Date
July 2, 2025, 11:10 a.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 31.129366] ================================================================== [ 31.129429] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 31.129481] Read of size 8 at addr fff00000c91f2b40 by task kunit_try_catch/233 [ 31.129563] [ 31.129607] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.129700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.129727] Hardware name: linux,dummy-virt (DT) [ 31.129769] Call trace: [ 31.129808] show_stack+0x20/0x38 (C) [ 31.129857] dump_stack_lvl+0x8c/0xd0 [ 31.129906] print_report+0x118/0x608 [ 31.130343] kasan_report+0xdc/0x128 [ 31.130400] __asan_report_load8_noabort+0x20/0x30 [ 31.130468] workqueue_uaf+0x480/0x4a8 [ 31.130603] kunit_try_run_case+0x170/0x3f0 [ 31.130700] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.130755] kthread+0x328/0x630 [ 31.130816] ret_from_fork+0x10/0x20 [ 31.130936] [ 31.130976] Allocated by task 233: [ 31.131014] kasan_save_stack+0x3c/0x68 [ 31.131211] kasan_save_track+0x20/0x40 [ 31.131272] kasan_save_alloc_info+0x40/0x58 [ 31.131328] __kasan_kmalloc+0xd4/0xd8 [ 31.131449] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.131508] workqueue_uaf+0x13c/0x4a8 [ 31.131546] kunit_try_run_case+0x170/0x3f0 [ 31.131702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.131801] kthread+0x328/0x630 [ 31.131963] ret_from_fork+0x10/0x20 [ 31.132034] [ 31.132237] Freed by task 9: [ 31.132286] kasan_save_stack+0x3c/0x68 [ 31.132810] kasan_save_track+0x20/0x40 [ 31.132886] kasan_save_free_info+0x4c/0x78 [ 31.132974] __kasan_slab_free+0x6c/0x98 [ 31.133097] kfree+0x214/0x3c8 [ 31.133164] workqueue_uaf_work+0x18/0x30 [ 31.133236] process_one_work+0x530/0xf98 [ 31.133316] worker_thread+0x618/0xf38 [ 31.133433] kthread+0x328/0x630 [ 31.133502] ret_from_fork+0x10/0x20 [ 31.133707] [ 31.133764] Last potentially related work creation: [ 31.133898] kasan_save_stack+0x3c/0x68 [ 31.134037] kasan_record_aux_stack+0xb4/0xc8 [ 31.134129] __queue_work+0x65c/0xfe0 [ 31.134207] queue_work_on+0xbc/0xf8 [ 31.134539] workqueue_uaf+0x210/0x4a8 [ 31.134608] kunit_try_run_case+0x170/0x3f0 [ 31.134685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.134801] kthread+0x328/0x630 [ 31.134851] ret_from_fork+0x10/0x20 [ 31.134887] [ 31.135138] The buggy address belongs to the object at fff00000c91f2b40 [ 31.135138] which belongs to the cache kmalloc-32 of size 32 [ 31.135235] The buggy address is located 0 bytes inside of [ 31.135235] freed 32-byte region [fff00000c91f2b40, fff00000c91f2b60) [ 31.135371] [ 31.135411] The buggy address belongs to the physical page: [ 31.135451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f2 [ 31.135572] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.135669] page_type: f5(slab) [ 31.135771] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.135892] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.135958] page dumped because: kasan: bad access detected [ 31.135990] [ 31.136008] Memory state around the buggy address: [ 31.136324] fff00000c91f2a00: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 31.136426] fff00000c91f2a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.136498] >fff00000c91f2b00: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 31.136737] ^ [ 31.136829] fff00000c91f2b80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.136919] fff00000c91f2c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.137002] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 31.109731] ================================================================== [ 31.109852] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 31.109920] Read of size 4 at addr fff00000c91f2940 by task swapper/0/0 [ 31.109980] [ 31.110018] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.110107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.110135] Hardware name: linux,dummy-virt (DT) [ 31.110167] Call trace: [ 31.110190] show_stack+0x20/0x38 (C) [ 31.110240] dump_stack_lvl+0x8c/0xd0 [ 31.110290] print_report+0x118/0x608 [ 31.110336] kasan_report+0xdc/0x128 [ 31.110383] __asan_report_load4_noabort+0x20/0x30 [ 31.110431] rcu_uaf_reclaim+0x64/0x70 [ 31.110476] rcu_core+0x9f4/0x1e20 [ 31.110525] rcu_core_si+0x18/0x30 [ 31.110571] handle_softirqs+0x374/0xb28 [ 31.110621] __do_softirq+0x1c/0x28 [ 31.110663] ____do_softirq+0x18/0x30 [ 31.110709] call_on_irq_stack+0x24/0x30 [ 31.110754] do_softirq_own_stack+0x24/0x38 [ 31.110799] __irq_exit_rcu+0x1fc/0x318 [ 31.110845] irq_exit_rcu+0x1c/0x80 [ 31.110890] el1_interrupt+0x38/0x58 [ 31.110944] el1h_64_irq_handler+0x18/0x28 [ 31.110990] el1h_64_irq+0x6c/0x70 [ 31.111076] arch_local_irq_enable+0x4/0x8 (P) [ 31.111128] do_idle+0x384/0x4e8 [ 31.111172] cpu_startup_entry+0x64/0x80 [ 31.111218] rest_init+0x160/0x188 [ 31.111263] start_kernel+0x30c/0x3d0 [ 31.111315] __primary_switched+0x8c/0xa0 [ 31.111368] [ 31.111388] Allocated by task 231: [ 31.111416] kasan_save_stack+0x3c/0x68 [ 31.111459] kasan_save_track+0x20/0x40 [ 31.111497] kasan_save_alloc_info+0x40/0x58 [ 31.111535] __kasan_kmalloc+0xd4/0xd8 [ 31.113505] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.113562] rcu_uaf+0xb0/0x2d8 [ 31.113597] kunit_try_run_case+0x170/0x3f0 [ 31.113639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.113683] kthread+0x328/0x630 [ 31.113717] ret_from_fork+0x10/0x20 [ 31.113753] [ 31.113774] Freed by task 0: [ 31.113800] kasan_save_stack+0x3c/0x68 [ 31.113839] kasan_save_track+0x20/0x40 [ 31.113877] kasan_save_free_info+0x4c/0x78 [ 31.113914] __kasan_slab_free+0x6c/0x98 [ 31.113963] kfree+0x214/0x3c8 [ 31.113996] rcu_uaf_reclaim+0x28/0x70 [ 31.114030] rcu_core+0x9f4/0x1e20 [ 31.114065] rcu_core_si+0x18/0x30 [ 31.114100] handle_softirqs+0x374/0xb28 [ 31.114136] __do_softirq+0x1c/0x28 [ 31.114169] [ 31.114199] Last potentially related work creation: [ 31.114235] kasan_save_stack+0x3c/0x68 [ 31.114274] kasan_record_aux_stack+0xb4/0xc8 [ 31.114311] __call_rcu_common.constprop.0+0x74/0x8c8 [ 31.114353] call_rcu+0x18/0x30 [ 31.114385] rcu_uaf+0x14c/0x2d8 [ 31.114420] kunit_try_run_case+0x170/0x3f0 [ 31.114460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.114504] kthread+0x328/0x630 [ 31.114536] ret_from_fork+0x10/0x20 [ 31.114575] [ 31.114602] The buggy address belongs to the object at fff00000c91f2940 [ 31.114602] which belongs to the cache kmalloc-32 of size 32 [ 31.114660] The buggy address is located 0 bytes inside of [ 31.114660] freed 32-byte region [fff00000c91f2940, fff00000c91f2960) [ 31.114722] [ 31.114742] The buggy address belongs to the physical page: [ 31.114774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f2 [ 31.114829] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.114879] page_type: f5(slab) [ 31.114918] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.114979] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.115020] page dumped because: kasan: bad access detected [ 31.115052] [ 31.115071] Memory state around the buggy address: [ 31.115102] fff00000c91f2800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.115145] fff00000c91f2880: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 31.115189] >fff00000c91f2900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.115226] ^ [ 31.115261] fff00000c91f2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.115305] fff00000c91f2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.115344] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 31.017872] ================================================================== [ 31.017963] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 31.018026] Read of size 1 at addr fff00000c91f0200 by task kunit_try_catch/229 [ 31.018087] [ 31.018126] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.018223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.018252] Hardware name: linux,dummy-virt (DT) [ 31.018282] Call trace: [ 31.018306] show_stack+0x20/0x38 (C) [ 31.018361] dump_stack_lvl+0x8c/0xd0 [ 31.018409] print_report+0x118/0x608 [ 31.018457] kasan_report+0xdc/0x128 [ 31.018505] __kasan_check_byte+0x54/0x70 [ 31.018554] ksize+0x30/0x88 [ 31.018609] ksize_uaf+0x168/0x5f8 [ 31.018652] kunit_try_run_case+0x170/0x3f0 [ 31.018701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.018754] kthread+0x328/0x630 [ 31.018797] ret_from_fork+0x10/0x20 [ 31.018844] [ 31.018863] Allocated by task 229: [ 31.018898] kasan_save_stack+0x3c/0x68 [ 31.019535] kasan_save_track+0x20/0x40 [ 31.019604] kasan_save_alloc_info+0x40/0x58 [ 31.020001] __kasan_kmalloc+0xd4/0xd8 [ 31.020114] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.020561] ksize_uaf+0xb8/0x5f8 [ 31.020624] kunit_try_run_case+0x170/0x3f0 [ 31.020702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.020765] kthread+0x328/0x630 [ 31.020822] ret_from_fork+0x10/0x20 [ 31.020974] [ 31.021312] Freed by task 229: [ 31.021398] kasan_save_stack+0x3c/0x68 [ 31.021497] kasan_save_track+0x20/0x40 [ 31.022069] kasan_save_free_info+0x4c/0x78 [ 31.022286] __kasan_slab_free+0x6c/0x98 [ 31.022345] kfree+0x214/0x3c8 [ 31.022460] ksize_uaf+0x11c/0x5f8 [ 31.022529] kunit_try_run_case+0x170/0x3f0 [ 31.022639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.022781] kthread+0x328/0x630 [ 31.022844] ret_from_fork+0x10/0x20 [ 31.022963] [ 31.023014] The buggy address belongs to the object at fff00000c91f0200 [ 31.023014] which belongs to the cache kmalloc-128 of size 128 [ 31.023100] The buggy address is located 0 bytes inside of [ 31.023100] freed 128-byte region [fff00000c91f0200, fff00000c91f0280) [ 31.023237] [ 31.023294] The buggy address belongs to the physical page: [ 31.023438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.023692] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.023794] page_type: f5(slab) [ 31.023881] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.023947] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.024138] page dumped because: kasan: bad access detected [ 31.024319] [ 31.024359] Memory state around the buggy address: [ 31.024407] fff00000c91f0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.024512] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.024576] >fff00000c91f0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.024828] ^ [ 31.025051] fff00000c91f0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.025135] fff00000c91f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.025288] ================================================================== [ 31.036323] ================================================================== [ 31.036651] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 31.036784] Read of size 1 at addr fff00000c91f0278 by task kunit_try_catch/229 [ 31.036841] [ 31.036999] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.037164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.037229] Hardware name: linux,dummy-virt (DT) [ 31.037361] Call trace: [ 31.037429] show_stack+0x20/0x38 (C) [ 31.037484] dump_stack_lvl+0x8c/0xd0 [ 31.037678] print_report+0x118/0x608 [ 31.037732] kasan_report+0xdc/0x128 [ 31.037779] __asan_report_load1_noabort+0x20/0x30 [ 31.037958] ksize_uaf+0x544/0x5f8 [ 31.038037] kunit_try_run_case+0x170/0x3f0 [ 31.038094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.038215] kthread+0x328/0x630 [ 31.038261] ret_from_fork+0x10/0x20 [ 31.038446] [ 31.038469] Allocated by task 229: [ 31.038497] kasan_save_stack+0x3c/0x68 [ 31.038543] kasan_save_track+0x20/0x40 [ 31.038582] kasan_save_alloc_info+0x40/0x58 [ 31.038620] __kasan_kmalloc+0xd4/0xd8 [ 31.038983] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.039132] ksize_uaf+0xb8/0x5f8 [ 31.039200] kunit_try_run_case+0x170/0x3f0 [ 31.039241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.039408] kthread+0x328/0x630 [ 31.039450] ret_from_fork+0x10/0x20 [ 31.039487] [ 31.039507] Freed by task 229: [ 31.039537] kasan_save_stack+0x3c/0x68 [ 31.039907] kasan_save_track+0x20/0x40 [ 31.040058] kasan_save_free_info+0x4c/0x78 [ 31.040229] __kasan_slab_free+0x6c/0x98 [ 31.040306] kfree+0x214/0x3c8 [ 31.040365] ksize_uaf+0x11c/0x5f8 [ 31.040555] kunit_try_run_case+0x170/0x3f0 [ 31.040669] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.040833] kthread+0x328/0x630 [ 31.040873] ret_from_fork+0x10/0x20 [ 31.040911] [ 31.040941] The buggy address belongs to the object at fff00000c91f0200 [ 31.040941] which belongs to the cache kmalloc-128 of size 128 [ 31.041001] The buggy address is located 120 bytes inside of [ 31.041001] freed 128-byte region [fff00000c91f0200, fff00000c91f0280) [ 31.041067] [ 31.041087] The buggy address belongs to the physical page: [ 31.041355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.041531] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.041619] page_type: f5(slab) [ 31.041721] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.041788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.041872] page dumped because: kasan: bad access detected [ 31.042102] [ 31.042284] Memory state around the buggy address: [ 31.042364] fff00000c91f0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.042504] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.042575] >fff00000c91f0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.042706] ^ [ 31.042761] fff00000c91f0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.042829] fff00000c91f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.043008] ================================================================== [ 31.026770] ================================================================== [ 31.026831] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 31.026995] Read of size 1 at addr fff00000c91f0200 by task kunit_try_catch/229 [ 31.027121] [ 31.027168] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.027261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.027454] Hardware name: linux,dummy-virt (DT) [ 31.027488] Call trace: [ 31.027628] show_stack+0x20/0x38 (C) [ 31.027736] dump_stack_lvl+0x8c/0xd0 [ 31.027870] print_report+0x118/0x608 [ 31.027921] kasan_report+0xdc/0x128 [ 31.028268] __asan_report_load1_noabort+0x20/0x30 [ 31.028425] ksize_uaf+0x598/0x5f8 [ 31.028492] kunit_try_run_case+0x170/0x3f0 [ 31.028619] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.028676] kthread+0x328/0x630 [ 31.028741] ret_from_fork+0x10/0x20 [ 31.029083] [ 31.029232] Allocated by task 229: [ 31.029286] kasan_save_stack+0x3c/0x68 [ 31.029621] kasan_save_track+0x20/0x40 [ 31.029755] kasan_save_alloc_info+0x40/0x58 [ 31.029830] __kasan_kmalloc+0xd4/0xd8 [ 31.029869] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.030174] ksize_uaf+0xb8/0x5f8 [ 31.030236] kunit_try_run_case+0x170/0x3f0 [ 31.030360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.030437] kthread+0x328/0x630 [ 31.030550] ret_from_fork+0x10/0x20 [ 31.030598] [ 31.030620] Freed by task 229: [ 31.030667] kasan_save_stack+0x3c/0x68 [ 31.030954] kasan_save_track+0x20/0x40 [ 31.031365] kasan_save_free_info+0x4c/0x78 [ 31.031432] __kasan_slab_free+0x6c/0x98 [ 31.031533] kfree+0x214/0x3c8 [ 31.031598] ksize_uaf+0x11c/0x5f8 [ 31.031753] kunit_try_run_case+0x170/0x3f0 [ 31.031832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.032033] kthread+0x328/0x630 [ 31.032103] ret_from_fork+0x10/0x20 [ 31.032256] [ 31.032338] The buggy address belongs to the object at fff00000c91f0200 [ 31.032338] which belongs to the cache kmalloc-128 of size 128 [ 31.032449] The buggy address is located 0 bytes inside of [ 31.032449] freed 128-byte region [fff00000c91f0200, fff00000c91f0280) [ 31.032915] [ 31.032979] The buggy address belongs to the physical page: [ 31.033067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.033125] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.033191] page_type: f5(slab) [ 31.033394] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.033568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.033665] page dumped because: kasan: bad access detected [ 31.033697] [ 31.033923] Memory state around the buggy address: [ 31.034033] fff00000c91f0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.034132] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.034183] >fff00000c91f0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.034426] ^ [ 31.034653] fff00000c91f0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.034732] fff00000c91f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.034843] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 30.990404] ================================================================== [ 30.990713] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 30.991037] Read of size 1 at addr fff00000c91f0173 by task kunit_try_catch/227 [ 30.991224] [ 30.991259] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.991423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.991451] Hardware name: linux,dummy-virt (DT) [ 30.991663] Call trace: [ 30.991705] show_stack+0x20/0x38 (C) [ 30.992020] dump_stack_lvl+0x8c/0xd0 [ 30.992256] print_report+0x118/0x608 [ 30.992471] kasan_report+0xdc/0x128 [ 30.992642] __asan_report_load1_noabort+0x20/0x30 [ 30.992767] ksize_unpoisons_memory+0x628/0x740 [ 30.992847] kunit_try_run_case+0x170/0x3f0 [ 30.993084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.993267] kthread+0x328/0x630 [ 30.993359] ret_from_fork+0x10/0x20 [ 30.993669] [ 30.993801] Allocated by task 227: [ 30.993941] kasan_save_stack+0x3c/0x68 [ 30.994001] kasan_save_track+0x20/0x40 [ 30.994237] kasan_save_alloc_info+0x40/0x58 [ 30.994327] __kasan_kmalloc+0xd4/0xd8 [ 30.994482] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.994560] ksize_unpoisons_memory+0xc0/0x740 [ 30.994627] kunit_try_run_case+0x170/0x3f0 [ 30.994704] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.994750] kthread+0x328/0x630 [ 30.994812] ret_from_fork+0x10/0x20 [ 30.995119] [ 30.995244] The buggy address belongs to the object at fff00000c91f0100 [ 30.995244] which belongs to the cache kmalloc-128 of size 128 [ 30.995310] The buggy address is located 0 bytes to the right of [ 30.995310] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 30.995412] [ 30.995576] The buggy address belongs to the physical page: [ 30.995670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 30.995884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.996019] page_type: f5(slab) [ 30.996067] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.996409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.996480] page dumped because: kasan: bad access detected [ 30.996614] [ 30.996673] Memory state around the buggy address: [ 30.996733] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.996775] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.996959] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.997165] ^ [ 30.997265] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.997338] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.997404] ================================================================== [ 30.998521] ================================================================== [ 30.998571] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 30.998621] Read of size 1 at addr fff00000c91f0178 by task kunit_try_catch/227 [ 30.998673] [ 30.998703] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.998833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.998891] Hardware name: linux,dummy-virt (DT) [ 30.999467] Call trace: [ 30.999575] show_stack+0x20/0x38 (C) [ 31.000055] dump_stack_lvl+0x8c/0xd0 [ 31.000171] print_report+0x118/0x608 [ 31.000381] kasan_report+0xdc/0x128 [ 31.000488] __asan_report_load1_noabort+0x20/0x30 [ 31.000692] ksize_unpoisons_memory+0x618/0x740 [ 31.000776] kunit_try_run_case+0x170/0x3f0 [ 31.001131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.001220] kthread+0x328/0x630 [ 31.001345] ret_from_fork+0x10/0x20 [ 31.001416] [ 31.001466] Allocated by task 227: [ 31.001570] kasan_save_stack+0x3c/0x68 [ 31.001615] kasan_save_track+0x20/0x40 [ 31.001652] kasan_save_alloc_info+0x40/0x58 [ 31.001722] __kasan_kmalloc+0xd4/0xd8 [ 31.001884] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.002236] ksize_unpoisons_memory+0xc0/0x740 [ 31.002315] kunit_try_run_case+0x170/0x3f0 [ 31.002432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.002501] kthread+0x328/0x630 [ 31.002605] ret_from_fork+0x10/0x20 [ 31.002644] [ 31.002663] The buggy address belongs to the object at fff00000c91f0100 [ 31.002663] which belongs to the cache kmalloc-128 of size 128 [ 31.002939] The buggy address is located 5 bytes to the right of [ 31.002939] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 31.003157] [ 31.003219] The buggy address belongs to the physical page: [ 31.003416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.003491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.003621] page_type: f5(slab) [ 31.003678] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.003737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.003777] page dumped because: kasan: bad access detected [ 31.003810] [ 31.003831] Memory state around the buggy address: [ 31.004134] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.004269] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004390] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.004458] ^ [ 31.004570] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004629] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004712] ================================================================== [ 31.005702] ================================================================== [ 31.005757] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 31.005808] Read of size 1 at addr fff00000c91f017f by task kunit_try_catch/227 [ 31.006153] [ 31.006342] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.006442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.006470] Hardware name: linux,dummy-virt (DT) [ 31.006530] Call trace: [ 31.006666] show_stack+0x20/0x38 (C) [ 31.006874] dump_stack_lvl+0x8c/0xd0 [ 31.006946] print_report+0x118/0x608 [ 31.007029] kasan_report+0xdc/0x128 [ 31.007097] __asan_report_load1_noabort+0x20/0x30 [ 31.007164] ksize_unpoisons_memory+0x690/0x740 [ 31.007270] kunit_try_run_case+0x170/0x3f0 [ 31.007321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.007539] kthread+0x328/0x630 [ 31.007719] ret_from_fork+0x10/0x20 [ 31.007873] [ 31.007986] Allocated by task 227: [ 31.008047] kasan_save_stack+0x3c/0x68 [ 31.008117] kasan_save_track+0x20/0x40 [ 31.008189] kasan_save_alloc_info+0x40/0x58 [ 31.008438] __kasan_kmalloc+0xd4/0xd8 [ 31.008486] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.008689] ksize_unpoisons_memory+0xc0/0x740 [ 31.008771] kunit_try_run_case+0x170/0x3f0 [ 31.008861] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.009006] kthread+0x328/0x630 [ 31.009055] ret_from_fork+0x10/0x20 [ 31.009207] [ 31.009275] The buggy address belongs to the object at fff00000c91f0100 [ 31.009275] which belongs to the cache kmalloc-128 of size 128 [ 31.009397] The buggy address is located 12 bytes to the right of [ 31.009397] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 31.009787] [ 31.009918] The buggy address belongs to the physical page: [ 31.009998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.010133] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.010222] page_type: f5(slab) [ 31.010297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.010442] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.010514] page dumped because: kasan: bad access detected [ 31.010546] [ 31.010810] Memory state around the buggy address: [ 31.010867] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.010985] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011082] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.011150] ^ [ 31.011198] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011243] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011283] ==================================================================
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 33.480958] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x6ec/0x4858 [ 33.499206] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x894/0x4858 [ 33.353966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x40a8/0x4858 [ 33.583281] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc08/0x4858 [ 33.385560] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2b0/0x4858 [ 33.440489] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4e4/0x4858
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 33.306354] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0
Failure - log-parser-boot - bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 33.246980] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0
Failure - log-parser-boot - internal-error-oops-oops-smp
