718] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 32.375176] ================================================================== [ 32.375359] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 32.375591] Write of size 1 at addr fff00000c63fb678 by task kunit_try_catch/173 [ 32.375647] [ 32.375678] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.375762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.375788] Hardware name: linux,dummy-virt (DT) [ 32.375835] Call trace: [ 32.375956] show_stack+0x20/0x38 (C) [ 32.376010] dump_stack_lvl+0x8c/0xd0 [ 32.376248] print_report+0x118/0x608 [ 32.376302] kasan_report+0xdc/0x128 [ 32.376350] __asan_report_store1_noabort+0x20/0x30 [ 32.376399] kmalloc_track_caller_oob_right+0x418/0x488 [ 32.376450] kunit_try_run_case+0x170/0x3f0 [ 32.376511] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.376678] kthread+0x328/0x630 [ 32.376720] ret_from_fork+0x10/0x20 [ 32.376792] [ 32.377136] Allocated by task 173: [ 32.377398] kasan_save_stack+0x3c/0x68 [ 32.377444] kasan_save_track+0x20/0x40 [ 32.377537] kasan_save_alloc_info+0x40/0x58 [ 32.377574] __kasan_kmalloc+0xd4/0xd8 [ 32.377631] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.377818] kmalloc_track_caller_oob_right+0x184/0x488 [ 32.377932] kunit_try_run_case+0x170/0x3f0 [ 32.377997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.378046] kthread+0x328/0x630 [ 32.378079] ret_from_fork+0x10/0x20 [ 32.378425] [ 32.378665] The buggy address belongs to the object at fff00000c63fb600 [ 32.378665] which belongs to the cache kmalloc-128 of size 128 [ 32.378756] The buggy address is located 0 bytes to the right of [ 32.378756] allocated 120-byte region [fff00000c63fb600, fff00000c63fb678) [ 32.378818] [ 32.378837] The buggy address belongs to the physical page: [ 32.379128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.379408] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.379517] page_type: f5(slab) [ 32.379601] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.379840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.379985] page dumped because: kasan: bad access detected [ 32.380018] [ 32.380035] Memory state around the buggy address: [ 32.380203] fff00000c63fb500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.380249] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380365] >fff00000c63fb600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.380561] ^ [ 32.380664] fff00000c63fb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380844] fff00000c63fb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380913] ================================================================== [ 32.368620] ================================================================== [ 32.368677] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.368733] Write of size 1 at addr fff00000c63fb578 by task kunit_try_catch/173 [ 32.368783] [ 32.368815] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.368901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.368927] Hardware name: linux,dummy-virt (DT) [ 32.368958] Call trace: [ 32.369098] show_stack+0x20/0x38 (C) [ 32.369174] dump_stack_lvl+0x8c/0xd0 [ 32.369224] print_report+0x118/0x608 [ 32.369586] kasan_report+0xdc/0x128 [ 32.369856] __asan_report_store1_noabort+0x20/0x30 [ 32.369912] kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.369986] kunit_try_run_case+0x170/0x3f0 [ 32.370113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.370176] kthread+0x328/0x630 [ 32.370219] ret_from_fork+0x10/0x20 [ 32.370266] [ 32.370284] Allocated by task 173: [ 32.370312] kasan_save_stack+0x3c/0x68 [ 32.370354] kasan_save_track+0x20/0x40 [ 32.370392] kasan_save_alloc_info+0x40/0x58 [ 32.370429] __kasan_kmalloc+0xd4/0xd8 [ 32.370466] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.370509] kmalloc_track_caller_oob_right+0xa8/0x488 [ 32.370551] kunit_try_run_case+0x170/0x3f0 [ 32.370590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.371018] kthread+0x328/0x630 [ 32.371371] ret_from_fork+0x10/0x20 [ 32.371536] [ 32.371627] The buggy address belongs to the object at fff00000c63fb500 [ 32.371627] which belongs to the cache kmalloc-128 of size 128 [ 32.371804] The buggy address is located 0 bytes to the right of [ 32.371804] allocated 120-byte region [fff00000c63fb500, fff00000c63fb578) [ 32.372033] [ 32.372056] The buggy address belongs to the physical page: [ 32.372227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.372361] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.372411] page_type: f5(slab) [ 32.372450] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.372506] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.372546] page dumped because: kasan: bad access detected [ 32.372575] [ 32.372593] Memory state around the buggy address: [ 32.372786] fff00000c63fb400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.373026] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373117] >fff00000c63fb500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.373216] ^ [ 32.373295] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373393] fff00000c63fb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373464] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 32.350479] ================================================================== [ 32.350620] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 32.350983] Read of size 1 at addr fff00000c9a71000 by task kunit_try_catch/171 [ 32.351033] [ 32.351067] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.351151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.351191] Hardware name: linux,dummy-virt (DT) [ 32.351223] Call trace: [ 32.351244] show_stack+0x20/0x38 (C) [ 