[ 108.284123] Internal error: Oops: 0000000096000005 [#1] SMP [ 108.290258] Modules linked in: [ 108.291206] CPU: 1 UID: 0 PID: 565 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 108.292837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 108.293324] Hardware name: linux,dummy-virt (DT) [ 108.294004] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 108.294338] pc : kunit_test_null_dereference+0x70/0x170 [ 108.294603] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 108.294853] sp : ffff800080e37d30 [ 108.295367] x29: ffff800080e37d90 x28: 0000000000000000 x27: 0000000000000000 [ 108.296319] x26: 1ffe000018dafb81 x25: 0000000000000000 x24: 0000000000000004 [ 108.297143] x23: fff00000c6d7dc0c x22: ffffa1061ea2ecc0 x21: fff00000c1077708 [ 108.297955] x20: 1ffff000101c6fa6 x19: ffff800080087990 x18: 0000000097b873a2 [ 108.298721] x17: 0000000000000000 x16: fff00000da45ed28 x15: 000000003a347fb9 [ 108.299480] x14: 00000000e615f164 x13: 1ffe00001b48bd89 x12: fffd8000191928b4 [ 108.300405] x11: 1ffe0000191928b3 x10: fffd8000191928b3 x9 : ffffa1061ea26450 [ 108.301358] x8 : ffff800080e37c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 108.302223] x5 : ffff7000101c6fa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 108.303022] x2 : dfff800000000000 x1 : fff00000c8c93cc0 x0 : ffff800080087990 [ 108.303468] Call trace: [ 108.303856] kunit_test_null_dereference+0x70/0x170 (P) [ 108.304542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 108.305108] kthread+0x328/0x630 [ 108.305476] ret_from_fork+0x10/0x20 [ 108.306057] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 108.306898] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.917044] ================================================================== [ 63.917112] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 63.917112] [ 63.917198] Use-after-free read at 0x00000000b7c2406e (in kfence-#183): [ 63.917253] test_krealloc+0x51c/0x830 [ 63.917300] kunit_try_run_case+0x170/0x3f0 [ 63.917347] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.917393] kthread+0x328/0x630 [ 63.917434] ret_from_fork+0x10/0x20 [ 63.917476] [ 63.917501] kfence-#183: 0x00000000b7c2406e-0x00000000ff9a0715, size=32, cache=kmalloc-32 [ 63.917501] [ 63.917557] allocated by task 370 on cpu 0 at 63.916403s (0.001150s ago): [ 63.917626] test_alloc+0x29c/0x628 [ 63.917668] test_krealloc+0xc0/0x830 [ 63.917709] kunit_try_run_case+0x170/0x3f0 [ 63.917750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.917795] kthread+0x328/0x630 [ 63.917832] ret_from_fork+0x10/0x20 [ 63.917870] [ 63.917896] freed by task 370 on cpu 0 at 63.916657s (0.001235s ago): [ 63.917972] krealloc_noprof+0x148/0x360 [ 63.918015] test_krealloc+0x1dc/0x830 [ 63.918055] kunit_try_run_case+0x170/0x3f0 [ 63.918095] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.918140] kthread+0x328/0x630 [ 63.918176] ret_from_fork+0x10/0x20 [ 63.918215] [ 63.918260] CPU: 0 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 63.918342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.918373] Hardware name: linux,dummy-virt (DT) [ 63.918409] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.828104] ================================================================== [ 63.828199] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.828199] [ 63.828297] Use-after-free read at 0x00000000819e65fe (in kfence-#182): [ 63.828356] test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.828407] kunit_try_run_case+0x170/0x3f0 [ 63.828456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.828502] kthread+0x328/0x630 [ 63.828543] ret_from_fork+0x10/0x20 [ 63.828584] [ 63.828609] kfence-#182: 0x00000000819e65fe-0x00000000738a8fbd, size=32, cache=test [ 63.828609] [ 63.828664] allocated by task 368 on cpu 1 at 63.815589s (0.013072s ago): [ 63.828736] test_alloc+0x230/0x628 [ 63.828778] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 63.828824] kunit_try_run_case+0x170/0x3f0 [ 63.828864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.828909] kthread+0x328/0x630 [ 63.828962] ret_from_fork+0x10/0x20 [ 63.829003] [ 63.829028] freed by task 368 on cpu 1 at 63.815828s (0.013196s ago): [ 63.829087] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 63.829132] kunit_try_run_case+0x170/0x3f0 [ 63.829173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.829217] kthread+0x328/0x630 [ 63.829254] ret_from_fork+0x10/0x20 [ 63.829294] [ 63.829341] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 63.829422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.829453] Hardware name: linux,dummy-virt (DT) [ 63.829490] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 40.947434] ================================================================== [ 40.947604] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 40.947604] [ 40.947708] Invalid read at 0x0000000076bfa756: [ 40.947822] test_invalid_access+0xdc/0x1f0 [ 40.947892] kunit_try_run_case+0x170/0x3f0 [ 40.947999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.948486] kthread+0x328/0x630 [ 40.948544] ret_from_fork+0x10/0x20 [ 40.948622] [ 40.948676] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 40.948765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.948803] Hardware name: linux,dummy-virt (DT) [ 40.948843] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 40.716205] ================================================================== [ 40.716289] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.716289] [ 40.716351] Corrupted memory at 0x000000008c5b98f3 [ ! . . . . . . . . . . . . . . . ] (in kfence-#178): [ 40.716672] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.716722] kunit_try_run_case+0x170/0x3f0 [ 40.716767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.716812] kthread+0x328/0x630 [ 40.716851] ret_from_fork+0x10/0x20 [ 40.716891] [ 40.716917] kfence-#178: 0x0000000013cb0c2b-0x00000000141f9852, size=73, cache=kmalloc-96 [ 40.716917] [ 40.716990] allocated by task 358 on cpu 0 at 40.715978s (0.001008s ago): [ 40.717057] test_alloc+0x29c/0x628 [ 40.717099] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 40.717144] kunit_try_run_case+0x170/0x3f0 [ 40.717186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.717233] kthread+0x328/0x630 [ 40.717270] ret_from_fork+0x10/0x20 [ 40.717312] [ 40.717336] freed by task 358 on cpu 0 at 40.716120s (0.001212s ago): [ 40.717401] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.717446] kunit_try_run_case+0x170/0x3f0 [ 40.717488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.717532] kthread+0x328/0x630 [ 40.717570] ret_from_fork+0x10/0x20 [ 40.717611] [ 40.717652] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 40.717736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.717767] Hardware name: linux,dummy-virt (DT) [ 40.717801] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 40.612259] ================================================================== [ 40.612359] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 40.612359] [ 40.612461] Out-of-bounds read at 0x000000001873ccf8 (105B right of kfence-#177): [ 40.612527] test_kmalloc_aligned_oob_read+0x238/0x468 [ 40.612580] kunit_try_run_case+0x170/0x3f0 [ 40.612629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.612676] kthread+0x328/0x630 [ 40.612715] ret_from_fork+0x10/0x20 [ 40.612756] [ 40.612781] kfence-#177: 0x0000000022645249-0x0000000087cad463, size=73, cache=kmalloc-96 [ 40.612781] [ 40.612836] allocated by task 356 on cpu 0 at 40.611986s (0.000846s ago): [ 40.612909] test_alloc+0x29c/0x628 [ 40.612965] test_kmalloc_aligned_oob_read+0x100/0x468 [ 40.613011] kunit_try_run_case+0x170/0x3f0 [ 40.613051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.613096] kthread+0x328/0x630 [ 40.613132] ret_from_fork+0x10/0x20 [ 40.613175] [ 40.613223] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 40.613306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.613337] Hardware name: linux,dummy-virt (DT) [ 40.613374] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 36.244060] ================================================================== [ 36.244149] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 36.244149] [ 36.244212] Corrupted memory at 0x000000005fd990ac [ ! . . . . . . . . . . . . . . . ] (in kfence-#135): [ 36.244529] test_corruption+0x120/0x378 [ 36.244577] kunit_try_run_case+0x170/0x3f0 [ 36.244624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.244672] kthread+0x328/0x630 [ 36.244711] ret_from_fork+0x10/0x20 [ 36.244751] [ 36.244776] kfence-#135: 0x000000000b65ec57-0x000000002fc3de55, size=32, cache=test [ 36.244776] [ 36.244834] allocated by task 346 on cpu 1 at 36.243908s (0.000922s ago): [ 36.244896] test_alloc+0x230/0x628 [ 36.244957] test_corruption+0xdc/0x378 [ 36.244999] kunit_try_run_case+0x170/0x3f0 [ 36.245040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.245085] kthread+0x328/0x630 [ 36.245121] ret_from_fork+0x10/0x20 [ 36.245162] [ 36.245188] freed by task 346 on cpu 1 at 36.243978s (0.001206s ago): [ 36.245249] test_corruption+0x120/0x378 [ 36.245291] kunit_try_run_case+0x170/0x3f0 [ 36.245331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.245376] kthread+0x328/0x630 [ 36.245414] ret_from_fork+0x10/0x20 [ 36.245453] [ 36.245499] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.245581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.245613] Hardware name: linux,dummy-virt (DT) [ 36.245647] ================================================================== [ 36.348140] ================================================================== [ 36.348226] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 36.348226] [ 36.348287] Corrupted memory at 0x00000000b6e0cf32 [ ! ] (in kfence-#136): [ 36.348410] test_corruption+0x1d8/0x378 [ 36.348458] kunit_try_run_case+0x170/0x3f0 [ 36.348506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.348553] kthread+0x328/0x630 [ 36.348593] ret_from_fork+0x10/0x20 [ 36.348634] [ 36.348658] kfence-#136: 0x000000005618277b-0x00000000e1513fde, size=32, cache=test [ 36.348658] [ 36.348715] allocated by task 346 on cpu 1 at 36.348004s (0.000708s ago): [ 36.348779] test_alloc+0x230/0x628 [ 36.348822] test_corruption+0x198/0x378 [ 36.348865] kunit_try_run_case+0x170/0x3f0 [ 36.348908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.348969] kthread+0x328/0x630 [ 36.349006] ret_from_fork+0x10/0x20 [ 36.349045] [ 36.349071] freed by task 346 on cpu 1 at 36.348061s (0.001007s ago): [ 36.349134] test_corruption+0x1d8/0x378 [ 36.349176] kunit_try_run_case+0x170/0x3f0 [ 36.349218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.349263] kthread+0x328/0x630 [ 36.349300] ret_from_fork+0x10/0x20 [ 36.349341] [ 36.349383] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.349466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.349499] Hardware name: linux,dummy-virt (DT) [ 36.349533] ================================================================== [ 35.932245] ================================================================== [ 35.932355] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 35.932355] [ 35.932423] Corrupted memory at 0x0000000085b761ed [ ! . . . . . . . . . . . . . . . ] (in kfence-#132): [ 35.933563] test_corruption+0x278/0x378 [ 35.933617] kunit_try_run_case+0x170/0x3f0 [ 35.933666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.933713] kthread+0x328/0x630 [ 35.933754] ret_from_fork+0x10/0x20 [ 35.933796] [ 35.933821] kfence-#132: 0x0000000049b0c94c-0x0000000046b7e804, size=32, cache=kmalloc-32 [ 35.933821] [ 35.933881] allocated by task 344 on cpu 1 at 35.932004s (0.001874s ago): [ 35.933959] test_alloc+0x29c/0x628 [ 35.934002] test_corruption+0xdc/0x378 [ 35.934043] kunit_try_run_case+0x170/0x3f0 [ 35.934086] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.934134] kthread+0x328/0x630 [ 35.934170] ret_from_fork+0x10/0x20 [ 35.934209] [ 35.934233] freed by task 344 on cpu 1 at 35.932070s (0.002159s ago): [ 35.934295] test_corruption+0x278/0x378 [ 35.934335] kunit_try_run_case+0x170/0x3f0 [ 35.934377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.934422] kthread+0x328/0x630 [ 35.934459] ret_from_fork+0x10/0x20 [ 35.934498] [ 35.934545] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.934630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.934660] Hardware name: linux,dummy-virt (DT) [ 35.934696] ================================================================== [ 36.140245] ================================================================== [ 36.140335] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 36.140335] [ 36.140396] Corrupted memory at 0x00000000fab370a7 [ ! ] (in kfence-#134): [ 36.140528] test_corruption+0x284/0x378 [ 36.140575] kunit_try_run_case+0x170/0x3f0 [ 36.140621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.140668] kthread+0x328/0x630 [ 36.140707] ret_from_fork+0x10/0x20 [ 36.140749] [ 36.140774] kfence-#134: 0x00000000f9727db0-0x000000004e27c4e3, size=32, cache=kmalloc-32 [ 36.140774] [ 36.140831] allocated by task 344 on cpu 1 at 36.139970s (0.000857s ago): [ 36.140895] test_alloc+0x29c/0x628 [ 36.140954] test_corruption+0x198/0x378 [ 36.140995] kunit_try_run_case+0x170/0x3f0 [ 36.141037] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.141081] kthread+0x328/0x630 [ 36.141120] ret_from_fork+0x10/0x20 [ 36.141159] [ 36.141183] freed by task 344 on cpu 1 at 36.140075s (0.001105s ago): [ 36.141246] test_corruption+0x284/0x378 [ 36.141288] kunit_try_run_case+0x170/0x3f0 [ 36.141330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.141374] kthread+0x328/0x630 [ 36.141412] ret_from_fork+0x10/0x20 [ 36.141452] [ 36.141496] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 36.141579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.141610] Hardware name: linux,dummy-virt (DT) [ 36.141646] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 35.620624] ================================================================== [ 35.620721] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 35.620721] [ 35.620970] Invalid free of 0x0000000077e571a3 (in kfence-#129): [ 35.621048] test_invalid_addr_free+0x1ac/0x238 [ 35.621280] kunit_try_run_case+0x170/0x3f0 [ 35.621348] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.621430] kthread+0x328/0x630 [ 35.621472] ret_from_fork+0x10/0x20 [ 35.621520] [ 35.621546] kfence-#129: 0x00000000aede2ff6-0x000000005708fff7, size=32, cache=kmalloc-32 [ 35.621546] [ 35.621903] allocated by task 340 on cpu 1 at 35.620194s (0.001681s ago): [ 35.621986] test_alloc+0x29c/0x628 [ 35.622097] test_invalid_addr_free+0xd4/0x238 [ 35.622166] kunit_try_run_case+0x170/0x3f0 [ 35.622210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.622286] kthread+0x328/0x630 [ 35.622333] ret_from_fork+0x10/0x20 [ 35.622376] [ 35.622674] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.622803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.622893] Hardware name: linux,dummy-virt (DT) [ 35.622944] ================================================================== [ 35.725719] ================================================================== [ 35.725792] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 35.725792] [ 35.725847] Invalid free of 0x0000000083ebad82 (in kfence-#130): [ 35.726210] test_invalid_addr_free+0xec/0x238 [ 35.726288] kunit_try_run_case+0x170/0x3f0 [ 35.726355] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.726409] kthread+0x328/0x630 [ 35.726703] ret_from_fork+0x10/0x20 [ 35.726768] [ 35.726794] kfence-#130: 0x000000001e9031b0-0x0000000060315d60, size=32, cache=test [ 35.726794] [ 35.727270] allocated by task 342 on cpu 1 at 35.725520s (0.001329s ago): [ 35.727538] test_alloc+0x230/0x628 [ 35.728167] test_invalid_addr_free+0xd4/0x238 [ 35.728287] kunit_try_run_case+0x170/0x3f0 [ 35.728436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.728496] kthread+0x328/0x630 [ 35.728867] ret_from_fork+0x10/0x20 [ 35.728989] [ 35.729075] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.729224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.729293] Hardware name: linux,dummy-virt (DT) [ 35.729416] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 35.409144] ================================================================== [ 35.409239] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 35.409239] [ 35.409315] Invalid free of 0x00000000259f8d2b (in kfence-#127): [ 35.409386] test_double_free+0x1bc/0x238 [ 35.409434] kunit_try_run_case+0x170/0x3f0 [ 35.409482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.409530] kthread+0x328/0x630 [ 35.409570] ret_from_fork+0x10/0x20 [ 35.409623] [ 35.409650] kfence-#127: 0x00000000259f8d2b-0x0000000039c44183, size=32, cache=kmalloc-32 [ 35.409650] [ 35.409714] allocated by task 336 on cpu 1 at 35.408755s (0.000954s ago): [ 35.409790] test_alloc+0x29c/0x628 [ 35.409833] test_double_free+0xd4/0x238 [ 35.409876] kunit_try_run_case+0x170/0x3f0 [ 35.409938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.409985] kthread+0x328/0x630 [ 35.410022] ret_from_fork+0x10/0x20 [ 35.410062] [ 35.410086] freed by task 336 on cpu 1 at 35.408866s (0.001216s ago): [ 35.410151] test_double_free+0x1ac/0x238 [ 35.410193] kunit_try_run_case+0x170/0x3f0 [ 35.410234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.410279] kthread+0x328/0x630 [ 35.410315] ret_from_fork+0x10/0x20 [ 35.410355] [ 35.410411] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.410506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.410537] Hardware name: linux,dummy-virt (DT) [ 35.410579] ================================================================== [ 35.513985] ================================================================== [ 35.514071] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 35.514071] [ 35.514232] Invalid free of 0x00000000a33d5bb6 (in kfence-#128): [ 35.514309] test_double_free+0x100/0x238 [ 35.514376] kunit_try_run_case+0x170/0x3f0 [ 35.514766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.514892] kthread+0x328/0x630 [ 35.514947] ret_from_fork+0x10/0x20 [ 35.514989] [ 35.515016] kfence-#128: 0x00000000a33d5bb6-0x00000000e002a32a, size=32, cache=test [ 35.515016] [ 35.515126] allocated by task 338 on cpu 1 at 35.513139s (0.001982s ago): [ 35.515202] test_alloc+0x230/0x628 [ 35.515250] test_double_free+0xd4/0x238 [ 35.515290] kunit_try_run_case+0x170/0x3f0 [ 35.515337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.515382] kthread+0x328/0x630 [ 35.515428] ret_from_fork+0x10/0x20 [ 35.515468] [ 35.515492] freed by task 338 on cpu 1 at 35.513387s (0.002102s ago): [ 35.516052] test_double_free+0xf0/0x238 [ 35.516216] kunit_try_run_case+0x170/0x3f0 [ 35.516330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.516511] kthread+0x328/0x630 [ 35.516565] ret_from_fork+0x10/0x20 [ 35.516625] [ 35.517106] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.517496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.517609] Hardware name: linux,dummy-virt (DT) [ 35.517651] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 35.097237] ================================================================== [ 35.097315] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 35.097315] [ 35.097670] Use-after-free read at 0x000000007b04c569 (in kfence-#124): [ 35.097761] test_use_after_free_read+0x114/0x248 [ 35.097905] kunit_try_run_case+0x170/0x3f0 [ 35.097980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.098088] kthread+0x328/0x630 [ 35.098134] ret_from_fork+0x10/0x20 [ 35.098173] [ 35.098199] kfence-#124: 0x000000007b04c569-0x0000000052c533a9, size=32, cache=test [ 35.098199] [ 35.098501] allocated by task 330 on cpu 1 at 35.096647s (0.001603s ago): [ 35.098593] test_alloc+0x230/0x628 [ 35.098637] test_use_after_free_read+0xd0/0x248 [ 35.098791] kunit_try_run_case+0x170/0x3f0 [ 35.098836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.098896] kthread+0x328/0x630 [ 35.099022] ret_from_fork+0x10/0x20 [ 35.099065] [ 35.099104] freed by task 330 on cpu 1 at 35.096975s (0.002119s ago): [ 35.099508] test_use_after_free_read+0xf0/0x248 [ 35.099650] kunit_try_run_case+0x170/0x3f0 [ 35.099740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.099883] kthread+0x328/0x630 [ 35.099982] ret_from_fork+0x10/0x20 [ 35.100035] [ 35.100359] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.100534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.100613] Hardware name: linux,dummy-virt (DT) [ 35.100996] ================================================================== [ 34.997921] ================================================================== [ 34.998110] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 34.998110] [ 34.998244] Use-after-free read at 0x00000000680750e7 (in kfence-#123): [ 34.998654] test_use_after_free_read+0x114/0x248 [ 34.998728] kunit_try_run_case+0x170/0x3f0 [ 34.998782] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.998828] kthread+0x328/0x630 [ 34.998946] ret_from_fork+0x10/0x20 [ 34.999013] [ 34.999039] kfence-#123: 0x00000000680750e7-0x000000004925b434, size=32, cache=kmalloc-32 [ 34.999039] [ 34.999501] allocated by task 328 on cpu 1 at 34.997274s (0.002218s ago): [ 34.999634] test_alloc+0x29c/0x628 [ 34.999817] test_use_after_free_read+0xd0/0x248 [ 34.999896] kunit_try_run_case+0x170/0x3f0 [ 35.000045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.000096] kthread+0x328/0x630 [ 35.000143] ret_from_fork+0x10/0x20 [ 35.000456] [ 35.001657] freed by task 328 on cpu 1 at 34.997352s (0.003423s ago): [ 35.002333] test_use_after_free_read+0x1c0/0x248 [ 35.002390] kunit_try_run_case+0x170/0x3f0 [ 35.002435] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.002482] kthread+0x328/0x630 [ 35.002596] ret_from_fork+0x10/0x20 [ 35.002704] [ 35.002821] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.002939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.002972] Hardware name: linux,dummy-virt (DT) [ 35.003010] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 34.781987] ================================================================== [ 34.782058] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 34.782058] [ 34.782145] Out-of-bounds write at 0x000000008349ab00 (1B left of kfence-#121): [ 34.782205] test_out_of_bounds_write+0x100/0x240 [ 34.782264] kunit_try_run_case+0x170/0x3f0 [ 34.782311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.782364] kthread+0x328/0x630 [ 34.782413] ret_from_fork+0x10/0x20 [ 34.782463] [ 34.782498] kfence-#121: 0x000000003c67233e-0x00000000a5ee97bf, size=32, cache=kmalloc-32 [ 34.782498] [ 34.782553] allocated by task 324 on cpu 1 at 34.781546s (0.001004s ago): [ 34.782634] test_alloc+0x29c/0x628 [ 34.782675] test_out_of_bounds_write+0xc8/0x240 [ 34.782719] kunit_try_run_case+0x170/0x3f0 [ 34.782758] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.782803] kthread+0x328/0x630 [ 34.782839] ret_from_fork+0x10/0x20 [ 34.782886] [ 34.782943] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.783027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.783058] Hardware name: linux,dummy-virt (DT) [ 34.783103] ================================================================== [ 34.889413] ================================================================== [ 34.889496] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 34.889496] [ 34.889578] Out-of-bounds write at 0x00000000cd6b1d81 (1B left of kfence-#122): [ 34.889728] test_out_of_bounds_write+0x100/0x240 [ 34.889785] kunit_try_run_case+0x170/0x3f0 [ 34.889847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.890240] kthread+0x328/0x630 [ 34.890288] ret_from_fork+0x10/0x20 [ 34.890549] [ 34.890639] kfence-#122: 0x00000000416f8ed5-0x00000000ba181160, size=32, cache=test [ 34.890639] [ 34.891057] allocated by task 326 on cpu 1 at 34.889294s (0.001754s ago): [ 34.891196] test_alloc+0x230/0x628 [ 34.891276] test_out_of_bounds_write+0xc8/0x240 [ 34.891323] kunit_try_run_case+0x170/0x3f0 [ 34.891381] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.891493] kthread+0x328/0x630 [ 34.891540] ret_from_fork+0x10/0x20 [ 34.891613] [ 34.892023] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.892228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.892319] Hardware name: linux,dummy-virt (DT) [ 34.892403] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 34.249145] ================================================================== [ 34.249284] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 34.249284] [ 34.249414] Out-of-bounds read at 0x00000000fcab1f98 (1B left of kfence-#116): [ 34.249705] test_out_of_bounds_read+0x114/0x3e0 [ 34.249764] kunit_try_run_case+0x170/0x3f0 [ 34.249814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.249871] kthread+0x328/0x630 [ 34.249941] ret_from_fork+0x10/0x20 [ 34.249990] [ 34.250152] kfence-#116: 0x0000000068b833ae-0x00000000be7e10a7, size=32, cache=kmalloc-32 [ 34.250152] [ 34.250333] allocated by task 320 on cpu 1 at 34.248104s (0.002162s ago): [ 34.250660] test_alloc+0x29c/0x628 [ 34.250720] test_out_of_bounds_read+0xdc/0x3e0 [ 34.250786] kunit_try_run_case+0x170/0x3f0 [ 34.250831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.251191] kthread+0x328/0x630 [ 34.251500] ret_from_fork+0x10/0x20 [ 34.251654] [ 34.251757] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.251876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.251908] Hardware name: linux,dummy-virt (DT) [ 34.251963] ================================================================== [ 34.354450] ================================================================== [ 34.354537] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 34.354537] [ 34.355012] Out-of-bounds read at 0x00000000f070b767 (32B right of kfence-#117): [ 34.355093] test_out_of_bounds_read+0x1c8/0x3e0 [ 34.355229] kunit_try_run_case+0x170/0x3f0 [ 34.355282] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.355328] kthread+0x328/0x630 [ 34.355374] ret_from_fork+0x10/0x20 [ 34.355417] [ 34.355442] kfence-#117: 0x00000000419b9e69-0x00000000740a4155, size=32, cache=kmalloc-32 [ 34.355442] [ 34.355848] allocated by task 320 on cpu 1 at 34.354060s (0.001748s ago): [ 34.355994] test_alloc+0x29c/0x628 [ 34.356039] test_out_of_bounds_read+0x198/0x3e0 [ 34.356082] kunit_try_run_case+0x170/0x3f0 [ 34.356503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.356665] kthread+0x328/0x630 [ 34.356753] ret_from_fork+0x10/0x20 [ 34.356846] [ 34.356987] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.357076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.357385] Hardware name: linux,dummy-virt (DT) [ 34.357476] ================================================================== [ 34.672801] ================================================================== [ 34.672904] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 34.672904] [ 34.673008] Out-of-bounds read at 0x0000000014a9cce5 (32B right of kfence-#120): [ 34.673070] test_out_of_bounds_read+0x1c8/0x3e0 [ 34.673119] kunit_try_run_case+0x170/0x3f0 [ 34.673170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.673216] kthread+0x328/0x630 [ 34.673256] ret_from_fork+0x10/0x20 [ 34.673297] [ 34.673324] kfence-#120: 0x0000000020217ca0-0x00000000e7b63795, size=32, cache=test [ 34.673324] [ 34.673377] allocated by task 322 on cpu 1 at 34.672718s (0.000655s ago): [ 34.673448] test_alloc+0x230/0x628 [ 34.673491] test_out_of_bounds_read+0x198/0x3e0 [ 34.673533] kunit_try_run_case+0x170/0x3f0 [ 34.673584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.673637] kthread+0x328/0x630 [ 34.673687] ret_from_fork+0x10/0x20 [ 34.673728] [ 34.673776] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.673859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.673891] Hardware name: linux,dummy-virt (DT) [ 34.673937] ================================================================== [ 34.462409] ================================================================== [ 34.462515] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 34.462515] [ 34.462790] Out-of-bounds read at 0x00000000f90372f7 (1B left of kfence-#118): [ 34.462873] test_out_of_bounds_read+0x114/0x3e0 [ 34.462937] kunit_try_run_case+0x170/0x3f0 [ 34.462983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.463029] kthread+0x328/0x630 [ 34.463066] ret_from_fork+0x10/0x20 [ 34.463109] [ 34.463135] kfence-#118: 0x0000000006c3d5f0-0x00000000c2ef70b2, size=32, cache=test [ 34.463135] [ 34.463269] allocated by task 322 on cpu 1 at 34.462276s (0.000908s ago): [ 34.463412] test_alloc+0x230/0x628 [ 34.463455] test_out_of_bounds_read+0xdc/0x3e0 [ 34.463508] kunit_try_run_case+0x170/0x3f0 [ 34.463561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.463854] kthread+0x328/0x630 [ 34.464254] ret_from_fork+0x10/0x20 [ 34.464393] [ 34.464462] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.465264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.465366] Hardware name: linux,dummy-virt (DT) [ 34.465416] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 34.049884] ================================================================== [ 34.049952] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 34.050006] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.050061] [ 34.050092] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.050424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.050468] Hardware name: linux,dummy-virt (DT) [ 34.050500] Call trace: [ 34.050855] show_stack+0x20/0x38 (C) [ 34.051126] dump_stack_lvl+0x8c/0xd0 [ 34.051348] print_report+0x118/0x608 [ 34.051460] kasan_report+0xdc/0x128 [ 34.051596] kasan_check_range+0x100/0x1a8 [ 34.051647] __kasan_check_write+0x20/0x30 [ 34.052343] strncpy_from_user+0x3c/0x2a0 [ 34.052464] copy_user_test_oob+0x5c0/0xec8 [ 34.052515] kunit_try_run_case+0x170/0x3f0 [ 34.052569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.052638] kthread+0x328/0x630 [ 34.052729] ret_from_fork+0x10/0x20 [ 34.052806] [ 34.052831] Allocated by task 318: [ 34.052863] kasan_save_stack+0x3c/0x68 [ 34.052908] kasan_save_track+0x20/0x40 [ 34.052961] kasan_save_alloc_info+0x40/0x58 [ 34.053290] __kasan_kmalloc+0xd4/0xd8 [ 34.053869] __kmalloc_noprof+0x198/0x4c8 [ 34.053964] kunit_kmalloc_array+0x34/0x88 [ 34.054006] copy_user_test_oob+0xac/0xec8 [ 34.054060] kunit_try_run_case+0x170/0x3f0 [ 34.054102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.054326] kthread+0x328/0x630 [ 34.054573] ret_from_fork+0x10/0x20 [ 34.054616] [ 34.054638] The buggy address belongs to the object at fff00000c8dc5900 [ 34.054638] which belongs to the cache kmalloc-128 of size 128 [ 34.054701] The buggy address is located 0 bytes inside of [ 34.054701] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.055053] [ 34.055143] The buggy address belongs to the physical page: [ 34.055178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.055236] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.055655] page_type: f5(slab) [ 34.055704] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.055759] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.055802] page dumped because: kasan: bad access detected [ 34.055837] [ 34.055858] Memory state around the buggy address: [ 34.055896] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.055984] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056031] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.056163] ^ [ 34.056213] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056650] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056891] ================================================================== [ 34.057809] ================================================================== [ 34.058005] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 34.058383] Write of size 1 at addr fff00000c8dc5978 by task kunit_try_catch/318 [ 34.058735] [ 34.058847] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.058997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.059027] Hardware name: linux,dummy-virt (DT) [ 34.059059] Call trace: [ 34.059085] show_stack+0x20/0x38 (C) [ 34.059179] dump_stack_lvl+0x8c/0xd0 [ 34.059453] print_report+0x118/0x608 [ 34.059504] kasan_report+0xdc/0x128 [ 34.059652] __asan_report_store1_noabort+0x20/0x30 [ 34.059938] strncpy_from_user+0x270/0x2a0 [ 34.060084] copy_user_test_oob+0x5c0/0xec8 [ 34.060145] kunit_try_run_case+0x170/0x3f0 [ 34.060210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.060321] kthread+0x328/0x630 [ 34.060367] ret_from_fork+0x10/0x20 [ 34.060416] [ 34.060437] Allocated by task 318: [ 34.060471] kasan_save_stack+0x3c/0x68 [ 34.060556] kasan_save_track+0x20/0x40 [ 34.060597] kasan_save_alloc_info+0x40/0x58 [ 34.060871] __kasan_kmalloc+0xd4/0xd8 [ 34.061113] __kmalloc_noprof+0x198/0x4c8 [ 34.061157] kunit_kmalloc_array+0x34/0x88 [ 34.061198] copy_user_test_oob+0xac/0xec8 [ 34.061240] kunit_try_run_case+0x170/0x3f0 [ 34.061282] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.061370] kthread+0x328/0x630 [ 34.061508] ret_from_fork+0x10/0x20 [ 34.061610] [ 34.061656] The buggy address belongs to the object at fff00000c8dc5900 [ 34.061656] which belongs to the cache kmalloc-128 of size 128 [ 34.061719] The buggy address is located 0 bytes to the right of [ 34.061719] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.061786] [ 34.061810] The buggy address belongs to the physical page: [ 34.061852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.061974] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.062024] page_type: f5(slab) [ 34.062090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.062144] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.062188] page dumped because: kasan: bad access detected [ 34.062612] [ 34.062646] Memory state around the buggy address: [ 34.062682] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.062728] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.062771] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.062813] ^ [ 34.063406] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.063466] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.063509] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 34.027415] ================================================================== [ 34.027470] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.027657] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.027806] [ 34.027905] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.028217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.028249] Hardware name: linux,dummy-virt (DT) [ 34.028298] Call trace: [ 34.028323] show_stack+0x20/0x38 (C) [ 34.028500] dump_stack_lvl+0x8c/0xd0 [ 34.028742] print_report+0x118/0x608 [ 34.028810] kasan_report+0xdc/0x128 [ 34.028858] kasan_check_range+0x100/0x1a8 [ 34.028936] __kasan_check_read+0x20/0x30 [ 34.029171] copy_user_test_oob+0x3c8/0xec8 [ 34.029221] kunit_try_run_case+0x170/0x3f0 [ 34.029313] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.029491] kthread+0x328/0x630 [ 34.029624] ret_from_fork+0x10/0x20 [ 34.029766] [ 34.029842] Allocated by task 318: [ 34.029879] kasan_save_stack+0x3c/0x68 [ 34.030351] kasan_save_track+0x20/0x40 [ 34.030402] kasan_save_alloc_info+0x40/0x58 [ 34.030446] __kasan_kmalloc+0xd4/0xd8 [ 34.030486] __kmalloc_noprof+0x198/0x4c8 [ 34.030940] kunit_kmalloc_array+0x34/0x88 [ 34.030995] copy_user_test_oob+0xac/0xec8 [ 34.031472] kunit_try_run_case+0x170/0x3f0 [ 34.031519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.032073] kthread+0x328/0x630 [ 34.032117] ret_from_fork+0x10/0x20 [ 34.032158] [ 34.032234] The buggy address belongs to the object at fff00000c8dc5900 [ 34.032234] which belongs to the cache kmalloc-128 of size 128 [ 34.032656] The buggy address is located 0 bytes inside of [ 34.032656] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.032736] [ 34.032763] The buggy address belongs to the physical page: [ 34.033075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.033136] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.033188] page_type: f5(slab) [ 34.033574] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.033632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.033676] page dumped because: kasan: bad access detected [ 34.034014] [ 34.034038] Memory state around the buggy address: [ 34.034074] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.034446] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.034505] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.034546] ^ [ 34.034935] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.034990] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.035034] ================================================================== [ 34.022430] ================================================================== [ 34.022520] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.022607] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.022904] [ 34.022952] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.023053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.023197] Hardware name: linux,dummy-virt (DT) [ 34.023249] Call trace: [ 34.023274] show_stack+0x20/0x38 (C) [ 34.023511] dump_stack_lvl+0x8c/0xd0 [ 34.023630] print_report+0x118/0x608 [ 34.023681] kasan_report+0xdc/0x128 [ 34.023794] kasan_check_range+0x100/0x1a8 [ 34.023843] __kasan_check_write+0x20/0x30 [ 34.023937] copy_user_test_oob+0x35c/0xec8 [ 34.023988] kunit_try_run_case+0x170/0x3f0 [ 34.024040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024096] kthread+0x328/0x630 [ 34.024140] ret_from_fork+0x10/0x20 [ 34.024191] [ 34.024239] Allocated by task 318: [ 34.024271] kasan_save_stack+0x3c/0x68 [ 34.024346] kasan_save_track+0x20/0x40 [ 34.024387] kasan_save_alloc_info+0x40/0x58 [ 34.024428] __kasan_kmalloc+0xd4/0xd8 [ 34.024469] __kmalloc_noprof+0x198/0x4c8 [ 34.024510] kunit_kmalloc_array+0x34/0x88 [ 34.024552] copy_user_test_oob+0xac/0xec8 [ 34.024654] kunit_try_run_case+0x170/0x3f0 [ 34.024752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024800] kthread+0x328/0x630 [ 34.024835] ret_from_fork+0x10/0x20 [ 34.024875] [ 34.025166] The buggy address belongs to the object at fff00000c8dc5900 [ 34.025166] which belongs to the cache kmalloc-128 of size 128 [ 34.025243] The buggy address is located 0 bytes inside of [ 34.025243] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.025423] [ 34.025514] The buggy address belongs to the physical page: [ 34.025588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.025706] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.025758] page_type: f5(slab) [ 34.025809] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.025956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.026197] page dumped because: kasan: bad access detected [ 34.026233] [ 34.026254] Memory state around the buggy address: [ 34.026290] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.026335] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026382] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.026425] ^ [ 34.026468] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026521] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026564] ================================================================== [ 34.042856] ================================================================== [ 34.042922] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.042984] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.043048] [ 34.043155] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.043324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.043353] Hardware name: linux,dummy-virt (DT) [ 34.043409] Call trace: [ 34.043433] show_stack+0x20/0x38 (C) [ 34.043486] dump_stack_lvl+0x8c/0xd0 [ 34.044236] print_report+0x118/0x608 [ 34.044327] kasan_report+0xdc/0x128 [ 34.044786] kasan_check_range+0x100/0x1a8 [ 34.044837] __kasan_check_read+0x20/0x30 [ 34.044886] copy_user_test_oob+0x4a0/0xec8 [ 34.044967] kunit_try_run_case+0x170/0x3f0 [ 34.045022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.045078] kthread+0x328/0x630 [ 34.045121] ret_from_fork+0x10/0x20 [ 34.045460] [ 34.045526] Allocated by task 318: [ 34.045559] kasan_save_stack+0x3c/0x68 [ 34.045607] kasan_save_track+0x20/0x40 [ 34.045892] kasan_save_alloc_info+0x40/0x58 [ 34.046000] __kasan_kmalloc+0xd4/0xd8 [ 34.046043] __kmalloc_noprof+0x198/0x4c8 [ 34.046292] kunit_kmalloc_array+0x34/0x88 [ 34.046335] copy_user_test_oob+0xac/0xec8 [ 34.046382] kunit_try_run_case+0x170/0x3f0 [ 34.046424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.046472] kthread+0x328/0x630 [ 34.046510] ret_from_fork+0x10/0x20 [ 34.046595] [ 34.046713] The buggy address belongs to the object at fff00000c8dc5900 [ 34.046713] which belongs to the cache kmalloc-128 of size 128 [ 34.047048] The buggy address is located 0 bytes inside of [ 34.047048] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.047134] [ 34.047235] The buggy address belongs to the physical page: [ 34.047331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.047419] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.047595] page_type: f5(slab) [ 34.047637] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.047728] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.047772] page dumped because: kasan: bad access detected [ 34.047807] [ 34.048138] Memory state around the buggy address: [ 34.048178] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.048227] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.048273] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.048314] ^ [ 34.048356] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.048709] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.049010] ================================================================== [ 34.036225] ================================================================== [ 34.036281] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.036334] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.036388] [ 34.036421] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.036512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.036541] Hardware name: linux,dummy-virt (DT) [ 34.036575] Call trace: [ 34.036600] show_stack+0x20/0x38 (C) [ 34.036652] dump_stack_lvl+0x8c/0xd0 [ 34.036702] print_report+0x118/0x608 [ 34.036753] kasan_report+0xdc/0x128 [ 34.036800] kasan_check_range+0x100/0x1a8 [ 34.036849] __kasan_check_write+0x20/0x30 [ 34.036897] copy_user_test_oob+0x434/0xec8 [ 34.037495] kunit_try_run_case+0x170/0x3f0 [ 34.037642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.037700] kthread+0x328/0x630 [ 34.037744] ret_from_fork+0x10/0x20 [ 34.037796] [ 34.037823] Allocated by task 318: [ 34.037971] kasan_save_stack+0x3c/0x68 [ 34.038171] kasan_save_track+0x20/0x40 [ 34.038211] kasan_save_alloc_info+0x40/0x58 [ 34.038337] __kasan_kmalloc+0xd4/0xd8 [ 34.038506] __kmalloc_noprof+0x198/0x4c8 [ 34.038560] kunit_kmalloc_array+0x34/0x88 [ 34.038601] copy_user_test_oob+0xac/0xec8 [ 34.038641] kunit_try_run_case+0x170/0x3f0 [ 34.038683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.038736] kthread+0x328/0x630 [ 34.038896] ret_from_fork+0x10/0x20 [ 34.038967] [ 34.038990] The buggy address belongs to the object at fff00000c8dc5900 [ 34.038990] which belongs to the cache kmalloc-128 of size 128 [ 34.039052] The buggy address is located 0 bytes inside of [ 34.039052] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.039118] [ 34.039140] The buggy address belongs to the physical page: [ 34.039174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.039312] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.039372] page_type: f5(slab) [ 34.039412] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.040137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.040195] page dumped because: kasan: bad access detected [ 34.040346] [ 34.040368] Memory state around the buggy address: [ 34.040671] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.040745] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.040790] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.040831] ^ [ 34.041150] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.041406] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.041449] ================================================================== [ 34.012786] ================================================================== [ 34.012844] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.012898] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.012967] [ 34.013000] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.013089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.013119] Hardware name: linux,dummy-virt (DT) [ 34.013152] Call trace: [ 34.013179] show_stack+0x20/0x38 (C) [ 34.013231] dump_stack_lvl+0x8c/0xd0 [ 34.013280] print_report+0x118/0x608 [ 34.013330] kasan_report+0xdc/0x128 [ 34.013378] kasan_check_range+0x100/0x1a8 [ 34.013426] __kasan_check_read+0x20/0x30 [ 34.013473] copy_user_test_oob+0x728/0xec8 [ 34.013526] kunit_try_run_case+0x170/0x3f0 [ 34.013578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.013635] kthread+0x328/0x630 [ 34.013679] ret_from_fork+0x10/0x20 [ 34.013728] [ 34.013750] Allocated by task 318: [ 34.013780] kasan_save_stack+0x3c/0x68 [ 34.013824] kasan_save_track+0x20/0x40 [ 34.013864] kasan_save_alloc_info+0x40/0x58 [ 34.013904] __kasan_kmalloc+0xd4/0xd8 [ 34.013978] __kmalloc_noprof+0x198/0x4c8 [ 34.014021] kunit_kmalloc_array+0x34/0x88 [ 34.014061] copy_user_test_oob+0xac/0xec8 [ 34.014255] kunit_try_run_case+0x170/0x3f0 [ 34.014455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.014590] kthread+0x328/0x630 [ 34.014627] ret_from_fork+0x10/0x20 [ 34.014684] [ 34.014705] The buggy address belongs to the object at fff00000c8dc5900 [ 34.014705] which belongs to the cache kmalloc-128 of size 128 [ 34.014897] The buggy address is located 0 bytes inside of [ 34.014897] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.015199] [ 34.015223] The buggy address belongs to the physical page: [ 34.015257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.015505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.015624] page_type: f5(slab) [ 34.015706] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.015834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.015878] page dumped because: kasan: bad access detected [ 34.015914] [ 34.015945] Memory state around the buggy address: [ 34.015980] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.016026] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016071] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.016124] ^ [ 34.016277] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016322] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016372] ================================================================== [ 34.001401] ================================================================== [ 34.001863] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.002010] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.002066] [ 34.002610] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.002716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.002747] Hardware name: linux,dummy-virt (DT) [ 34.002781] Call trace: [ 34.002810] show_stack+0x20/0x38 (C) [ 34.002867] dump_stack_lvl+0x8c/0xd0 [ 34.002921] print_report+0x118/0x608 [ 34.002982] kasan_report+0xdc/0x128 [ 34.003032] kasan_check_range+0x100/0x1a8 [ 34.003079] __kasan_check_write+0x20/0x30 [ 34.003127] copy_user_test_oob+0x234/0xec8 [ 34.003178] kunit_try_run_case+0x170/0x3f0 [ 34.003230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.003286] kthread+0x328/0x630 [ 34.003332] ret_from_fork+0x10/0x20 [ 34.003384] [ 34.003416] Allocated by task 318: [ 34.003450] kasan_save_stack+0x3c/0x68 [ 34.003857] kasan_save_track+0x20/0x40 [ 34.003958] kasan_save_alloc_info+0x40/0x58 [ 34.003999] __kasan_kmalloc+0xd4/0xd8 [ 34.004483] __kmalloc_noprof+0x198/0x4c8 [ 34.004721] kunit_kmalloc_array+0x34/0x88 [ 34.004913] copy_user_test_oob+0xac/0xec8 [ 34.005086] kunit_try_run_case+0x170/0x3f0 [ 34.005150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.005310] kthread+0x328/0x630 [ 34.005375] ret_from_fork+0x10/0x20 [ 34.005416] [ 34.005439] The buggy address belongs to the object at fff00000c8dc5900 [ 34.005439] which belongs to the cache kmalloc-128 of size 128 [ 34.005565] The buggy address is located 0 bytes inside of [ 34.005565] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.005877] [ 34.005904] The buggy address belongs to the physical page: [ 34.006279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.006542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.006872] page_type: f5(slab) [ 34.006935] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.006991] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.007108] page dumped because: kasan: bad access detected [ 34.007342] [ 34.007457] Memory state around the buggy address: [ 34.007589] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.007658] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007758] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.007806] ^ [ 34.007871] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007916] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007966] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 33.957867] ================================================================== [ 33.957999] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 33.958056] Write of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314 [ 33.958110] [ 33.958147] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.958447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.959149] Hardware name: linux,dummy-virt (DT) [ 33.959204] Call trace: [ 33.959231] show_stack+0x20/0x38 (C) [ 33.959287] dump_stack_lvl+0x8c/0xd0 [ 33.959348] print_report+0x118/0x608 [ 33.959408] kasan_report+0xdc/0x128 [ 33.959598] kasan_check_range+0x100/0x1a8 [ 33.959955] __kasan_check_write+0x20/0x30 [ 33.960025] copy_to_kernel_nofault+0x8c/0x250 [ 33.960077] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 33.960540] kunit_try_run_case+0x170/0x3f0 [ 33.960658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.960747] kthread+0x328/0x630 [ 33.960867] ret_from_fork+0x10/0x20 [ 33.961008] [ 33.961052] Allocated by task 314: [ 33.961084] kasan_save_stack+0x3c/0x68 [ 33.961285] kasan_save_track+0x20/0x40 [ 33.961336] kasan_save_alloc_info+0x40/0x58 [ 33.961652] __kasan_kmalloc+0xd4/0xd8 [ 33.961857] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.961917] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.962062] kunit_try_run_case+0x170/0x3f0 [ 33.962122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.962234] kthread+0x328/0x630 [ 33.962294] ret_from_fork+0x10/0x20 [ 33.962362] [ 33.962463] The buggy address belongs to the object at fff00000c8dc5800 [ 33.962463] which belongs to the cache kmalloc-128 of size 128 [ 33.962577] The buggy address is located 0 bytes to the right of [ 33.962577] allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878) [ 33.962700] [ 33.962727] The buggy address belongs to the physical page: [ 33.962915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.963241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.963575] page_type: f5(slab) [ 33.963778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.964057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.964125] page dumped because: kasan: bad access detected [ 33.964324] [ 33.964397] Memory state around the buggy address: [ 33.964607] fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.964676] fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964729] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.964802] ^ [ 33.964859] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964906] fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.964957] ================================================================== [ 33.950237] ================================================================== [ 33.950406] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 33.950479] Read of size 8 at addr fff00000c8dc5878 by task kunit_try_catch/314 [ 33.950551] [ 33.950776] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.951069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.951108] Hardware name: linux,dummy-virt (DT) [ 33.951170] Call trace: [ 33.951197] show_stack+0x20/0x38 (C) [ 33.951313] dump_stack_lvl+0x8c/0xd0 [ 33.951386] print_report+0x118/0x608 [ 33.951633] kasan_report+0xdc/0x128 [ 33.951872] __asan_report_load8_noabort+0x20/0x30 [ 33.952135] copy_to_kernel_nofault+0x204/0x250 [ 33.952225] copy_to_kernel_nofault_oob+0x158/0x418 [ 33.952305] kunit_try_run_case+0x170/0x3f0 [ 33.952360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.952417] kthread+0x328/0x630 [ 33.952668] ret_from_fork+0x10/0x20 [ 33.952971] [ 33.953008] Allocated by task 314: [ 33.953045] kasan_save_stack+0x3c/0x68 [ 33.953100] kasan_save_track+0x20/0x40 [ 33.953142] kasan_save_alloc_info+0x40/0x58 [ 33.953182] __kasan_kmalloc+0xd4/0xd8 [ 33.953224] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.953326] copy_to_kernel_nofault_oob+0xc8/0x418 [ 33.953385] kunit_try_run_case+0x170/0x3f0 [ 33.953428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.953489] kthread+0x328/0x630 [ 33.953527] ret_from_fork+0x10/0x20 [ 33.953566] [ 33.953591] The buggy address belongs to the object at fff00000c8dc5800 [ 33.953591] which belongs to the cache kmalloc-128 of size 128 [ 33.953653] The buggy address is located 0 bytes to the right of [ 33.953653] allocated 120-byte region [fff00000c8dc5800, fff00000c8dc5878) [ 33.953735] [ 33.953763] The buggy address belongs to the physical page: [ 33.953808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.953875] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.954326] page_type: f5(slab) [ 33.954696] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.954837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.954896] page dumped because: kasan: bad access detected [ 33.955102] [ 33.955157] Memory state around the buggy address: [ 33.955295] fff00000c8dc5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.955498] fff00000c8dc5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.955623] >fff00000c8dc5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.955748] ^ [ 33.955843] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.955914] fff00000c8dc5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.956112] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 33.897429] ================================================================== [ 33.897762] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 33.898069] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/302 [ 33.898124] [ 33.898194] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.898308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.898409] Hardware name: linux,dummy-virt (DT) [ 33.898447] Call trace: [ 33.898474] show_stack+0x20/0x38 (C) [ 33.898544] dump_stack_lvl+0x8c/0xd0 [ 33.898602] print_report+0x310/0x608 [ 33.898650] kasan_report+0xdc/0x128 [ 33.898920] __asan_report_load1_noabort+0x20/0x30 [ 33.899292] vmalloc_oob+0x51c/0x5d0 [ 33.899439] kunit_try_run_case+0x170/0x3f0 [ 33.899519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.899644] kthread+0x328/0x630 [ 33.899715] ret_from_fork+0x10/0x20 [ 33.899798] [ 33.899854] The buggy address belongs to the virtual mapping at [ 33.899854] [ffff8000800fe000, ffff800080100000) created by: [ 33.899854] vmalloc_oob+0x98/0x5d0 [ 33.900093] [ 33.900137] The buggy address belongs to the physical page: [ 33.900372] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091fa [ 33.900461] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.900814] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.901030] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.901135] page dumped because: kasan: bad access detected [ 33.901214] [ 33.901307] Memory state around the buggy address: [ 33.901387] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.901435] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.901641] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 