32.351293] dump_stack_lvl+0x8c/0xd0 [ 32.351341] print_report+0x118/0x608 [ 32.351389] kasan_report+0xdc/0x128 [ 32.351435] __asan_report_load1_noabort+0x20/0x30 [ 32.352044] kmalloc_node_oob_right+0x2f4/0x330 [ 32.352095] kunit_try_run_case+0x170/0x3f0 [ 32.352376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.352438] kthread+0x328/0x630 [ 32.352576] ret_from_fork+0x10/0x20 [ 32.352626] [ 32.352763] Allocated by task 171: [ 32.352883] kasan_save_stack+0x3c/0x68 [ 32.352974] kasan_save_track+0x20/0x40 [ 32.353052] kasan_save_alloc_info+0x40/0x58 [ 32.353185] __kasan_kmalloc+0xd4/0xd8 [ 32.353241] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 32.353284] kmalloc_node_oob_right+0xbc/0x330 [ 32.353323] kunit_try_run_case+0x170/0x3f0 [ 32.353377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.353586] kthread+0x328/0x630 [ 32.353649] ret_from_fork+0x10/0x20 [ 32.353722] [ 32.353744] The buggy address belongs to the object at fff00000c9a70000 [ 32.353744] which belongs to the cache kmalloc-4k of size 4096 [ 32.353913] The buggy address is located 0 bytes to the right of [ 32.353913] allocated 4096-byte region [fff00000c9a70000, fff00000c9a71000) [ 32.354033] [ 32.354089] The buggy address belongs to the physical page: [ 32.354218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a70 [ 32.354401] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.354955] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.355089] page_type: f5(slab) [ 32.355314] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 32.355414] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 32.355681] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 32.355835] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 32.355922] head: 0bfffe0000000003 ffffc1ffc3269c01 00000000ffffffff 00000000ffffffff [ 32.355972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 32.356045] page dumped because: kasan: bad access detected [ 32.356076] [ 32.356094] Memory state around the buggy address: [ 32.356125] fff00000c9a70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.356202] fff00000c9a70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.356245] >fff00000c9a71000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.356436] ^ [ 32.356469] fff00000c9a71080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.356548] fff00000c9a71100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.356789] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 112.274693] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#1: kunit_try_catch/689 [ 112.276679] Modules linked in: [ 112.277244] CPU: 1 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 112.278468] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 112.279065] Hardware name: linux,dummy-virt (DT) [ 112.279617] pstate: 11400009 (nzcV daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 112.280356] pc : intlog10+0x38/0x48 [ 112.280778] lr : intlog10_test+0xe4/0x200 [ 112.281261] sp : ffff8000821a7c10 [ 112.281653] x29: ffff8000821a7c90 x28: 0000000000000000 x27: 0000000000000000 [ 112.282442] x26: 1ffe000018ae5721 x25: 0000000000000000 x24: ffff8000821a7ce0 [ 112.282912] x23: ffff8000821a7d00 x22: 0000000000000000 x21: 1ffff00010434f82 [ 112.283277] x20: ffff97b3181fd400 x19: ffff800080087990 x18: 00000000d57819de [ 112.284145] x17: 000000003c584b33 x16: fff00000c5d8143c x15: 00000000a676fe1b [ 112.284973] x14: 00000000f1f1f1f1 x13: 1ffe00001b48bdcd x12: ffff72f663816589 [ 112.285762] x11: 1ffff2f663816588 x10: ffff72f663816588 x9 : ffff97b315842234 [ 112.286541] x8 : ffff97b31c0b2c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 112.287305] x5 : ffff700010434f82 x4 : 1ffff00010010f3b x3 : 1ffff2f66303fa80 [ 112.288179] x2 : 1ffff2f66303fa80 x1 : 0000000000000003 x0 : 0000000000000000 [ 112.288694] Call trace: [ 112.288837] intlog10+0x38/0x48 (P) [ 112.289035] kunit_try_run_case+0x170/0x3f0 [ 112.289253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 112.289503] kthread+0x328/0x630 [ 112.289688] ret_from_fork+0x10/0x20 [ 112.289888] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 112.226502] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#1: kunit_try_catch/671 [ 112.228447] Modules linked in: [ 112.228681] CPU: 1 UID: 0 PID: 671 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 112.229111] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 112.229614] Hardware name: linux,dummy-virt (DT) [ 112.230058] pstate: 11400009 (nzcV daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 112.230873] pc : intlog2+0xd8/0xf8 [ 112.231311] lr : intlog2_test+0xe4/0x200 [ 112.232019] sp : ffff8000821c7c10 [ 112.232617] x29: ffff8000821c7c90 x28: 0000000000000000 x27: 0000000000000000 [ 112.233559] x26: 1ffe00001837e3a1 x25: 0000000000000000 x24: ffff8000821c7ce0 [ 112.234466] x23: ffff8000821c7d00 x22: 0000000000000000 x21: 1ffff00010438f82 [ 112.235071] x20: ffff97b3181fd300 x19: ffff800080087990 x18: 00000000723016f9 [ 112.235436] x17: 00000000f56ab413 x16: fff00000c5d8143c x15: 000000004699ae58 [ 112.235791] x14: 00000000f1f1f1f1 x13: 1ffe00001b48bdcd x12: ffff72f663816589 [ 112.236144] x11: 1ffff2f663816588 x10: ffff72f663816588 x9 : ffff97b315842434 [ 112.236503] x8 : ffff97b31c0b2c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 112.236847] x5 : ffff700010438f82 x4 : 1ffff00010010f3b x3 : 1ffff2f66303fa60 [ 112.237266] x2 : 1ffff2f66303fa60 x1 : 0000000000000003 x0 : 0000000000000000 [ 112.238112] Call trace: [ 112.238455] intlog2+0xd8/0xf8 (P) [ 112.238885] kunit_try_run_case+0x170/0x3f0 [ 112.239389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 112.240079] kthread+0x328/0x630 [ 112.240611] ret_from_fork+0x10/0x20 [ 112.241078] ---[ end trace 0000000000000000 ]---