33.901798] ^ [ 33.902208] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.902276] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.902505] ================================================================== [ 33.890504] ================================================================== [ 33.890579] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 33.890640] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/302 [ 33.890695] [ 33.890733] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.890835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.890864] Hardware name: linux,dummy-virt (DT) [ 33.890897] Call trace: [ 33.890923] show_stack+0x20/0x38 (C) [ 33.891533] dump_stack_lvl+0x8c/0xd0 [ 33.891973] print_report+0x310/0x608 [ 33.892077] kasan_report+0xdc/0x128 [ 33.892367] __asan_report_load1_noabort+0x20/0x30 [ 33.892458] vmalloc_oob+0x578/0x5d0 [ 33.892509] kunit_try_run_case+0x170/0x3f0 [ 33.892944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.893047] kthread+0x328/0x630 [ 33.893103] ret_from_fork+0x10/0x20 [ 33.893458] [ 33.893505] The buggy address belongs to the virtual mapping at [ 33.893505] [ffff8000800fe000, ffff800080100000) created by: [ 33.893505] vmalloc_oob+0x98/0x5d0 [ 33.893595] [ 33.893621] The buggy address belongs to the physical page: [ 33.893988] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091fa [ 33.894118] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.894204] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.894639] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.895012] page dumped because: kasan: bad access detected [ 33.895131] [ 33.895235] Memory state around the buggy address: [ 33.895301] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.895356] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.895754] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 33.895971] ^ [ 33.896149] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.896201] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.896493] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 33.677306] ================================================================== [ 33.677358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 33.677853] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.677921] [ 33.677981] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.678072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.678220] Hardware name: linux,dummy-virt (DT) [ 33.678257] Call trace: [ 33.678282] show_stack+0x20/0x38 (C) [ 33.678333] dump_stack_lvl+0x8c/0xd0 [ 33.678718] print_report+0x118/0x608 [ 33.678970] kasan_report+0xdc/0x128 [ 33.679036] kasan_check_range+0x100/0x1a8 [ 33.679189] __kasan_check_write+0x20/0x30 [ 33.679252] kasan_atomics_helper+0xf20/0x4858 [ 33.679554] kasan_atomics+0x198/0x2e0 [ 33.680025] kunit_try_run_case+0x170/0x3f0 [ 33.680112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.680171] kthread+0x328/0x630 [ 33.680215] ret_from_fork+0x10/0x20 [ 33.680543] [ 33.680754] Allocated by task 298: [ 33.680910] kasan_save_stack+0x3c/0x68 [ 33.681017] kasan_save_track+0x20/0x40 [ 33.681165] kasan_save_alloc_info+0x40/0x58 [ 33.681458] __kasan_kmalloc+0xd4/0xd8 [ 33.681632] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.681856] kasan_atomics+0xb8/0x2e0 [ 33.681941] kunit_try_run_case+0x170/0x3f0 [ 33.681999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.682283] kthread+0x328/0x630 [ 33.682354] ret_from_fork+0x10/0x20 [ 33.682407] [ 33.682442] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.682442] which belongs to the cache kmalloc-64 of size 64 [ 33.682506] The buggy address is located 0 bytes to the right of [ 33.682506] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.682582] [ 33.682613] The buggy address belongs to the physical page: [ 33.682655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.682713] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.682781] page_type: f5(slab) [ 33.682834] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.682897] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.682951] page dumped because: kasan: bad access detected [ 33.682996] [ 33.683026] Memory state around the buggy address: [ 33.683060] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.683105] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.683161] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.683217] ^ [ 33.683251] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.683305] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.683345] ================================================================== [ 33.860466] ================================================================== [ 33.860541] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 33.860594] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.860800] [ 33.860869] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.861094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.861220] Hardware name: linux,dummy-virt (DT) [ 33.861258] Call trace: [ 33.861284] show_stack+0x20/0x38 (C) [ 33.861340] dump_stack_lvl+0x8c/0xd0 [ 33.861399] print_report+0x118/0x608 [ 33.861606] kasan_report+0xdc/0x128 [ 33.861785] __asan_report_load8_noabort+0x20/0x30 [ 33.861981] kasan_atomics_helper+0x3e20/0x4858 [ 33.862184] kasan_atomics+0x198/0x2e0 [ 33.862247] kunit_try_run_case+0x170/0x3f0 [ 33.862368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.862458] kthread+0x328/0x630 [ 33.862523] ret_from_fork+0x10/0x20 [ 33.862577] [ 33.862767] Allocated by task 298: [ 33.862812] kasan_save_stack+0x3c/0x68 [ 33.863070] kasan_save_track+0x20/0x40 [ 33.863309] kasan_save_alloc_info+0x40/0x58 [ 33.863484] __kasan_kmalloc+0xd4/0xd8 [ 33.863538] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.863653] kasan_atomics+0xb8/0x2e0 [ 33.864035] kunit_try_run_case+0x170/0x3f0 [ 33.864116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.864303] kthread+0x328/0x630 [ 33.864414] ret_from_fork+0x10/0x20 [ 33.864555] [ 33.864579] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.864579] which belongs to the cache kmalloc-64 of size 64 [ 33.864642] The buggy address is located 0 bytes to the right of [ 33.864642] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.864711] [ 33.864956] The buggy address belongs to the physical page: [ 33.865278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.865406] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.865613] page_type: f5(slab) [ 33.865672] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.865727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.866275] page dumped because: kasan: bad access detected [ 33.866362] [ 33.866535] Memory state around the buggy address: [ 33.866609] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.866714] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.866779] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.866836] ^ [ 33.867088] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.867168] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.867430] ================================================================== [ 33.795000] ================================================================== [ 33.795064] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 33.795255] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.795321] [ 33.795483] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.795614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.795733] Hardware name: linux,dummy-virt (DT) [ 33.795778] Call trace: [ 33.795820] show_stack+0x20/0x38 (C) [ 33.795895] dump_stack_lvl+0x8c/0xd0 [ 33.796136] print_report+0x118/0x608 [ 33.796356] kasan_report+0xdc/0x128 [ 33.796446] kasan_check_range+0x100/0x1a8 [ 33.796725] __kasan_check_write+0x20/0x30 [ 33.796851] kasan_atomics_helper+0x154c/0x4858 [ 33.797263] kasan_atomics+0x198/0x2e0 [ 33.797449] kunit_try_run_case+0x170/0x3f0 [ 33.797549] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.797789] kthread+0x328/0x630 [ 33.798204] ret_from_fork+0x10/0x20 [ 33.798419] [ 33.798449] Allocated by task 298: [ 33.798490] kasan_save_stack+0x3c/0x68 [ 33.798694] kasan_save_track+0x20/0x40 [ 33.798818] kasan_save_alloc_info+0x40/0x58 [ 33.798979] __kasan_kmalloc+0xd4/0xd8 [ 33.799209] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.799312] kasan_atomics+0xb8/0x2e0 [ 33.799400] kunit_try_run_case+0x170/0x3f0 [ 33.799802] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.800018] kthread+0x328/0x630 [ 33.800212] ret_from_fork+0x10/0x20 [ 33.800261] [ 33.800285] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.800285] which belongs to the cache kmalloc-64 of size 64 [ 33.800346] The buggy address is located 0 bytes to the right of [ 33.800346] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.800414] [ 33.800867] The buggy address belongs to the physical page: [ 33.801124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.801228] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.801351] page_type: f5(slab) [ 33.801404] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.801472] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.801525] page dumped because: kasan: bad access detected [ 33.801561] [ 33.801591] Memory state around the buggy address: [ 33.801626] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.801674] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.801720] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.801767] ^ [ 33.801806] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.801862] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.801909] ================================================================== [ 33.635019] ================================================================== [ 33.635088] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 33.635261] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.635380] [ 33.635419] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.635658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.635862] Hardware name: linux,dummy-virt (DT) [ 33.635953] Call trace: [ 33.636098] show_stack+0x20/0x38 (C) [ 33.636158] dump_stack_lvl+0x8c/0xd0 [ 33.636319] print_report+0x118/0x608 [ 33.636428] kasan_report+0xdc/0x128 [ 33.636672] kasan_check_range+0x100/0x1a8 [ 33.636969] __kasan_check_read+0x20/0x30 [ 33.637321] kasan_atomics_helper+0xdd4/0x4858 [ 33.637644] kasan_atomics+0x198/0x2e0 [ 33.637821] kunit_try_run_case+0x170/0x3f0 [ 33.637920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.638139] kthread+0x328/0x630 [ 33.638520] ret_from_fork+0x10/0x20 [ 33.638688] [ 33.638856] Allocated by task 298: [ 33.638889] kasan_save_stack+0x3c/0x68 [ 33.639127] kasan_save_track+0x20/0x40 [ 33.639195] kasan_save_alloc_info+0x40/0x58 [ 33.639301] __kasan_kmalloc+0xd4/0xd8 [ 33.639345] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.639475] kasan_atomics+0xb8/0x2e0 [ 33.639534] kunit_try_run_case+0x170/0x3f0 [ 33.639719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.639892] kthread+0x328/0x630 [ 33.640097] ret_from_fork+0x10/0x20 [ 33.640359] [ 33.640491] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.640491] which belongs to the cache kmalloc-64 of size 64 [ 33.640556] The buggy address is located 0 bytes to the right of [ 33.640556] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.640624] [ 33.640647] The buggy address belongs to the physical page: [ 33.640885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.640972] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.641377] page_type: f5(slab) [ 33.641466] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.641554] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.641688] page dumped because: kasan: bad access detected [ 33.641782] [ 33.641827] Memory state around the buggy address: [ 33.641863] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.642230] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.642322] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.642531] ^ [ 33.642665] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.642917] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.643030] ================================================================== [ 33.709084] ================================================================== [ 33.709140] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 33.709195] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.709709] [ 33.709811] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.709969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.710042] Hardware name: linux,dummy-virt (DT) [ 33.710089] Call trace: [ 33.710114] show_stack+0x20/0x38 (C) [ 33.710309] dump_stack_lvl+0x8c/0xd0 [ 33.710486] print_report+0x118/0x608 [ 33.710681] kasan_report+0xdc/0x128 [ 33.710776] kasan_check_range+0x100/0x1a8 [ 33.710952] __kasan_check_write+0x20/0x30 [ 33.711015] kasan_atomics_helper+0x10c0/0x4858 [ 33.711071] kasan_atomics+0x198/0x2e0 [ 33.711176] kunit_try_run_case+0x170/0x3f0 [ 33.711234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.711311] kthread+0x328/0x630 [ 33.711502] ret_from_fork+0x10/0x20 [ 33.711709] [ 33.711942] Allocated by task 298: [ 33.711993] kasan_save_stack+0x3c/0x68 [ 33.712160] kasan_save_track+0x20/0x40 [ 33.712345] kasan_save_alloc_info+0x40/0x58 [ 33.712451] __kasan_kmalloc+0xd4/0xd8 [ 33.712646] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.712718] kasan_atomics+0xb8/0x2e0 [ 33.712912] kunit_try_run_case+0x170/0x3f0 [ 33.713018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.713169] kthread+0x328/0x630 [ 33.713234] ret_from_fork+0x10/0x20 [ 33.713587] [ 33.713682] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.713682] which belongs to the cache kmalloc-64 of size 64 [ 33.713750] The buggy address is located 0 bytes to the right of [ 33.713750] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.713837] [ 33.713878] The buggy address belongs to the physical page: [ 33.713914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.713985] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.714035] page_type: f5(slab) [ 33.714084] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.714137] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.714182] page dumped because: kasan: bad access detected [ 33.714215] [ 33.714238] Memory state around the buggy address: [ 33.714278] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.714324] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.714376] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.714417] ^ [ 33.714461] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.714507] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.714556] ================================================================== [ 33.509146] ================================================================== [ 33.509204] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 33.509642] Read of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.509726] [ 33.509763] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.509897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.509950] Hardware name: linux,dummy-virt (DT) [ 33.509987] Call trace: [ 33.510117] show_stack+0x20/0x38 (C) [ 33.510329] dump_stack_lvl+0x8c/0xd0 [ 33.510511] print_report+0x118/0x608 [ 33.510575] kasan_report+0xdc/0x128 [ 33.510761] __asan_report_load4_noabort+0x20/0x30 [ 33.511052] kasan_atomics_helper+0x42d8/0x4858 [ 33.511326] kasan_atomics+0x198/0x2e0 [ 33.511491] kunit_try_run_case+0x170/0x3f0 [ 33.511801] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.511989] kthread+0x328/0x630 [ 33.512136] ret_from_fork+0x10/0x20 [ 33.512259] [ 33.512283] Allocated by task 298: [ 33.512457] kasan_save_stack+0x3c/0x68 [ 33.512638] kasan_save_track+0x20/0x40 [ 33.512717] kasan_save_alloc_info+0x40/0x58 [ 33.512848] __kasan_kmalloc+0xd4/0xd8 [ 33.512893] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.513087] kasan_atomics+0xb8/0x2e0 [ 33.513232] kunit_try_run_case+0x170/0x3f0 [ 33.513430] kthread+0x328/0x630 [ 33.514402] The buggy address belongs to the physical page: [ 33.514586] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.516321] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.518250] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x934/0x4858 [ 33.519794] __kasan_check_write+0x20/0x30 [ 33.521090] kasan_save_track+0x20/0x40 [ 33.521170] __kasan_kmalloc+0xd4/0xd8 [ 33.521210] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.521264] kasan_atomics+0xb8/0x2e0 [ 33.521313] kunit_try_run_case+0x170/0x3f0 [ 33.521356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.521404] kthread+0x328/0x630 [ 33.521458] ret_from_fork+0x10/0x20 [ 33.521501] [ 33.521538] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.521538] which belongs to the cache kmalloc-64 of size 64 [ 33.521600] The buggy address is located 0 bytes to the right of [ 33.521600] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.521689] [ 33.521713] The buggy address belongs to the physical page: [ 33.521755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.521813] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.521875] page_type: f5(slab) [ 33.521942] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.522006] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.522050] page dumped because: kasan: bad access detected [ 33.522086] [ 33.522113] Memory state around the buggy address: [ 33.522158] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.522204] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.522249] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.522291] ^ [ 33.522336] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522390] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522441] ================================================================== [ 33.826200] ================================================================== [ 33.826250] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 33.826569] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.826885] [ 33.826953] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.827052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.827271] Hardware name: linux,dummy-virt (DT) [ 33.827340] Call trace: [ 33.827368] show_stack+0x20/0x38 (C) [ 33.827425] dump_stack_lvl+0x8c/0xd0 [ 33.827477] print_report+0x118/0x608 [ 33.827526] kasan_report+0xdc/0x128 [ 33.827896] __asan_report_load8_noabort+0x20/0x30 [ 33.828179] kasan_atomics_helper+0x3df4/0x4858 [ 33.828411] kasan_atomics+0x198/0x2e0 [ 33.828523] kunit_try_run_case+0x170/0x3f0 [ 33.828600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.828916] kthread+0x328/0x630 [ 33.829129] ret_from_fork+0x10/0x20 [ 33.829392] [ 33.829533] Allocated by task 298: [ 33.829746] kasan_save_stack+0x3c/0x68 [ 33.830202] kasan_save_track+0x20/0x40 [ 33.830649] kasan_save_alloc_info+0x40/0x58 [ 33.830946] __kasan_kmalloc+0xd4/0xd8 [ 33.831147] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.831367] kasan_atomics+0xb8/0x2e0 [ 33.831625] kunit_try_run_case+0x170/0x3f0 [ 33.831806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.832012] kthread+0x328/0x630 [ 33.832155] ret_from_fork+0x10/0x20 [ 33.832305] [ 33.832438] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.832438] which belongs to the cache kmalloc-64 of size 64 [ 33.832551] The buggy address is located 0 bytes to the right of [ 33.832551] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.832908] [ 33.832949] The buggy address belongs to the physical page: [ 33.832984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.833443] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.833663] page_type: f5(slab) [ 33.833710] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.833822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.833898] page dumped because: kasan: bad access detected [ 33.833954] [ 33.833985] Memory state around the buggy address: [ 33.834019] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.834066] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.834121] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.834178] ^ [ 33.834229] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.834280] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.834343] ================================================================== [ 33.650481] ================================================================== [ 33.650536] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 33.650708] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.650789] [ 33.650865] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.651396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.651658] Hardware name: linux,dummy-virt (DT) [ 33.651696] Call trace: [ 33.651722] show_stack+0x20/0x38 (C) [ 33.651777] dump_stack_lvl+0x8c/0xd0 [ 33.652057] print_report+0x118/0x608 [ 33.652403] kasan_report+0xdc/0x128 [ 33.652493] kasan_check_range+0x100/0x1a8 [ 33.652825] __kasan_check_write+0x20/0x30 [ 33.652943] kasan_atomics_helper+0xe44/0x4858 [ 33.652996] kasan_atomics+0x198/0x2e0 [ 33.653290] kunit_try_run_case+0x170/0x3f0 [ 33.653721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.654031] kthread+0x328/0x630 [ 33.654268] ret_from_fork+0x10/0x20 [ 33.654354] [ 33.654697] Allocated by task 298: [ 33.654786] kasan_save_stack+0x3c/0x68 [ 33.655046] kasan_save_track+0x20/0x40 [ 33.655698] kasan_save_alloc_info+0x40/0x58 [ 33.656025] __kasan_kmalloc+0xd4/0xd8 [ 33.656163] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.656283] kasan_atomics+0xb8/0x2e0 [ 33.656327] kunit_try_run_case+0x170/0x3f0 [ 33.656379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.656434] kthread+0x328/0x630 [ 33.656657] ret_from_fork+0x10/0x20 [ 33.656860] [ 33.656997] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.656997] which belongs to the cache kmalloc-64 of size 64 [ 33.657184] The buggy address is located 0 bytes to the right of [ 33.657184] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.657261] [ 33.657503] The buggy address belongs to the physical page: [ 33.657725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.658333] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.658593] page_type: f5(slab) [ 33.658650] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.658832] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.659030] page dumped because: kasan: bad access detected [ 33.659077] [ 33.659125] Memory state around the buggy address: [ 33.659512] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.659620] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.659852] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.660053] ^ [ 33.660401] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.660485] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.660744] ================================================================== [ 33.732071] ================================================================== [ 33.732230] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 33.732287] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.732340] [ 33.732574] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.732783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.732828] Hardware name: linux,dummy-virt (DT) [ 33.732870] Call trace: [ 33.732897] show_stack+0x20/0x38 (C) [ 33.733139] dump_stack_lvl+0x8c/0xd0 [ 33.733330] print_report+0x118/0x608 [ 33.733515] kasan_report+0xdc/0x128 [ 33.733610] kasan_check_range+0x100/0x1a8 [ 33.733662] __kasan_check_write+0x20/0x30 [ 33.733710] kasan_atomics_helper+0x11f8/0x4858 [ 33.733941] kasan_atomics+0x198/0x2e0 [ 33.733996] kunit_try_run_case+0x170/0x3f0 [ 33.734326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.734569] kthread+0x328/0x630 [ 33.734625] ret_from_fork+0x10/0x20 [ 33.734686] [ 33.734877] Allocated by task 298: [ 33.734955] kasan_save_stack+0x3c/0x68 [ 33.735116] kasan_save_track+0x20/0x40 [ 33.735344] kasan_save_alloc_info+0x40/0x58 [ 33.735460] __kasan_kmalloc+0xd4/0xd8 [ 33.735519] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.735563] kasan_atomics+0xb8/0x2e0 [ 33.735889] kunit_try_run_case+0x170/0x3f0 [ 33.735987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.736323] kthread+0x328/0x630 [ 33.736470] ret_from_fork+0x10/0x20 [ 33.736515] [ 33.736540] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.736540] which belongs to the cache kmalloc-64 of size 64 [ 33.736602] The buggy address is located 0 bytes to the right of [ 33.736602] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.737054] [ 33.737212] The buggy address belongs to the physical page: [ 33.737384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.737570] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.737841] page_type: f5(slab) [ 33.738020] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.738381] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.738558] page dumped because: kasan: bad access detected [ 33.738630] [ 33.738680] Memory state around the buggy address: [ 33.739000] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.739209] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.739302] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.739383] ^ [ 33.739443] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.739697] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.739955] ================================================================== [ 33.834617] ================================================================== [ 33.835076] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 33.835483] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.835575] [ 33.835626] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.835875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.835915] Hardware name: linux,dummy-virt (DT) [ 33.836020] Call trace: [ 33.836105] show_stack+0x20/0x38 (C) [ 33.836332] dump_stack_lvl+0x8c/0xd0 [ 33.836526] print_report+0x118/0x608 [ 33.836717] kasan_report+0xdc/0x128 [ 33.836792] kasan_check_range+0x100/0x1a8 [ 33.836980] __kasan_check_write+0x20/0x30 [ 33.837154] kasan_atomics_helper+0x16d0/0x4858 [ 33.837233] kasan_atomics+0x198/0x2e0 [ 33.837481] kunit_try_run_case+0x170/0x3f0 [ 33.837560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.837674] kthread+0x328/0x630 [ 33.838013] ret_from_fork+0x10/0x20 [ 33.838442] [ 33.838689] Allocated by task 298: [ 33.838795] kasan_save_stack+0x3c/0x68 [ 33.839029] kasan_save_track+0x20/0x40 [ 33.839223] kasan_save_alloc_info+0x40/0x58 [ 33.839312] __kasan_kmalloc+0xd4/0xd8 [ 33.839651] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.839810] kasan_atomics+0xb8/0x2e0 [ 33.840032] kunit_try_run_case+0x170/0x3f0 [ 33.840090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.840138] kthread+0x328/0x630 [ 33.840307] ret_from_fork+0x10/0x20 [ 33.840473] [ 33.840543] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.840543] which belongs to the cache kmalloc-64 of size 64 [ 33.840623] The buggy address is located 0 bytes to the right of [ 33.840623] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.840887] [ 33.841035] The buggy address belongs to the physical page: [ 33.841083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.841312] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.841528] page_type: f5(slab) [ 33.841778] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.841856] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.841999] page dumped because: kasan: bad access detected [ 33.842115] [ 33.842138] Memory state around the buggy address: [ 33.842332] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.842591] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.842794] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.843010] ^ [ 33.843150] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.843255] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.843436] ================================================================== [ 33.616113] ================================================================== [ 33.616941] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 33.617006] Write of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.617087] [ 33.617125] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.617216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.617621] Hardware name: linux,dummy-virt (DT) [ 33.617706] Call trace: [ 33.617733] show_stack+0x20/0x38 (C) [ 33.617787] dump_stack_lvl+0x8c/0xd0 [ 33.618099] print_report+0x118/0x608 [ 33.618162] kasan_report+0xdc/0x128 [ 33.618217] kasan_check_range+0x100/0x1a8 [ 33.618579] __kasan_check_write+0x20/0x30 [ 33.618652] kasan_atomics_helper+0xd3c/0x4858 [ 33.618991] kasan_atomics+0x198/0x2e0 [ 33.619092] kunit_try_run_case+0x170/0x3f0 [ 33.619306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.619659] kthread+0x328/0x630 [ 33.619878] ret_from_fork+0x10/0x20 [ 33.620158] [ 33.620228] Allocated by task 298: [ 33.620500] kasan_save_stack+0x3c/0x68 [ 33.620650] kasan_save_track+0x20/0x40 [ 33.620736] kasan_save_alloc_info+0x40/0x58 [ 33.620779] __kasan_kmalloc+0xd4/0xd8 [ 33.620994] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.621173] kasan_atomics+0xb8/0x2e0 [ 33.621243] kunit_try_run_case+0x170/0x3f0 [ 33.621417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.621512] kthread+0x328/0x630 [ 33.621685] ret_from_fork+0x10/0x20 [ 33.621762] [ 33.621980] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.621980] which belongs to the cache kmalloc-64 of size 64 [ 33.622211] The buggy address is located 0 bytes to the right of [ 33.622211] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.622490] [ 33.622605] The buggy address belongs to the physical page: [ 33.622771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.622866] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.623166] page_type: f5(slab) [ 33.623269] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.623576] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.623743] page dumped because: kasan: bad access detected [ 33.623889] [ 33.624036] Memory state around the buggy address: [ 33.624260] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.624398] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.624447] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.624726] ^ [ 33.624938] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.625023] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.625095] ================================================================== [ 33.715358] ================================================================== [ 33.715923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 33.716116] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.716203] [ 33.716257] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.716402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.716433] Hardware name: linux,dummy-virt (DT) [ 33.716465] Call trace: [ 33.716706] show_stack+0x20/0x38 (C) [ 33.716866] dump_stack_lvl+0x8c/0xd0 [ 33.717333] print_report+0x118/0x608 [ 33.717415] kasan_report+0xdc/0x128 [ 33.717565] kasan_check_range+0x100/0x1a8 [ 33.717633] __kasan_check_write+0x20/0x30 [ 33.717777] kasan_atomics_helper+0x1128/0x4858 [ 33.717867] kasan_atomics+0x198/0x2e0 [ 33.718103] kunit_try_run_case+0x170/0x3f0 [ 33.718318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.718576] kthread+0x328/0x630 [ 33.718759] ret_from_fork+0x10/0x20 [ 33.718817] [ 33.719131] Allocated by task 298: [ 33.719185] kasan_save_stack+0x3c/0x68 [ 33.719484] kasan_save_track+0x20/0x40 [ 33.719762] kasan_save_alloc_info+0x40/0x58 [ 33.719819] __kasan_kmalloc+0xd4/0xd8 [ 33.719861] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.719914] kasan_atomics+0xb8/0x2e0 [ 33.720153] kunit_try_run_case+0x170/0x3f0 [ 33.720243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.720313] kthread+0x328/0x630 [ 33.720574] ret_from_fork+0x10/0x20 [ 33.720715] [ 33.720770] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.720770] which belongs to the cache kmalloc-64 of size 64 [ 33.720836] The buggy address is located 0 bytes to the right of [ 33.720836] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.721306] [ 33.721541] The buggy address belongs to the physical page: [ 33.721831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.722190] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.722277] page_type: f5(slab) [ 33.722329] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.722559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.722728] page dumped because: kasan: bad access detected [ 33.723044] [ 33.723102] Memory state around the buggy address: [ 33.723431] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.723491] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.723609] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.724011] ^ [ 33.724192] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.724332] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.724404] ================================================================== [ 33.661143] ================================================================== [ 33.661201] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 33.661254] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.661618] [ 33.661899] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.662155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.662209] Hardware name: linux,dummy-virt (DT) [ 33.662246] Call trace: [ 33.662272] show_stack+0x20/0x38 (C) [ 33.662328] dump_stack_lvl+0x8c/0xd0 [ 33.662497] print_report+0x118/0x608 [ 33.662555] kasan_report+0xdc/0x128 [ 33.662624] __asan_report_store8_noabort+0x20/0x30 [ 33.662992] kasan_atomics_helper+0x3e5c/0x4858 [ 33.663076] kasan_atomics+0x198/0x2e0 [ 33.663322] kunit_try_run_case+0x170/0x3f0 [ 33.663567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.663696] kthread+0x328/0x630 [ 33.663890] ret_from_fork+0x10/0x20 [ 33.664118] [ 33.664161] Allocated by task 298: [ 33.664214] kasan_save_stack+0x3c/0x68 [ 33.664427] kasan_save_track+0x20/0x40 [ 33.664482] kasan_save_alloc_info+0x40/0x58 [ 33.664766] __kasan_kmalloc+0xd4/0xd8 [ 33.664864] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.665089] kasan_atomics+0xb8/0x2e0 [ 33.665280] kunit_try_run_case+0x170/0x3f0 [ 33.665516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.665579] kthread+0x328/0x630 [ 33.665615] ret_from_fork+0x10/0x20 [ 33.665790] [ 33.665904] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.665904] which belongs to the cache kmalloc-64 of size 64 [ 33.665992] The buggy address is located 0 bytes to the right of [ 33.665992] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.666059] [ 33.666092] The buggy address belongs to the physical page: [ 33.666132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.666201] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.666253] page_type: f5(slab) [ 33.666294] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.666354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.666413] page dumped because: kasan: bad access detected [ 33.666448] [ 33.666469] Memory state around the buggy address: [ 33.666512] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.666558] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.666613] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.666654] ^ [ 33.666692] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.666751] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.666794] ================================================================== [ 33.684630] ================================================================== [ 33.684685] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 33.684735] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.684788] [ 33.684820] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.684909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.684951] Hardware name: linux,dummy-virt (DT) [ 33.685228] Call trace: [ 33.685290] show_stack+0x20/0x38 (C) [ 33.685354] dump_stack_lvl+0x8c/0xd0 [ 33.685764] print_report+0x118/0x608 [ 33.685839] kasan_report+0xdc/0x128 [ 33.685952] kasan_check_range+0x100/0x1a8 [ 33.686024] __kasan_check_write+0x20/0x30 [ 33.686077] kasan_atomics_helper+0xf88/0x4858 [ 33.686320] kasan_atomics+0x198/0x2e0 [ 33.686373] kunit_try_run_case+0x170/0x3f0 [ 33.686520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.686770] kthread+0x328/0x630 [ 33.687218] ret_from_fork+0x10/0x20 [ 33.687285] [ 33.687336] Allocated by task 298: [ 33.687535] kasan_save_stack+0x3c/0x68 [ 33.687874] kasan_save_track+0x20/0x40 [ 33.688068] kasan_save_alloc_info+0x40/0x58 [ 33.688143] __kasan_kmalloc+0xd4/0xd8 [ 33.688185] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.688239] kasan_atomics+0xb8/0x2e0 [ 33.688280] kunit_try_run_case+0x170/0x3f0 [ 33.688473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.688672] kthread+0x328/0x630 [ 33.689004] ret_from_fork+0x10/0x20 [ 33.689105] [ 33.689149] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.689149] which belongs to the cache kmalloc-64 of size 64 [ 33.689256] The buggy address is located 0 bytes to the right of [ 33.689256] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.689537] [ 33.689851] The buggy address belongs to the physical page: [ 33.690023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.690234] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.690367] page_type: f5(slab) [ 33.690475] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.690749] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.690911] page dumped because: kasan: bad access detected [ 33.691038] [ 33.691205] Memory state around the buggy address: [ 33.691330] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.691422] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.691627] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.691725] ^ [ 33.691861] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.691966] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.692016] ================================================================== [ 33.764053] ================================================================== [ 33.764311] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 33.764396] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.764467] [ 33.764502] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.764592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.764621] Hardware name: linux,dummy-virt (DT) [ 33.764655] Call trace: [ 33.764680] show_stack+0x20/0x38 (C) [ 33.764734] dump_stack_lvl+0x8c/0xd0 [ 33.764784] print_report+0x118/0x608 [ 33.765148] kasan_report+0xdc/0x128 [ 33.765520] __asan_report_load8_noabort+0x20/0x30 [ 33.765573] kasan_atomics_helper+0x3f04/0x4858 [ 33.765627] kasan_atomics+0x198/0x2e0 [ 33.765675] kunit_try_run_case+0x170/0x3f0 [ 33.765727] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.765785] kthread+0x328/0x630 [ 33.765832] ret_from_fork+0x10/0x20 [ 33.765885] [ 33.766017] Allocated by task 298: [ 33.766053] kasan_save_stack+0x3c/0x68 [ 33.766097] kasan_save_track+0x20/0x40 [ 33.766138] kasan_save_alloc_info+0x40/0x58 [ 33.766179] __kasan_kmalloc+0xd4/0xd8 [ 33.766220] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.766263] kasan_atomics+0xb8/0x2e0 [ 33.766302] kunit_try_run_case+0x170/0x3f0 [ 33.766344] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.766390] kthread+0x328/0x630 [ 33.766427] ret_from_fork+0x10/0x20 [ 33.766465] [ 33.766486] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.766486] which belongs to the cache kmalloc-64 of size 64 [ 33.766546] The buggy address is located 0 bytes to the right of [ 33.766546] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.766613] [ 33.766635] The buggy address belongs to the physical page: [ 33.766669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.766728] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.766778] page_type: f5(slab) [ 33.766818] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.766883] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.767276] page dumped because: kasan: bad access detected [ 33.767658] [ 33.767717] Memory state around the buggy address: [ 33.767979] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.768062] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.768314] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.768440] ^ [ 33.768542] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.768591] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.768632] ================================================================== [ 33.625898] ================================================================== [ 33.625962] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 33.626015] Read of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.626673] [ 33.626727] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.627178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.627227] Hardware name: linux,dummy-virt (DT) [ 33.627281] Call trace: [ 33.627307] show_stack+0x20/0x38 (C) [ 33.627363] dump_stack_lvl+0x8c/0xd0 [ 33.627416] print_report+0x118/0x608 [ 33.627794] kasan_report+0xdc/0x128 [ 33.628026] __asan_report_load4_noabort+0x20/0x30 [ 33.628090] kasan_atomics_helper+0x3e04/0x4858 [ 33.628143] kasan_atomics+0x198/0x2e0 [ 33.628199] kunit_try_run_case+0x170/0x3f0 [ 33.628468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.628874] kthread+0x328/0x630 [ 33.629229] ret_from_fork+0x10/0x20 [ 33.629466] [ 33.629537] Allocated by task 298: [ 33.629739] kasan_save_stack+0x3c/0x68 [ 33.629912] kasan_save_track+0x20/0x40 [ 33.629977] kasan_save_alloc_info+0x40/0x58 [ 33.630179] __kasan_kmalloc+0xd4/0xd8 [ 33.630491] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.630581] kasan_atomics+0xb8/0x2e0 [ 33.630772] kunit_try_run_case+0x170/0x3f0 [ 33.630842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.630892] kthread+0x328/0x630 [ 33.631223] ret_from_fork+0x10/0x20 [ 33.631475] [ 33.631716] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.631716] which belongs to the cache kmalloc-64 of size 64 [ 33.631847] The buggy address is located 0 bytes to the right of [ 33.631847] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.631960] [ 33.632008] The buggy address belongs to the physical page: [ 33.632156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.632251] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.632624] page_type: f5(slab) [ 33.632717] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.632771] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.632914] page dumped because: kasan: bad access detected [ 33.633220] [ 33.633284] Memory state around the buggy address: [ 33.633493] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.633604] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.633676] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.633899] ^ [ 33.633976] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.634087] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.634168] ================================================================== [ 33.643806] ================================================================== [ 33.644167] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 33.644238] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.644354] [ 33.644388] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.644477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.644507] Hardware name: linux,dummy-virt (DT) [ 33.644638] Call trace: [ 33.644709] show_stack+0x20/0x38 (C) [ 33.644912] dump_stack_lvl+0x8c/0xd0 [ 33.645154] print_report+0x118/0x608 [ 33.645209] kasan_report+0xdc/0x128 [ 33.645422] __asan_report_load8_noabort+0x20/0x30 [ 33.645583] kasan_atomics_helper+0x3f58/0x4858 [ 33.645776] kasan_atomics+0x198/0x2e0 [ 33.645838] kunit_try_run_case+0x170/0x3f0 [ 33.645893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.646193] kthread+0x328/0x630 [ 33.646475] ret_from_fork+0x10/0x20 [ 33.646548] [ 33.646730] Allocated by task 298: [ 33.646774] kasan_save_stack+0x3c/0x68 [ 33.646961] kasan_save_track+0x20/0x40 [ 33.647145] kasan_save_alloc_info+0x40/0x58 [ 33.647199] __kasan_kmalloc+0xd4/0xd8 [ 33.647374] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.647430] kasan_atomics+0xb8/0x2e0 [ 33.647604] kunit_try_run_case+0x170/0x3f0 [ 33.647934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.648112] kthread+0x328/0x630 [ 33.648150] ret_from_fork+0x10/0x20 [ 33.648190] [ 33.648369] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.648369] which belongs to the cache kmalloc-64 of size 64 [ 33.648464] The buggy address is located 0 bytes to the right of [ 33.648464] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.648691] [ 33.648739] The buggy address belongs to the physical page: [ 33.648773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.648841] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.648901] page_type: f5(slab) [ 33.648955] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.649008] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.649051] page dumped because: kasan: bad access detected [ 33.649085] [ 33.649107] Memory state around the buggy address: [ 33.649141] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.649187] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.649248] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.649291] ^ [ 33.649328] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.649391] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.649441] ================================================================== [ 33.812156] ================================================================== [ 33.812206] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 33.812258] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.812310] [ 33.812621] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.812886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.812945] Hardware name: linux,dummy-virt (DT) [ 33.813125] Call trace: [ 33.813161] show_stack+0x20/0x38 (C) [ 33.813217] dump_stack_lvl+0x8c/0xd0 [ 33.813383] print_report+0x118/0x608 [ 33.813450] kasan_report+0xdc/0x128 [ 33.813686] __asan_report_load8_noabort+0x20/0x30 [ 33.813763] kasan_atomics_helper+0x3db0/0x4858 [ 33.814022] kasan_atomics+0x198/0x2e0 [ 33.814077] kunit_try_run_case+0x170/0x3f0 [ 33.814246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.814318] kthread+0x328/0x630 [ 33.814365] ret_from_fork+0x10/0x20 [ 33.814725] [ 33.814768] Allocated by task 298: [ 33.814949] kasan_save_stack+0x3c/0x68 [ 33.815108] kasan_save_track+0x20/0x40 [ 33.815155] kasan_save_alloc_info+0x40/0x58 [ 33.815349] __kasan_kmalloc+0xd4/0xd8 [ 33.815405] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.815525] kasan_atomics+0xb8/0x2e0 [ 33.815713] kunit_try_run_case+0x170/0x3f0 [ 33.815972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.816191] kthread+0x328/0x630 [ 33.816239] ret_from_fork+0x10/0x20 [ 33.816291] [ 33.816314] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.816314] which belongs to the cache kmalloc-64 of size 64 [ 33.816419] The buggy address is located 0 bytes to the right of [ 33.816419] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.816488] [ 33.816510] The buggy address belongs to the physical page: [ 33.816564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.816643] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.816693] page_type: f5(slab) [ 33.816757] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.816810] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.816854] page dumped because: kasan: bad access detected [ 33.816898] [ 33.816940] Memory state around the buggy address: [ 33.816972] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.817019] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.817063] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.817127] ^ [ 33.817171] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.817232] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.817274] ================================================================== [ 33.802959] ================================================================== [ 33.803129] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 33.803370] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.803464] [ 33.803500] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.803815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.804025] Hardware name: linux,dummy-virt (DT) [ 33.804182] Call trace: [ 33.804278] show_stack+0x20/0x38 (C) [ 33.804363] dump_stack_lvl+0x8c/0xd0 [ 33.804585] print_report+0x118/0x608 [ 33.804790] kasan_report+0xdc/0x128 [ 33.804870] kasan_check_range+0x100/0x1a8 [ 33.805205] __kasan_check_write+0x20/0x30 [ 33.805433] kasan_atomics_helper+0x15b4/0x4858 [ 33.805663] kasan_atomics+0x198/0x2e0 [ 33.806027] kunit_try_run_case+0x170/0x3f0 [ 33.806783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.806891] kthread+0x328/0x630 [ 33.806998] ret_from_fork+0x10/0x20 [ 33.807066] [ 33.807090] Allocated by task 298: [ 33.807140] kasan_save_stack+0x3c/0x68 [ 33.807436] kasan_save_track+0x20/0x40 [ 33.807502] kasan_save_alloc_info+0x40/0x58 [ 33.807610] __kasan_kmalloc+0xd4/0xd8 [ 33.807980] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.808046] kasan_atomics+0xb8/0x2e0 [ 33.808087] kunit_try_run_case+0x170/0x3f0 [ 33.808131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.808181] kthread+0x328/0x630 [ 33.808550] ret_from_fork+0x10/0x20 [ 33.808763] [ 33.808848] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.808848] which belongs to the cache kmalloc-64 of size 64 [ 33.809032] The buggy address is located 0 bytes to the right of [ 33.809032] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.809333] [ 33.809407] The buggy address belongs to the physical page: [ 33.809573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.810052] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.810129] page_type: f5(slab) [ 33.810302] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.810518] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.810747] page dumped because: kasan: bad access detected [ 33.810803] [ 33.810906] Memory state around the buggy address: [ 33.810976] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.811066] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.811157] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.811216] ^ [ 33.811421] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.811638] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.811757] ================================================================== [ 33.851302] ================================================================== [ 33.851351] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 33.851400] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.851452] [ 33.851484] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.852324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.852379] Hardware name: linux,dummy-virt (DT) [ 33.852445] Call trace: [ 33.852564] show_stack+0x20/0x38 (C) [ 33.852766] dump_stack_lvl+0x8c/0xd0 [ 33.852830] print_report+0x118/0x608 [ 33.852954] kasan_report+0xdc/0x128 [ 33.853026] kasan_check_range+0x100/0x1a8 [ 33.853098] __kasan_check_write+0x20/0x30 [ 33.853207] kasan_atomics_helper+0x175c/0x4858 [ 33.853603] kasan_atomics+0x198/0x2e0 [ 33.853738] kunit_try_run_case+0x170/0x3f0 [ 33.853851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.854006] kthread+0x328/0x630 [ 33.854077] ret_from_fork+0x10/0x20 [ 33.854483] [ 33.854784] Allocated by task 298: [ 33.854884] kasan_save_stack+0x3c/0x68 [ 33.855019] kasan_save_track+0x20/0x40 [ 33.855065] kasan_save_alloc_info+0x40/0x58 [ 33.855107] __kasan_kmalloc+0xd4/0xd8 [ 33.855508] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.855681] kasan_atomics+0xb8/0x2e0 [ 33.855855] kunit_try_run_case+0x170/0x3f0 [ 33.856035] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.856114] kthread+0x328/0x630 [ 33.856157] ret_from_fork+0x10/0x20 [ 33.856376] [ 33.856422] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.856422] which belongs to the cache kmalloc-64 of size 64 [ 33.856767] The buggy address is located 0 bytes to the right of [ 33.856767] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.857223] [ 33.857459] The buggy address belongs to the physical page: [ 33.857538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.857788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.857988] page_type: f5(slab) [ 33.858364] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.858445] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.858765] page dumped because: kasan: bad access detected [ 33.858886] [ 33.859014] Memory state around the buggy address: [ 33.859120] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.859196] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.859274] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.859589] ^ [ 33.859802] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.859866] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.860052] ================================================================== [ 33.780006] ================================================================== [ 33.780062] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 33.780132] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.780312] [ 33.780349] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.780586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.780721] Hardware name: linux,dummy-virt (DT) [ 33.780770] Call trace: [ 33.780796] show_stack+0x20/0x38 (C) [ 33.780984] dump_stack_lvl+0x8c/0xd0 [ 33.781050] print_report+0x118/0x608 [ 33.781126] kasan_report+0xdc/0x128 [ 33.781306] kasan_check_range+0x100/0x1a8 [ 33.781436] __kasan_check_write+0x20/0x30 [ 33.781505] kasan_atomics_helper+0x147c/0x4858 [ 33.781559] kasan_atomics+0x198/0x2e0 [ 33.781753] kunit_try_run_case+0x170/0x3f0 [ 33.781842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.782009] kthread+0x328/0x630 [ 33.782065] ret_from_fork+0x10/0x20 [ 33.782404] [ 33.782598] Allocated by task 298: [ 33.782642] kasan_save_stack+0x3c/0x68 [ 33.782692] kasan_save_track+0x20/0x40 [ 33.782883] kasan_save_alloc_info+0x40/0x58 [ 33.783154] __kasan_kmalloc+0xd4/0xd8 [ 33.783463] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.783522] kasan_atomics+0xb8/0x2e0 [ 33.783760] kunit_try_run_case+0x170/0x3f0 [ 33.783978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.784050] kthread+0x328/0x630 [ 33.784088] ret_from_fork+0x10/0x20 [ 33.784128] [ 33.784398] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.784398] which belongs to the cache kmalloc-64 of size 64 [ 33.784742] The buggy address is located 0 bytes to the right of [ 33.784742] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.784945] [ 33.785058] The buggy address belongs to the physical page: [ 33.785113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.785173] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.785407] page_type: f5(slab) [ 33.785462] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.785900] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.786025] page dumped because: kasan: bad access detected [ 33.786093] [ 33.786143] Memory state around the buggy address: [ 33.786269] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.786318] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.786370] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.786409] ^ [ 33.786446] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.786616] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.786670] ================================================================== [ 33.540612] ================================================================== [ 33.540672] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 33.540726] Write of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.540780] [ 33.540816] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.540907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.541763] Hardware name: linux,dummy-virt (DT) [ 33.541820] Call trace: [ 33.541848] show_stack+0x20/0x38 (C) [ 33.542284] dump_stack_lvl+0x8c/0xd0 [ 33.542544] print_report+0x118/0x608 [ 33.542641] kasan_report+0xdc/0x128 [ 33.542732] kasan_check_range+0x100/0x1a8 [ 33.542831] __kasan_check_write+0x20/0x30 [ 33.542900] kasan_atomics_helper+0xa6c/0x4858 [ 33.542992] kasan_atomics+0x198/0x2e0 [ 33.543046] kunit_try_run_case+0x170/0x3f0 [ 33.543145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.543208] kthread+0x328/0x630 [ 33.543255] ret_from_fork+0x10/0x20 [ 33.543354] [ 33.543379] Allocated by task 298: [ 33.543413] kasan_save_stack+0x3c/0x68 [ 33.543460] kasan_save_track+0x20/0x40 [ 33.543756] kasan_save_alloc_info+0x40/0x58 [ 33.543876] __kasan_kmalloc+0xd4/0xd8 [ 33.544033] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.544097] kasan_atomics+0xb8/0x2e0 [ 33.544136] kunit_try_run_case+0x170/0x3f0 [ 33.544180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.544464] kthread+0x328/0x630 [ 33.544583] ret_from_fork+0x10/0x20 [ 33.544723] [ 33.544765] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.544765] which belongs to the cache kmalloc-64 of size 64 [ 33.544826] The buggy address is located 0 bytes to the right of [ 33.544826] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.545176] [ 33.545205] The buggy address belongs to the physical page: [ 33.545275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.545522] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.545730] page_type: f5(slab) [ 33.546015] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.546189] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.546407] page dumped because: kasan: bad access detected [ 33.546584] [ 33.546709] Memory state around the buggy address: [ 33.547009] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.547182] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.547281] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.547331] ^ [ 33.547370] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.547416] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.547457] ================================================================== [ 33.818649] ================================================================== [ 33.818719] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 33.819023] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.819101] [ 33.819298] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.819553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.819862] Hardware name: linux,dummy-virt (DT) [ 33.820034] Call trace: [ 33.820142] show_stack+0x20/0x38 (C) [ 33.820266] dump_stack_lvl+0x8c/0xd0 [ 33.820395] print_report+0x118/0x608 [ 33.820466] kasan_report+0xdc/0x128 [ 33.820527] kasan_check_range+0x100/0x1a8 [ 33.820764] __kasan_check_write+0x20/0x30 [ 33.820920] kasan_atomics_helper+0x1644/0x4858 [ 33.821176] kasan_atomics+0x198/0x2e0 [ 33.821422] kunit_try_run_case+0x170/0x3f0 [ 33.821501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.821649] kthread+0x328/0x630 [ 33.821728] ret_from_fork+0x10/0x20 [ 33.821866] [ 33.821916] Allocated by task 298: [ 33.822031] kasan_save_stack+0x3c/0x68 [ 33.822105] kasan_save_track+0x20/0x40 [ 33.822191] kasan_save_alloc_info+0x40/0x58 [ 33.822289] __kasan_kmalloc+0xd4/0xd8 [ 33.822344] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.822387] kasan_atomics+0xb8/0x2e0 [ 33.822575] kunit_try_run_case+0x170/0x3f0 [ 33.822818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.823059] kthread+0x328/0x630 [ 33.823135] ret_from_fork+0x10/0x20 [ 33.823304] [ 33.823413] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.823413] which belongs to the cache kmalloc-64 of size 64 [ 33.823478] The buggy address is located 0 bytes to the right of [ 33.823478] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.823742] [ 33.823971] The buggy address belongs to the physical page: [ 33.824156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.824402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.824490] page_type: f5(slab) [ 33.824613] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.824668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.824712] page dumped because: kasan: bad access detected [ 33.824771] [ 33.824816] Memory state around the buggy address: [ 33.825020] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.825111] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.825516] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.825590] ^ [ 33.825685] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.825766] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.825845] ================================================================== [ 33.522719] ================================================================== [ 33.522778] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 33.522838] Write of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.522891] [ 33.523434] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.523550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.524094] Hardware name: linux,dummy-virt (DT) [ 33.524152] Call trace: [ 33.524196] show_stack+0x20/0x38 (C) [ 33.524504] dump_stack_lvl+0x8c/0xd0 [ 33.524652] print_report+0x118/0x608 [ 33.524766] kasan_report+0xdc/0x128 [ 33.524821] kasan_check_range+0x100/0x1a8 [ 33.524875] __kasan_check_write+0x20/0x30 [ 33.525263] kasan_atomics_helper+0x99c/0x4858 [ 33.525360] kasan_atomics+0x198/0x2e0 [ 33.525589] kunit_try_run_case+0x170/0x3f0 [ 33.525772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.525851] kthread+0x328/0x630 [ 33.526159] ret_from_fork+0x10/0x20 [ 33.526402] [ 33.526464] Allocated by task 298: [ 33.526604] kasan_save_stack+0x3c/0x68 [ 33.526693] kasan_save_track+0x20/0x40 [ 33.526810] kasan_save_alloc_info+0x40/0x58 [ 33.526881] __kasan_kmalloc+0xd4/0xd8 [ 33.527074] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.527294] kasan_atomics+0xb8/0x2e0 [ 33.527381] kunit_try_run_case+0x170/0x3f0 [ 33.527487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.527607] kthread+0x328/0x630 [ 33.527764] ret_from_fork+0x10/0x20 [ 33.527808] [ 33.527831] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.527831] which belongs to the cache kmalloc-64 of size 64 [ 33.527898] The buggy address is located 0 bytes to the right of [ 33.527898] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.528146] [ 33.528252] The buggy address belongs to the physical page: [ 33.528353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.528665] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.528914] page_type: f5(slab) [ 33.529035] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.529106] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.529233] page dumped because: kasan: bad access detected [ 33.529315] [ 33.529357] Memory state around the buggy address: [ 33.529392] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.529622] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.529851] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.529975] ^ [ 33.530024] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.530095] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.530234] ================================================================== [ 33.668146] ================================================================== [ 33.668203] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 33.668318] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.668374] [ 33.668492] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.668582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.668613] Hardware name: linux,dummy-virt (DT) [ 33.668645] Call trace: [ 33.668669] show_stack+0x20/0x38 (C) [ 33.668720] dump_stack_lvl+0x8c/0xd0 [ 33.668770] print_report+0x118/0x608 [ 33.669385] kasan_report+0xdc/0x128 [ 33.669468] kasan_check_range+0x100/0x1a8 [ 33.669521] __kasan_check_write+0x20/0x30 [ 33.669854] kasan_atomics_helper+0xeb8/0x4858 [ 33.670265] kasan_atomics+0x198/0x2e0 [ 33.670719] kunit_try_run_case+0x170/0x3f0 [ 33.670942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.671023] kthread+0x328/0x630 [ 33.671068] ret_from_fork+0x10/0x20 [ 33.671417] [ 33.671655] Allocated by task 298: [ 33.671705] kasan_save_stack+0x3c/0x68 [ 33.671778] kasan_save_track+0x20/0x40 [ 33.671936] kasan_save_alloc_info+0x40/0x58 [ 33.672016] __kasan_kmalloc+0xd4/0xd8 [ 33.672103] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.672404] kasan_atomics+0xb8/0x2e0 [ 33.672525] kunit_try_run_case+0x170/0x3f0 [ 33.672582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.673001] kthread+0x328/0x630 [ 33.673114] ret_from_fork+0x10/0x20 [ 33.673217] [ 33.673440] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.673440] which belongs to the cache kmalloc-64 of size 64 [ 33.673519] The buggy address is located 0 bytes to the right of [ 33.673519] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.673717] [ 33.673774] The buggy address belongs to the physical page: [ 33.674282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.675008] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.675218] page_type: f5(slab) [ 33.675294] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.675449] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.675496] page dumped because: kasan: bad access detected [ 33.675530] [ 33.675689] Memory state around the buggy address: [ 33.675752] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.676176] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.676296] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.676543] ^ [ 33.676675] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.676753] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.676978] ================================================================== [ 33.740665] ================================================================== [ 33.740741] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 33.740795] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.741045] [ 33.741260] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.741361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.741571] Hardware name: linux,dummy-virt (DT) [ 33.741750] Call trace: [ 33.741792] show_stack+0x20/0x38 (C) [ 33.741856] dump_stack_lvl+0x8c/0xd0 [ 33.741998] print_report+0x118/0x608 [ 33.742069] kasan_report+0xdc/0x128 [ 33.742127] kasan_check_range+0x100/0x1a8 [ 33.742259] __kasan_check_write+0x20/0x30 [ 33.742307] kasan_atomics_helper+0x126c/0x4858 [ 33.742373] kasan_atomics+0x198/0x2e0 [ 33.742434] kunit_try_run_case+0x170/0x3f0 [ 33.742488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.742546] kthread+0x328/0x630 [ 33.742591] ret_from_fork+0x10/0x20 [ 33.742951] [ 33.742999] Allocated by task 298: [ 33.743211] kasan_save_stack+0x3c/0x68 [ 33.743267] kasan_save_track+0x20/0x40 [ 33.743309] kasan_save_alloc_info+0x40/0x58 [ 33.743349] __kasan_kmalloc+0xd4/0xd8 [ 33.743390] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.743462] kasan_atomics+0xb8/0x2e0 [ 33.743510] kunit_try_run_case+0x170/0x3f0 [ 33.743762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.743866] kthread+0x328/0x630 [ 33.744123] ret_from_fork+0x10/0x20 [ 33.744195] [ 33.744239] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.744239] which belongs to the cache kmalloc-64 of size 64 [ 33.744463] The buggy address is located 0 bytes to the right of [ 33.744463] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.744586] [ 33.744617] The buggy address belongs to the physical page: [ 33.744652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.744832] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.745342] page_type: f5(slab) [ 33.745397] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.745483] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.745529] page dumped because: kasan: bad access detected [ 33.745564] [ 33.745780] Memory state around the buggy address: [ 33.746160] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.746265] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.746337] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.746502] ^ [ 33.746659] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.746720] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.746761] ================================================================== [ 33.610807] ================================================================== [ 33.611264] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 33.611350] Read of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.611406] [ 33.611441] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.611622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.611709] Hardware name: linux,dummy-virt (DT) [ 33.611761] Call trace: [ 33.611914] show_stack+0x20/0x38 (C) [ 33.612098] dump_stack_lvl+0x8c/0xd0 [ 33.612194] print_report+0x118/0x608 [ 33.612247] kasan_report+0xdc/0x128 [ 33.612313] __asan_report_load4_noabort+0x20/0x30 [ 33.612365] kasan_atomics_helper+0x3dd8/0x4858 [ 33.612595] kasan_atomics+0x198/0x2e0 [ 33.612820] kunit_try_run_case+0x170/0x3f0 [ 33.613092] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.613224] kthread+0x328/0x630 [ 33.613273] ret_from_fork+0x10/0x20 [ 33.613738] [ 33.613791] Allocated by task 298: [ 33.614073] kasan_save_stack+0x3c/0x68 [ 33.614289] kasan_save_track+0x20/0x40 [ 33.614450] kasan_save_alloc_info+0x40/0x58 [ 33.614507] __kasan_kmalloc+0xd4/0xd8 [ 33.614548] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.614591] kasan_atomics+0xb8/0x2e0 [ 33.614633] kunit_try_run_case+0x170/0x3f0 [ 33.614672] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.614718] kthread+0x328/0x630 [ 33.614754] ret_from_fork+0x10/0x20 [ 33.614791] [ 33.614842] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.614842] which belongs to the cache kmalloc-64 of size 64 [ 33.614905] The buggy address is located 0 bytes to the right of [ 33.614905] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.614992] [ 33.615026] The buggy address belongs to the physical page: [ 33.615076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.615146] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.615207] page_type: f5(slab) [ 33.615263] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.615326] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.615370] page dumped because: kasan: bad access detected [ 33.615421] [ 33.615442] Memory state around the buggy address: [ 33.615476] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.615521] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.615566] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.615628] ^ [ 33.615664] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.615708] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.615749] ================================================================== [ 33.747406] ================================================================== [ 33.747461] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 33.747719] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.747811] [ 33.747893] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.748188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.748224] Hardware name: linux,dummy-virt (DT) [ 33.748631] Call trace: [ 33.748686] show_stack+0x20/0x38 (C) [ 33.748950] dump_stack_lvl+0x8c/0xd0 [ 33.749176] print_report+0x118/0x608 [ 33.749320] kasan_report+0xdc/0x128 [ 33.749420] kasan_check_range+0x100/0x1a8 [ 33.749500] __kasan_check_write+0x20/0x30 [ 33.749872] kasan_atomics_helper+0x12d8/0x4858 [ 33.750153] kasan_atomics+0x198/0x2e0 [ 33.750318] kunit_try_run_case+0x170/0x3f0 [ 33.750376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.750441] kthread+0x328/0x630 [ 33.750486] ret_from_fork+0x10/0x20 [ 33.750678] [ 33.750733] Allocated by task 298: [ 33.750778] kasan_save_stack+0x3c/0x68 [ 33.750846] kasan_save_track+0x20/0x40 [ 33.750888] kasan_save_alloc_info+0x40/0x58 [ 33.750940] __kasan_kmalloc+0xd4/0xd8 [ 33.750983] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.751026] kasan_atomics+0xb8/0x2e0 [ 33.751081] kunit_try_run_case+0x170/0x3f0 [ 33.751125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.751173] kthread+0x328/0x630 [ 33.751212] ret_from_fork+0x10/0x20 [ 33.751252] [ 33.751283] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.751283] which belongs to the cache kmalloc-64 of size 64 [ 33.751344] The buggy address is located 0 bytes to the right of [ 33.751344] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.751419] [ 33.751451] The buggy address belongs to the physical page: [ 33.751496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.751899] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.752333] page_type: f5(slab) [ 33.752392] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.752467] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.752512] page dumped because: kasan: bad access detected [ 33.752749] [ 33.752847] Memory state around the buggy address: [ 33.753190] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.753326] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.753451] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.753607] ^ [ 33.753678] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.753734] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.753799] ================================================================== [ 33.692664] ================================================================== [ 33.692836] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 33.692939] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.693010] [ 33.693045] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.693251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.693392] Hardware name: linux,dummy-virt (DT) [ 33.693439] Call trace: [ 33.693464] show_stack+0x20/0x38 (C) [ 33.693536] dump_stack_lvl+0x8c/0xd0 [ 33.693993] print_report+0x118/0x608 [ 33.694151] kasan_report+0xdc/0x128 [ 33.694413] kasan_check_range+0x100/0x1a8 [ 33.694679] __kasan_check_write+0x20/0x30 [ 33.694955] kasan_atomics_helper+0xff0/0x4858 [ 33.695028] kasan_atomics+0x198/0x2e0 [ 33.695184] kunit_try_run_case+0x170/0x3f0 [ 33.695252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.695517] kthread+0x328/0x630 [ 33.695812] ret_from_fork+0x10/0x20 [ 33.695870] [ 33.695894] Allocated by task 298: [ 33.695934] kasan_save_stack+0x3c/0x68 [ 33.695980] kasan_save_track+0x20/0x40 [ 33.696022] kasan_save_alloc_info+0x40/0x58 [ 33.696362] __kasan_kmalloc+0xd4/0xd8 [ 33.696468] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.696933] kasan_atomics+0xb8/0x2e0 [ 33.697008] kunit_try_run_case+0x170/0x3f0 [ 33.697052] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.697101] kthread+0x328/0x630 [ 33.697180] ret_from_fork+0x10/0x20 [ 33.697223] [ 33.697253] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.697253] which belongs to the cache kmalloc-64 of size 64 [ 33.697323] The buggy address is located 0 bytes to the right of [ 33.697323] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.697389] [ 33.697415] The buggy address belongs to the physical page: [ 33.697461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.697516] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.697576] page_type: f5(slab) [ 33.697625] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.697685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.697736] page dumped because: kasan: bad access detected [ 33.697780] [ 33.697810] Memory state around the buggy address: [ 33.697846] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.697900] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.697955] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.697997] ^ [ 33.698043] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.698087] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.698137] ================================================================== [ 33.755005] ================================================================== [ 33.755062] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 33.755132] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.755213] [ 33.755247] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.755337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.755540] Hardware name: linux,dummy-virt (DT) [ 33.756116] Call trace: [ 33.756183] show_stack+0x20/0x38 (C) [ 33.756360] dump_stack_lvl+0x8c/0xd0 [ 33.756439] print_report+0x118/0x608 [ 33.756676] kasan_report+0xdc/0x128 [ 33.756910] kasan_check_range+0x100/0x1a8 [ 33.757012] __kasan_check_write+0x20/0x30 [ 33.757233] kasan_atomics_helper+0x1384/0x4858 [ 33.757332] kasan_atomics+0x198/0x2e0 [ 33.757494] kunit_try_run_case+0x170/0x3f0 [ 33.757945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.758037] kthread+0x328/0x630 [ 33.758265] ret_from_fork+0x10/0x20 [ 33.758327] [ 33.758350] Allocated by task 298: [ 33.758449] kasan_save_stack+0x3c/0x68 [ 33.758607] kasan_save_track+0x20/0x40 [ 33.758904] kasan_save_alloc_info+0x40/0x58 [ 33.759205] __kasan_kmalloc+0xd4/0xd8 [ 33.759280] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.759325] kasan_atomics+0xb8/0x2e0 [ 33.759365] kunit_try_run_case+0x170/0x3f0 [ 33.759655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.759916] kthread+0x328/0x630 [ 33.760117] ret_from_fork+0x10/0x20 [ 33.760270] [ 33.760314] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.760314] which belongs to the cache kmalloc-64 of size 64 [ 33.760378] The buggy address is located 0 bytes to the right of [ 33.760378] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.760674] [ 33.761031] The buggy address belongs to the physical page: [ 33.761152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.761216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.761267] page_type: f5(slab) [ 33.761528] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.761961] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.762126] page dumped because: kasan: bad access detected [ 33.762282] [ 33.762349] Memory state around the buggy address: [ 33.762546] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.762832] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.762909] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.762980] ^ [ 33.763028] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.763167] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.763210] ================================================================== [ 33.724836] ================================================================== [ 33.725029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 33.725226] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.725325] [ 33.725395] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.725500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.725684] Hardware name: linux,dummy-virt (DT) [ 33.725730] Call trace: [ 33.725771] show_stack+0x20/0x38 (C) [ 33.725826] dump_stack_lvl+0x8c/0xd0 [ 33.726050] print_report+0x118/0x608 [ 33.726265] kasan_report+0xdc/0x128 [ 33.726344] kasan_check_range+0x100/0x1a8 [ 33.726396] __kasan_check_write+0x20/0x30 [ 33.726446] kasan_atomics_helper+0x1190/0x4858 [ 33.726498] kasan_atomics+0x198/0x2e0 [ 33.726551] kunit_try_run_case+0x170/0x3f0 [ 33.726606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.726664] kthread+0x328/0x630 [ 33.726709] ret_from_fork+0x10/0x20 [ 33.726817] [ 33.726842] Allocated by task 298: [ 33.726874] kasan_save_stack+0x3c/0x68 [ 33.726919] kasan_save_track+0x20/0x40 [ 33.726971] kasan_save_alloc_info+0x40/0x58 [ 33.727020] __kasan_kmalloc+0xd4/0xd8 [ 33.727067] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.727110] kasan_atomics+0xb8/0x2e0 [ 33.727149] kunit_try_run_case+0x170/0x3f0 [ 33.727200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.727248] kthread+0x328/0x630 [ 33.727285] ret_from_fork+0x10/0x20 [ 33.727324] [ 33.727353] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.727353] which belongs to the cache kmalloc-64 of size 64 [ 33.727415] The buggy address is located 0 bytes to the right of [ 33.727415] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.727481] [ 33.727503] The buggy address belongs to the physical page: [ 33.727539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.728490] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.728598] page_type: f5(slab) [ 33.728719] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.728820] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.728957] page dumped because: kasan: bad access detected [ 33.729300] [ 33.729347] Memory state around the buggy address: [ 33.729489] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.729768] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.730088] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.730226] ^ [ 33.730267] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.730503] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.730663] ================================================================== [ 33.867831] ================================================================== [ 33.867883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 33.868126] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.868343] [ 33.868399] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.868492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.868521] Hardware name: linux,dummy-virt (DT) [ 33.868555] Call trace: [ 33.868580] show_stack+0x20/0x38 (C) [ 33.868640] dump_stack_lvl+0x8c/0xd0 [ 33.868690] print_report+0x118/0x608 [ 33.868742] kasan_report+0xdc/0x128 [ 33.868791] kasan_check_range+0x100/0x1a8 [ 33.868839] __kasan_check_write+0x20/0x30 [ 33.868886] kasan_atomics_helper+0x17ec/0x4858 [ 33.868951] kasan_atomics+0x198/0x2e0 [ 33.869007] kunit_try_run_case+0x170/0x3f0 [ 33.869057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.869113] kthread+0x328/0x630 [ 33.869159] ret_from_fork+0x10/0x20 [ 33.869219] [ 33.869242] Allocated by task 298: [ 33.869273] kasan_save_stack+0x3c/0x68 [ 33.869318] kasan_save_track+0x20/0x40 [ 33.869360] kasan_save_alloc_info+0x40/0x58 [ 33.869400] __kasan_kmalloc+0xd4/0xd8 [ 33.869449] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.869493] kasan_atomics+0xb8/0x2e0 [ 33.869536] kunit_try_run_case+0x170/0x3f0 [ 33.869580] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.869636] kthread+0x328/0x630 [ 33.869671] ret_from_fork+0x10/0x20 [ 33.869710] [ 33.869733] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.869733] which belongs to the cache kmalloc-64 of size 64 [ 33.869794] The buggy address is located 0 bytes to the right of [ 33.869794] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.869861] [ 33.869886] The buggy address belongs to the physical page: [ 33.869919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.869986] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.870386] page_type: f5(slab) [ 33.870443] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.870496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.870668] page dumped because: kasan: bad access detected [ 33.870731] [ 33.870753] Memory state around the buggy address: [ 33.870791] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.871160] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.871477] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.871536] ^ [ 33.871603] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.871887] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.872232] ================================================================== [ 33.769610] ================================================================== [ 33.769693] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 33.769747] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.769908] [ 33.769954] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.770045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.770076] Hardware name: linux,dummy-virt (DT) [ 33.770254] Call trace: [ 33.770293] show_stack+0x20/0x38 (C) [ 33.770448] dump_stack_lvl+0x8c/0xd0 [ 33.770635] print_report+0x118/0x608 [ 33.770700] kasan_report+0xdc/0x128 [ 33.770885] kasan_check_range+0x100/0x1a8 [ 33.771367] __kasan_check_write+0x20/0x30 [ 33.771640] kasan_atomics_helper+0x1414/0x4858 [ 33.771993] kasan_atomics+0x198/0x2e0 [ 33.772523] kunit_try_run_case+0x170/0x3f0 [ 33.772691] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.772774] kthread+0x328/0x630 [ 33.772998] ret_from_fork+0x10/0x20 [ 33.773422] [ 33.773565] Allocated by task 298: [ 33.773838] kasan_save_stack+0x3c/0x68 [ 33.773903] kasan_save_track+0x20/0x40 [ 33.774113] kasan_save_alloc_info+0x40/0x58 [ 33.774249] __kasan_kmalloc+0xd4/0xd8 [ 33.774586] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.774673] kasan_atomics+0xb8/0x2e0 [ 33.774849] kunit_try_run_case+0x170/0x3f0 [ 33.774906] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.775222] kthread+0x328/0x630 [ 33.775368] ret_from_fork+0x10/0x20 [ 33.775725] [ 33.775960] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.775960] which belongs to the cache kmalloc-64 of size 64 [ 33.776075] The buggy address is located 0 bytes to the right of [ 33.776075] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.776324] [ 33.776489] The buggy address belongs to the physical page: [ 33.776529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.776738] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.776984] page_type: f5(slab) [ 33.777323] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.777605] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.777683] page dumped because: kasan: bad access detected [ 33.777802] [ 33.777871] Memory state around the buggy address: [ 33.778048] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.778247] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.778460] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.778568] ^ [ 33.778616] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.778809] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.778949] ================================================================== [ 33.843647] ================================================================== [ 33.843695] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 33.843946] Read of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.844201] [ 33.844407] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.844527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.844556] Hardware name: linux,dummy-virt (DT) [ 33.844591] Call trace: [ 33.844808] show_stack+0x20/0x38 (C) [ 33.845090] dump_stack_lvl+0x8c/0xd0 [ 33.845174] print_report+0x118/0x608 [ 33.845377] kasan_report+0xdc/0x128 [ 33.845568] __asan_report_load8_noabort+0x20/0x30 [ 33.845869] kasan_atomics_helper+0x3e10/0x4858 [ 33.846120] kasan_atomics+0x198/0x2e0 [ 33.846184] kunit_try_run_case+0x170/0x3f0 [ 33.846240] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.846297] kthread+0x328/0x630 [ 33.846343] ret_from_fork+0x10/0x20 [ 33.846395] [ 33.846677] Allocated by task 298: [ 33.847250] kasan_save_stack+0x3c/0x68 [ 33.847341] kasan_save_track+0x20/0x40 [ 33.847535] kasan_save_alloc_info+0x40/0x58 [ 33.847655] __kasan_kmalloc+0xd4/0xd8 [ 33.848022] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.848100] kasan_atomics+0xb8/0x2e0 [ 33.848477] kunit_try_run_case+0x170/0x3f0 [ 33.848678] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.848941] kthread+0x328/0x630 [ 33.849152] ret_from_fork+0x10/0x20 [ 33.849373] [ 33.849586] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.849586] which belongs to the cache kmalloc-64 of size 64 [ 33.849889] The buggy address is located 0 bytes to the right of [ 33.849889] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.850045] [ 33.850135] The buggy address belongs to the physical page: [ 33.850233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.850376] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.850437] page_type: f5(slab) [ 33.850481] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.850534] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.850577] page dumped because: kasan: bad access detected [ 33.850631] [ 33.850663] Memory state around the buggy address: [ 33.850697] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.850752] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.850799] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.850849] ^ [ 33.850894] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.850950] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.851003] ================================================================== [ 33.699198] ================================================================== [ 33.699259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 33.699361] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.699429] [ 33.699599] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.699971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.700006] Hardware name: linux,dummy-virt (DT) [ 33.700045] Call trace: [ 33.700072] show_stack+0x20/0x38 (C) [ 33.700363] dump_stack_lvl+0x8c/0xd0 [ 33.700718] print_report+0x118/0x608 [ 33.700783] kasan_report+0xdc/0x128 [ 33.701297] kasan_check_range+0x100/0x1a8 [ 33.701497] __kasan_check_write+0x20/0x30 [ 33.701592] kasan_atomics_helper+0x1058/0x4858 [ 33.701765] kasan_atomics+0x198/0x2e0 [ 33.702031] kunit_try_run_case+0x170/0x3f0 [ 33.702403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.702599] kthread+0x328/0x630 [ 33.702823] ret_from_fork+0x10/0x20 [ 33.703216] [ 33.703280] Allocated by task 298: [ 33.703316] kasan_save_stack+0x3c/0x68 [ 33.703610] kasan_save_track+0x20/0x40 [ 33.703836] kasan_save_alloc_info+0x40/0x58 [ 33.703918] __kasan_kmalloc+0xd4/0xd8 [ 33.704159] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.704267] kasan_atomics+0xb8/0x2e0 [ 33.704311] kunit_try_run_case+0x170/0x3f0 [ 33.704356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.704680] kthread+0x328/0x630 [ 33.704802] ret_from_fork+0x10/0x20 [ 33.704872] [ 33.705050] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.705050] which belongs to the cache kmalloc-64 of size 64 [ 33.705206] The buggy address is located 0 bytes to the right of [ 33.705206] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.705497] [ 33.705660] The buggy address belongs to the physical page: [ 33.705897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.706089] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.706370] page_type: f5(slab) [ 33.706505] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.706718] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.706773] page dumped because: kasan: bad access detected [ 33.706809] [ 33.706983] Memory state around the buggy address: [ 33.707164] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.707357] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.707417] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.707649] ^ [ 33.707727] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.707775] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.707977] ================================================================== [ 33.531754] ================================================================== [ 33.531966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa04/0x4858 [ 33.532061] Write of size 4 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.532282] [ 33.532436] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.533351] print_report+0x118/0x608 [ 33.534073] kunit_try_run_case+0x170/0x3f0 [ 33.535680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.536558] [ 33.536629] The buggy address belongs to the physical page: [ 33.536679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.536996] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.537193] page_type: f5(slab) [ 33.537277] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.537426] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.537497] page dumped because: kasan: bad access detected [ 33.537546] [ 33.537640] Memory state around the buggy address: [ 33.537678] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.537750] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.537824] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.538042] ^ [ 33.538157] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.538293] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.538430] ================================================================== [ 33.786903] ================================================================== [ 33.786966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 33.787018] Write of size 8 at addr fff00000c8dc1ab0 by task kunit_try_catch/298 [ 33.787087] [ 33.787120] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.787210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.787239] Hardware name: linux,dummy-virt (DT) [ 33.787273] Call trace: [ 33.787297] show_stack+0x20/0x38 (C) [ 33.787365] dump_stack_lvl+0x8c/0xd0 [ 33.787418] print_report+0x118/0x608 [ 33.787476] kasan_report+0xdc/0x128 [ 33.787526] kasan_check_range+0x100/0x1a8 [ 33.787740] __kasan_check_write+0x20/0x30 [ 33.788015] kasan_atomics_helper+0x14e4/0x4858 [ 33.788070] kasan_atomics+0x198/0x2e0 [ 33.788695] kunit_try_run_case+0x170/0x3f0 [ 33.788793] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.789031] kthread+0x328/0x630 [ 33.789087] ret_from_fork+0x10/0x20 [ 33.789512] [ 33.789578] Allocated by task 298: [ 33.789632] kasan_save_stack+0x3c/0x68 [ 33.789802] kasan_save_track+0x20/0x40 [ 33.790022] kasan_save_alloc_info+0x40/0x58 [ 33.790228] __kasan_kmalloc+0xd4/0xd8 [ 33.790334] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.790496] kasan_atomics+0xb8/0x2e0 [ 33.790710] kunit_try_run_case+0x170/0x3f0 [ 33.790891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.791191] kthread+0x328/0x630 [ 33.791542] ret_from_fork+0x10/0x20 [ 33.791795] [ 33.791840] The buggy address belongs to the object at fff00000c8dc1a80 [ 33.791840] which belongs to the cache kmalloc-64 of size 64 [ 33.791936] The buggy address is located 0 bytes to the right of [ 33.791936] allocated 48-byte region [fff00000c8dc1a80, fff00000c8dc1ab0) [ 33.792167] [ 33.792325] The buggy address belongs to the physical page: [ 33.792487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc1 [ 33.792728] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.792822] page_type: f5(slab) [ 33.792968] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.793047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.793290] page dumped because: kasan: bad access detected [ 33.793479] [ 33.793543] Memory state around the buggy address: [ 33.793591] fff00000c8dc1980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.793816] fff00000c8dc1a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.793960] >fff00000c8dc1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.794031] ^ [ 33.794250] fff00000c8dc1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.794318] fff00000c8dc1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.794434] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 33.182056] ================================================================== [ 33.182131] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 33.182180] Read of size 1 at addr fff00000c993b210 by task kunit_try_catch/292 [ 33.182251] [ 33.182300] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.182392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.182546] Hardware name: linux,dummy-virt (DT) [ 33.182681] Call trace: [ 33.182801] show_stack+0x20/0x38 (C) [ 33.182880] dump_stack_lvl+0x8c/0xd0 [ 33.182945] print_report+0x118/0x608 [ 33.183013] kasan_report+0xdc/0x128 [ 33.183114] strnlen+0x80/0x88 [ 33.183722] Allocated by task 292: [ 33.183757] kasan_save_stack+0x3c/0x68 [ 33.183803] kasan_save_track+0x20/0x40 [ 33.184560] ret_from_fork+0x10/0x20 [ 33.185567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.185850] The buggy address belongs to the object at fff00000c993b200 [ 33.185850] which belongs to the cache kmalloc-32 of size 32 [ 33.186258] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.186731] fff00000c993b300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.194843] dump_stack_lvl+0x8c/0xd0 [ 33.194907] print_report+0x118/0x608 [ 33.195137] kasan_report+0xdc/0x128 [ 33.195680] kasan_bitops_generic+0x110/0x1c8 [ 33.196864] kasan_save_alloc_info+0x40/0x58 [ 33.197242] kthread+0x328/0x630 [ 33.197890] The buggy address is located 8 bytes inside of [ 33.197890] allocated 9-byte region [fff00000c8432ec0, fff00000c8432ec9) [ 33.198963] [ 33.199450] >fff00000c8432e80: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 33.201252] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 33.175390] ================================================================== [ 33.175444] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 33.175495] Read of size 1 at addr fff00000c993b210 by task kunit_try_catch/292 [ 33.175697] [ 33.175995] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.176140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.176242] Hardware name: linux,dummy-virt (DT) [ 33.176282] Call trace: [ 33.176307] show_stack+0x20/0x38 (C) [ 33.176363] dump_stack_lvl+0x8c/0xd0 [ 33.176413] print_report+0x118/0x608 [ 33.176464] kasan_report+0xdc/0x128 [ 33.176512] __asan_report_load1_noabort+0x20/0x30 [ 33.176565] strlen+0xa8/0xb0 [ 33.176750] kasan_strings+0x418/0xb00 [ 33.176834] kunit_try_run_case+0x170/0x3f0 [ 33.176890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.176989] kthread+0x328/0x630 [ 33.177273] ret_from_fork+0x10/0x20 [ 33.177404] [ 33.177467] Allocated by task 292: [ 33.177532] kasan_save_stack+0x3c/0x68 [ 33.177622] kasan_save_track+0x20/0x40 [ 33.177689] kasan_save_alloc_info+0x40/0x58 [ 33.177753] __kasan_kmalloc+0xd4/0xd8 [ 33.177810] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.177873] kasan_strings+0xc8/0xb00 [ 33.177910] kunit_try_run_case+0x170/0x3f0 [ 33.178203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.178271] kthread+0x328/0x630 [ 33.178400] ret_from_fork+0x10/0x20 [ 33.178472] [ 33.178503] Freed by task 292: [ 33.178552] kasan_save_stack+0x3c/0x68 [ 33.178609] kasan_save_track+0x20/0x40 [ 33.178650] kasan_save_free_info+0x4c/0x78 [ 33.178716] __kasan_slab_free+0x6c/0x98 [ 33.178765] kfree+0x214/0x3c8 [ 33.178810] kasan_strings+0x24c/0xb00 [ 33.178849] kunit_try_run_case+0x170/0x3f0 [ 33.178892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.179286] kthread+0x328/0x630 [ 33.179349] ret_from_fork+0x10/0x20 [ 33.179435] [ 33.179478] The buggy address belongs to the object at fff00000c993b200 [ 33.179478] which belongs to the cache kmalloc-32 of size 32 [ 33.179817] The buggy address is located 16 bytes inside of [ 33.179817] freed 32-byte region [fff00000c993b200, fff00000c993b220) [ 33.179963] [ 33.180012] The buggy address belongs to the physical page: [ 33.180063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10993b [ 33.180158] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.180221] page_type: f5(slab) [ 33.180268] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.180356] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.180482] page dumped because: kasan: bad access detected [ 33.180589] [ 33.180638] Memory state around the buggy address: [ 33.180693] fff00000c993b100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.180750] fff00000c993b180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.180828] >fff00000c993b200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.180870] ^ [ 33.180902] fff00000c993b280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.180956] fff00000c993b300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.180996] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 33.169454] ================================================================== [ 33.169509] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 33.169559] Read of size 1 at addr fff00000c993b210 by task kunit_try_catch/292 [ 33.169612] [ 33.169738] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.169845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.170058] Hardware name: linux,dummy-virt (DT) [ 33.170130] Call trace: [ 33.170157] show_stack+0x20/0x38 (C) [ 33.170233] dump_stack_lvl+0x8c/0xd0 [ 33.170284] print_report+0x118/0x608 [ 33.170348] kasan_report+0xdc/0x128 [ 33.170399] __asan_report_load1_noabort+0x20/0x30 [ 33.170546] kasan_strings+0x95c/0xb00 [ 33.170595] kunit_try_run_case+0x170/0x3f0 [ 33.170762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.170846] kthread+0x328/0x630 [ 33.170909] ret_from_fork+0x10/0x20 [ 33.170972] [ 33.171001] Allocated by task 292: [ 33.171035] kasan_save_stack+0x3c/0x68 [ 33.171178] kasan_save_track+0x20/0x40 [ 33.171362] kasan_save_alloc_info+0x40/0x58 [ 33.171437] __kasan_kmalloc+0xd4/0xd8 [ 33.171480] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.171526] kasan_strings+0xc8/0xb00 [ 33.171605] kunit_try_run_case+0x170/0x3f0 [ 33.171730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.171815] kthread+0x328/0x630 [ 33.171989] ret_from_fork+0x10/0x20 [ 33.172028] [ 33.172053] Freed by task 292: [ 33.172085] kasan_save_stack+0x3c/0x68 [ 33.172251] kasan_save_track+0x20/0x40 [ 33.172302] kasan_save_free_info+0x4c/0x78 [ 33.172343] __kasan_slab_free+0x6c/0x98 [ 33.172426] kfree+0x214/0x3c8 [ 33.172486] kasan_strings+0x24c/0xb00 [ 33.172553] kunit_try_run_case+0x170/0x3f0 [ 33.172641] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.172717] kthread+0x328/0x630 [ 33.172783] ret_from_fork+0x10/0x20 [ 33.172846] [ 33.172898] The buggy address belongs to the object at fff00000c993b200 [ 33.172898] which belongs to the cache kmalloc-32 of size 32 [ 33.173012] The buggy address is located 16 bytes inside of [ 33.173012] freed 32-byte region [fff00000c993b200, fff00000c993b220) [ 33.173095] [ 33.173119] The buggy address belongs to the physical page: [ 33.173160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10993b [ 33.173443] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.173554] page_type: f5(slab) [ 33.173638] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.173706] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.173772] page dumped because: kasan: bad access detected [ 33.173865] [ 33.173886] Memory state around the buggy address: [ 33.173944] fff00000c993b100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.174028] fff00000c993b180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.174196] >fff00000c993b200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.174324] ^ [ 33.174387] fff00000c993b280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.174538] fff00000c993b300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.174628] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 33.164890] ================================================================== [ 33.164987] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 33.165046] Read of size 1 at addr fff00000c993b210 by task kunit_try_catch/292 [ 33.165126] [ 33.165169] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.165282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.165329] Hardware name: linux,dummy-virt (DT) [ 33.165381] Call trace: [ 33.165408] show_stack+0x20/0x38 (C) [ 33.165462] dump_stack_lvl+0x8c/0xd0 [ 33.165533] print_report+0x118/0x608 [ 33.165601] kasan_report+0xdc/0x128 [ 33.165650] __asan_report_load1_noabort+0x20/0x30 [ 33.165701] strcmp+0xc0/0xc8 [ 33.165762] kasan_strings+0x340/0xb00 [ 33.165826] kunit_try_run_case+0x170/0x3f0 [ 33.165881] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.165948] kthread+0x328/0x630 [ 33.166038] ret_from_fork+0x10/0x20 [ 33.166235] [ 33.166258] Allocated by task 292: [ 33.166311] kasan_save_stack+0x3c/0x68 [ 33.166356] kasan_save_track+0x20/0x40 [ 33.166414] kasan_save_alloc_info+0x40/0x58 [ 33.166456] __kasan_kmalloc+0xd4/0xd8 [ 33.166496] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.166539] kasan_strings+0xc8/0xb00 [ 33.166576] kunit_try_run_case+0x170/0x3f0 [ 33.166618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.166674] kthread+0x328/0x630 [ 33.166709] ret_from_fork+0x10/0x20 [ 33.166750] [ 33.166779] Freed by task 292: [ 33.166809] kasan_save_stack+0x3c/0x68 [ 33.166850] kasan_save_track+0x20/0x40 [ 33.166898] kasan_save_free_info+0x4c/0x78 [ 33.166951] __kasan_slab_free+0x6c/0x98 [ 33.166993] kfree+0x214/0x3c8 [ 33.167030] kasan_strings+0x24c/0xb00 [ 33.167068] kunit_try_run_case+0x170/0x3f0 [ 33.167109] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.167166] kthread+0x328/0x630 [ 33.167214] ret_from_fork+0x10/0x20 [ 33.167253] [ 33.167274] The buggy address belongs to the object at fff00000c993b200 [ 33.167274] which belongs to the cache kmalloc-32 of size 32 [ 33.167335] The buggy address is located 16 bytes inside of [ 33.167335] freed 32-byte region [fff00000c993b200, fff00000c993b220) [ 33.167398] [ 33.167422] The buggy address belongs to the physical page: [ 33.167457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10993b [ 33.167512] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.167564] page_type: f5(slab) [ 33.167609] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.167664] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.167708] page dumped because: kasan: bad access detected [ 33.167743] [ 33.167765] Memory state around the buggy address: [ 33.167850] fff00000c993b100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.168189] fff00000c993b180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.168253] >fff00000c993b200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.168296] ^ [ 33.168348] fff00000c993b280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.168420] fff00000c993b300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.168523] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 33.150919] ================================================================== [ 33.151020] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 33.151097] Read of size 1 at addr fff00000c993b058 by task kunit_try_catch/290 [ 33.151152] [ 33.151206] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.151322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.151354] Hardware name: linux,dummy-virt (DT) [ 33.151388] Call trace: [ 33.151415] show_stack+0x20/0x38 (C) [ 33.151610] dump_stack_lvl+0x8c/0xd0 [ 33.151671] print_report+0x118/0x608 [ 33.152030] kasan_report+0xdc/0x128 [ 33.152114] __asan_report_load1_noabort+0x20/0x30 [ 33.152203] memcmp+0x198/0x1d8 [ 33.152332] kasan_memcmp+0x16c/0x300 [ 33.152436] kunit_try_run_case+0x170/0x3f0 [ 33.152548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.152622] kthread+0x328/0x630 [ 33.152668] ret_from_fork+0x10/0x20 [ 33.152867] [ 33.152889] Allocated by task 290: [ 33.152923] kasan_save_stack+0x3c/0x68 [ 33.152978] kasan_save_track+0x20/0x40 [ 33.153018] kasan_save_alloc_info+0x40/0x58 [ 33.153228] __kasan_kmalloc+0xd4/0xd8 [ 33.153277] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.153360] kasan_memcmp+0xbc/0x300 [ 33.153477] kunit_try_run_case+0x170/0x3f0 [ 33.153556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.153688] kthread+0x328/0x630 [ 33.153748] ret_from_fork+0x10/0x20 [ 33.153826] [ 33.153944] The buggy address belongs to the object at fff00000c993b040 [ 33.153944] which belongs to the cache kmalloc-32 of size 32 [ 33.154038] The buggy address is located 0 bytes to the right of [ 33.154038] allocated 24-byte region [fff00000c993b040, fff00000c993b058) [ 33.154141] [ 33.154165] The buggy address belongs to the physical page: [ 33.154198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10993b [ 33.154541] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.154687] page_type: f5(slab) [ 33.154777] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.154852] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.155198] page dumped because: kasan: bad access detected [ 33.155381] [ 33.155460] Memory state around the buggy address: [ 33.155518] fff00000c993af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.155599] fff00000c993af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.155687] >fff00000c993b000: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.155779] ^ [ 33.155906] fff00000c993b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.156010] fff00000c993b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.156103] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 33.135517] ================================================================== [ 33.135620] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 33.135842] Read of size 1 at addr ffff800080ac7b4a by task kunit_try_catch/286 [ 33.135953] [ 33.136024] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.136151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.136251] Hardware name: linux,dummy-virt (DT) [ 33.136314] Call trace: [ 33.136345] show_stack+0x20/0x38 (C) [ 33.136396] dump_stack_lvl+0x8c/0xd0 [ 33.136448] print_report+0x310/0x608 [ 33.136499] kasan_report+0xdc/0x128 [ 33.136549] __asan_report_load1_noabort+0x20/0x30 [ 33.136601] kasan_alloca_oob_right+0x2dc/0x340 [ 33.136652] kunit_try_run_case+0x170/0x3f0 [ 33.136849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.136963] kthread+0x328/0x630 [ 33.137040] ret_from_fork+0x10/0x20 [ 33.137150] [ 33.137210] The buggy address belongs to stack of task kunit_try_catch/286 [ 33.137267] [ 33.137300] The buggy address belongs to the virtual mapping at [ 33.137300] [ffff800080ac0000, ffff800080ac9000) created by: [ 33.137300] kernel_clone+0x150/0x7a8 [ 33.137406] [ 33.137492] The buggy address belongs to the physical page: [ 33.137550] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109abc [ 33.137615] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.137728] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.137823] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.137887] page dumped because: kasan: bad access detected [ 33.138237] [ 33.138380] Memory state around the buggy address: [ 33.138468] ffff800080ac7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.138581] ffff800080ac7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.138637] >ffff800080ac7b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 33.138707] ^ [ 33.138798] ffff800080ac7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 33.138876] ffff800080ac7c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.138963] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 33.126133] ================================================================== [ 33.126302] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 33.126488] Read of size 1 at addr ffff800080ac7b5f by task kunit_try_catch/284 [ 33.126593] [ 33.126628] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.126734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.126797] Hardware name: linux,dummy-virt (DT) [ 33.126832] Call trace: [ 33.126856] show_stack+0x20/0x38 (C) [ 33.126952] dump_stack_lvl+0x8c/0xd0 [ 33.127062] print_report+0x310/0x608 [ 33.127142] kasan_report+0xdc/0x128 [ 33.127282] __asan_report_load1_noabort+0x20/0x30 [ 33.127345] kasan_alloca_oob_left+0x2b8/0x310 [ 33.127466] kunit_try_run_case+0x170/0x3f0 [ 33.127566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.127730] kthread+0x328/0x630 [ 33.127853] ret_from_fork+0x10/0x20 [ 33.128021] [ 33.128055] The buggy address belongs to stack of task kunit_try_catch/284 [ 33.128144] [ 33.128173] The buggy address belongs to the virtual mapping at [ 33.128173] [ffff800080ac0000, ffff800080ac9000) created by: [ 33.128173] kernel_clone+0x150/0x7a8 [ 33.128527] [ 33.128597] The buggy address belongs to the physical page: [ 33.128668] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109abc [ 33.128790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.128883] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.128949] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.129117] page dumped because: kasan: bad access detected [ 33.129162] [ 33.129287] Memory state around the buggy address: [ 33.129336] ffff800080ac7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.129410] ffff800080ac7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.129494] >ffff800080ac7b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 33.129547] ^ [ 33.129589] ffff800080ac7b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 33.129897] ffff800080ac7c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.130010] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 33.117068] ================================================================== [ 33.117196] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 33.117281] Read of size 1 at addr ffff800080ac7c2a by task kunit_try_catch/282 [ 33.117336] [ 33.117370] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.117529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.117587] Hardware name: linux,dummy-virt (DT) [ 33.117624] Call trace: [ 33.117738] show_stack+0x20/0x38 (C) [ 33.117801] dump_stack_lvl+0x8c/0xd0 [ 33.117943] print_report+0x310/0x608 [ 33.118004] kasan_report+0xdc/0x128 [ 33.118073] __asan_report_load1_noabort+0x20/0x30 [ 33.118224] kasan_stack_oob+0x238/0x270 [ 33.118276] kunit_try_run_case+0x170/0x3f0 [ 33.118331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.118388] kthread+0x328/0x630 [ 33.118434] ret_from_fork+0x10/0x20 [ 33.118486] [ 33.118566] The buggy address belongs to stack of task kunit_try_catch/282 [ 33.118676] and is located at offset 138 in frame: [ 33.118725] kasan_stack_oob+0x0/0x270 [ 33.118848] [ 33.118897] This frame has 4 objects: [ 33.119018] [48, 49) '__assertion' [ 33.119060] [64, 72) 'array' [ 33.119096] [96, 112) '__assertion' [ 33.119140] [128, 138) 'stack_array' [ 33.119183] [ 33.119234] The buggy address belongs to the virtual mapping at [ 33.119234] [ffff800080ac0000, ffff800080ac9000) created by: [ 33.119234] kernel_clone+0x150/0x7a8 [ 33.119318] [ 33.119343] The buggy address belongs to the physical page: [ 33.119387] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109abc [ 33.119444] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.119510] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.119604] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.119651] page dumped because: kasan: bad access detected [ 33.119688] [ 33.119711] Memory state around the buggy address: [ 33.119745] ffff800080ac7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.119900] ffff800080ac7b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 33.120057] >ffff800080ac7c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 33.120102] ^ [ 33.120139] ffff800080ac7c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 33.120184] ffff800080ac7d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.120226] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 33.101127] ================================================================== [ 33.101429] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 33.101516] Read of size 1 at addr ffffa106252e868d by task kunit_try_catch/278 [ 33.101569] [ 33.101611] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.101719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.101773] Hardware name: linux,dummy-virt (DT) [ 33.101838] Call trace: [ 33.101879] show_stack+0x20/0x38 (C) [ 33.101964] dump_stack_lvl+0x8c/0xd0 [ 33.102026] print_report+0x310/0x608 [ 33.102152] kasan_report+0xdc/0x128 [ 33.102397] __asan_report_load1_noabort+0x20/0x30 [ 33.102519] kasan_global_oob_right+0x230/0x270 [ 33.102598] kunit_try_run_case+0x170/0x3f0 [ 33.102664] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.102763] kthread+0x328/0x630 [ 33.102809] ret_from_fork+0x10/0x20 [ 33.102896] [ 33.103013] The buggy address belongs to the variable: [ 33.103048] global_array+0xd/0x40 [ 33.103127] [ 33.103410] The buggy address belongs to the virtual mapping at [ 33.103410] [ffffa10623470000, ffffa106253a1000) created by: [ 33.103410] paging_init+0x66c/0x7d0 [ 33.103728] [ 33.104203] The buggy address belongs to the physical page: [ 33.104279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47ce8 [ 33.104369] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 33.104452] raw: 03fffe0000002000 ffffc1ffc01f3a08 ffffc1ffc01f3a08 0000000000000000 [ 33.104536] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.104718] page dumped because: kasan: bad access detected [ 33.104876] [ 33.105041] Memory state around the buggy address: [ 33.105120] ffffa106252e8580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.105256] ffffa106252e8600: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 [ 33.105327] >ffffa106252e8680: 00 02 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 33.105413] ^ [ 33.105511] ffffa106252e8700: 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 33.105589] ffffa106252e8780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.105685] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 33.080651] ================================================================== [ 33.080728] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.080790] Free of addr fff00000c8dc5401 by task kunit_try_catch/274 [ 33.080833] [ 33.080873] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.080975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.081004] Hardware name: linux,dummy-virt (DT) [ 33.081033] Call trace: [ 33.081088] show_stack+0x20/0x38 (C) [ 33.081287] dump_stack_lvl+0x8c/0xd0 [ 33.081336] print_report+0x118/0x608 [ 33.081403] kasan_report_invalid_free+0xc0/0xe8 [ 33.081456] check_slab_allocation+0xfc/0x108 [ 33.081523] __kasan_mempool_poison_object+0x78/0x150 [ 33.081578] mempool_free+0x28c/0x328 [ 33.081651] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.081715] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.081782] kunit_try_run_case+0x170/0x3f0 [ 33.081835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.082178] kthread+0x328/0x630 [ 33.082264] ret_from_fork+0x10/0x20 [ 33.082317] [ 33.082335] Allocated by task 274: [ 33.082384] kasan_save_stack+0x3c/0x68 [ 33.082453] kasan_save_track+0x20/0x40 [ 33.082512] kasan_save_alloc_info+0x40/0x58 [ 33.082567] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.082613] remove_element+0x130/0x1f8 [ 33.082648] mempool_alloc_preallocated+0x58/0xc0 [ 33.082707] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 33.082751] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.082791] kunit_try_run_case+0x170/0x3f0 [ 33.082938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.083013] kthread+0x328/0x630 [ 33.083050] ret_from_fork+0x10/0x20 [ 33.083087] [ 33.083179] The buggy address belongs to the object at fff00000c8dc5400 [ 33.083179] which belongs to the cache kmalloc-128 of size 128 [ 33.083258] The buggy address is located 1 bytes inside of [ 33.083258] 128-byte region [fff00000c8dc5400, fff00000c8dc5480) [ 33.083321] [ 33.083362] The buggy address belongs to the physical page: [ 33.083394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.083448] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.083497] page_type: f5(slab) [ 33.083535] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.083602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.083876] page dumped because: kasan: bad access detected [ 33.083996] [ 33.084084] Memory state around the buggy address: [ 33.084145] fff00000c8dc5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.084210] fff00000c8dc5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.084308] >fff00000c8dc5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.084349] ^ [ 33.084378] fff00000c8dc5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.084438] fff00000c8dc5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.084477] ================================================================== [ 33.091068] ================================================================== [ 33.091172] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.091233] Free of addr fff00000c9b04001 by task kunit_try_catch/276 [ 33.091278] [ 33.091313] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.091497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.091563] Hardware name: linux,dummy-virt (DT) [ 33.091704] Call trace: [ 33.091825] show_stack+0x20/0x38 (C) [ 33.091922] dump_stack_lvl+0x8c/0xd0 [ 33.091986] print_report+0x118/0x608 [ 33.092034] kasan_report_invalid_free+0xc0/0xe8 [ 33.092105] __kasan_mempool_poison_object+0xfc/0x150 [ 33.092158] mempool_free+0x28c/0x328 [ 33.092204] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.092257] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 33.092310] kunit_try_run_case+0x170/0x3f0 [ 33.092359] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.092414] kthread+0x328/0x630 [ 33.092456] ret_from_fork+0x10/0x20 [ 33.092766] [ 33.092811] The buggy address belongs to the physical page: [ 33.092912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04 [ 33.093026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.093153] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.093219] page_type: f8(unknown) [ 33.093261] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.093311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.093510] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.093575] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.093662] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff [ 33.093723] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.093784] page dumped because: kasan: bad access detected [ 33.093816] [ 33.093834] Memory state around the buggy address: [ 33.093876] fff00000c9b03f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.093918] fff00000c9b03f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.093973] >fff00000c9b04000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.094012] ^ [ 33.094052] fff00000c9b04080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.094105] fff00000c9b04100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.094155] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 33.058628] ================================================================== [ 33.058706] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.058771] Free of addr fff00000c8dc5000 by task kunit_try_catch/268 [ 33.058815] [ 33.058853] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.058964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.058995] Hardware name: linux,dummy-virt (DT) [ 33.059027] Call trace: [ 33.059053] show_stack+0x20/0x38 (C) [ 33.059105] dump_stack_lvl+0x8c/0xd0 [ 33.059157] print_report+0x118/0x608 [ 33.059207] kasan_report_invalid_free+0xc0/0xe8 [ 33.059259] check_slab_allocation+0xd4/0x108 [ 33.059310] __kasan_mempool_poison_object+0x78/0x150 [ 33.059362] mempool_free+0x28c/0x328 [ 33.059410] mempool_double_free_helper+0x150/0x2e8 [ 33.059462] mempool_kmalloc_double_free+0xc0/0x118 [ 33.059513] kunit_try_run_case+0x170/0x3f0 [ 33.059606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.059680] kthread+0x328/0x630 [ 33.059726] ret_from_fork+0x10/0x20 [ 33.059776] [ 33.059796] Allocated by task 268: [ 33.059828] kasan_save_stack+0x3c/0x68 [ 33.059871] kasan_save_track+0x20/0x40 [ 33.059909] kasan_save_alloc_info+0x40/0x58 [ 33.059957] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.060002] remove_element+0x130/0x1f8 [ 33.060039] mempool_alloc_preallocated+0x58/0xc0 [ 33.060094] mempool_double_free_helper+0x94/0x2e8 [ 33.060135] mempool_kmalloc_double_free+0xc0/0x118 [ 33.060177] kunit_try_run_case+0x170/0x3f0 [ 33.060215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.060260] kthread+0x328/0x630 [ 33.060292] ret_from_fork+0x10/0x20 [ 33.060329] [ 33.060348] Freed by task 268: [ 33.060374] kasan_save_stack+0x3c/0x68 [ 33.060413] kasan_save_track+0x20/0x40 [ 33.060451] kasan_save_free_info+0x4c/0x78 [ 33.060487] __kasan_mempool_poison_object+0xc0/0x150 [ 33.060530] mempool_free+0x28c/0x328 [ 33.060566] mempool_double_free_helper+0x100/0x2e8 [ 33.060605] mempool_kmalloc_double_free+0xc0/0x118 [ 33.060646] kunit_try_run_case+0x170/0x3f0 [ 33.060684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.060728] kthread+0x328/0x630 [ 33.060760] ret_from_fork+0x10/0x20 [ 33.060797] [ 33.060816] The buggy address belongs to the object at fff00000c8dc5000 [ 33.060816] which belongs to the cache kmalloc-128 of size 128 [ 33.060877] The buggy address is located 0 bytes inside of [ 33.060877] 128-byte region [fff00000c8dc5000, fff00000c8dc5080) [ 33.060947] [ 33.060969] The buggy address belongs to the physical page: [ 33.061003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 33.061060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.061111] page_type: f5(slab) [ 33.061152] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.061204] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.061245] page dumped because: kasan: bad access detected [ 33.061278] [ 33.061296] Memory state around the buggy address: [ 33.061329] fff00000c8dc4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.061373] fff00000c8dc4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.061415] >fff00000c8dc5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.061455] ^ [ 33.061483] fff00000c8dc5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.061525] fff00000c8dc5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.061565] ================================================================== [ 33.066623] ================================================================== [ 33.066700] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.066783] Free of addr fff00000c8dbc000 by task kunit_try_catch/270 [ 33.066828] [ 33.066878] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.066981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.067010] Hardware name: linux,dummy-virt (DT) [ 33.067062] Call trace: [ 33.067085] show_stack+0x20/0x38 (C) [ 33.067135] dump_stack_lvl+0x8c/0xd0 [ 33.067184] print_report+0x118/0x608 [ 33.067338] kasan_report_invalid_free+0xc0/0xe8 [ 33.067421] __kasan_mempool_poison_object+0x14c/0x150 [ 33.067477] mempool_free+0x28c/0x328 [ 33.067564] mempool_double_free_helper+0x150/0x2e8 [ 33.067680] mempool_kmalloc_large_double_free+0xc0/0x118 [ 33.067762] kunit_try_run_case+0x170/0x3f0 [ 33.067813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.067887] kthread+0x328/0x630 [ 33.067942] ret_from_fork+0x10/0x20 [ 33.067992] [ 33.068012] The buggy address belongs to the physical page: [ 33.068044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbc [ 33.068099] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.068291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.068379] page_type: f8(unknown) [ 33.068453] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.068530] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.068641] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.068709] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.068772] head: 0bfffe0000000002 ffffc1ffc3236f01 00000000ffffffff 00000000ffffffff [ 33.068915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.069083] page dumped because: kasan: bad access detected [ 33.069192] [ 33.069261] Memory state around the buggy address: [ 33.069320] fff00000c8dbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069364] fff00000c8dbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069503] >fff00000c8dbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069631] ^ [ 33.069663] fff00000c8dbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069774] fff00000c8dbc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.069870] ================================================================== [ 33.074041] ================================================================== [ 33.074106] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.074187] Free of addr fff00000c8dbc000 by task kunit_try_catch/272 [ 33.074232] [ 33.074265] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.074357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.074384] Hardware name: linux,dummy-virt (DT) [ 33.074415] Call trace: [ 33.074437] show_stack+0x20/0x38 (C) [ 33.074609] dump_stack_lvl+0x8c/0xd0 [ 33.074671] print_report+0x118/0x608 [ 33.074750] kasan_report_invalid_free+0xc0/0xe8 [ 33.074829] __kasan_mempool_poison_pages+0xe0/0xe8 [ 33.074883] mempool_free+0x24c/0x328 [ 33.074943] mempool_double_free_helper+0x150/0x2e8 [ 33.074994] mempool_page_alloc_double_free+0xbc/0x118 [ 33.075202] kunit_try_run_case+0x170/0x3f0 [ 33.075270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.075348] kthread+0x328/0x630 [ 33.075403] ret_from_fork+0x10/0x20 [ 33.075460] [ 33.075481] The buggy address belongs to the physical page: [ 33.075513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbc [ 33.075642] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.075706] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.075757] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.075798] page dumped because: kasan: bad access detected [ 33.075828] [ 33.075847] Memory state around the buggy address: [ 33.075892] fff00000c8dbbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.075981] fff00000c8dbbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076026] >fff00000c8dbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076065] ^ [ 33.076094] fff00000c8dbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076136] fff00000c8dbc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.076257] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 31.157392] ================================================================== [ 31.157456] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 31.157509] Read of size 1 at addr fff00000c406d0c8 by task kunit_try_catch/240 [ 31.157569] [ 31.157602] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.157785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.157836] Hardware name: linux,dummy-virt (DT) [ 31.157886] Call trace: [ 31.157911] show_stack+0x20/0x38 (C) [ 31.158248] dump_stack_lvl+0x8c/0xd0 [ 31.158301] print_report+0x118/0x608 [ 31.158362] kasan_report+0xdc/0x128 [ 31.158419] __asan_report_load1_noabort+0x20/0x30 [ 31.158511] kmem_cache_oob+0x344/0x430 [ 31.158579] kunit_try_run_case+0x170/0x3f0 [ 31.158728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.158830] kthread+0x328/0x630 [ 31.158886] ret_from_fork+0x10/0x20 [ 31.159212] [ 31.159238] Allocated by task 240: [ 31.159281] kasan_save_stack+0x3c/0x68 [ 31.159326] kasan_save_track+0x20/0x40 [ 31.159377] kasan_save_alloc_info+0x40/0x58 [ 31.159471] __kasan_slab_alloc+0xa8/0xb0 [ 31.159516] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.159583] kmem_cache_oob+0x12c/0x430 [ 31.159715] kunit_try_run_case+0x170/0x3f0 [ 31.159839] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.159884] kthread+0x328/0x630 [ 31.160099] ret_from_fork+0x10/0x20 [ 31.160169] [ 31.160365] The buggy address belongs to the object at fff00000c406d000 [ 31.160365] which belongs to the cache test_cache of size 200 [ 31.160459] The buggy address is located 0 bytes to the right of [ 31.160459] allocated 200-byte region [fff00000c406d000, fff00000c406d0c8) [ 31.160568] [ 31.160940] The buggy address belongs to the physical page: [ 31.161035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10406d [ 31.161127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.161225] page_type: f5(slab) [ 31.161360] raw: 0bfffe0000000000 fff00000c3fa23c0 dead000000000122 0000000000000000 [ 31.161459] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.161777] page dumped because: kasan: bad access detected [ 31.161832] [ 31.161880] Memory state around the buggy address: [ 31.162008] fff00000c406cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.162090] fff00000c406d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.162223] >fff00000c406d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.162303] ^ [ 31.162391] fff00000c406d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.162501] fff00000c406d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.162543] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 32.947209] ================================================================== [ 32.947673] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 32.947739] Read of size 1 at addr fff00000c9aec000 by task kunit_try_catch/262 [ 32.947792] [ 32.947823] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.947913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.947951] Hardware name: linux,dummy-virt (DT) [ 32.947984] Call trace: [ 32.948009] show_stack+0x20/0x38 (C) [ 32.948058] dump_stack_lvl+0x8c/0xd0 [ 32.948107] print_report+0x118/0x608 [ 32.948154] kasan_report+0xdc/0x128 [ 32.948200] __asan_report_load1_noabort+0x20/0x30 [ 32.948251] mempool_uaf_helper+0x314/0x340 [ 32.948974] mempool_kmalloc_large_uaf+0xc4/0x120 [ 32.949068] kunit_try_run_case+0x170/0x3f0 [ 32.949155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.949215] kthread+0x328/0x630 [ 32.949376] ret_from_fork+0x10/0x20 [ 32.949701] [ 32.949725] The buggy address belongs to the physical page: [ 32.950151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aec [ 32.950297] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.950522] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.950859] page_type: f8(unknown) [ 32.950905] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.951221] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.951312] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.951538] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.951593] head: 0bfffe0000000002 ffffc1ffc326bb01 00000000ffffffff 00000000ffffffff [ 32.951761] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.951806] page dumped because: kasan: bad access detected [ 32.951838] [ 32.951897] Memory state around the buggy address: [ 32.951943] fff00000c9aebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.952096] fff00000c9aebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.952143] >fff00000c9aec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.952265] ^ [ 32.952296] fff00000c9aec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.952706] fff00000c9aec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.952756] ================================================================== [ 33.034793] ================================================================== [ 33.035740] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 33.035894] Read of size 1 at addr fff00000c9aec000 by task kunit_try_catch/266 [ 33.036350] [ 33.037490] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 33.038365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.038538] Hardware name: linux,dummy-virt (DT) [ 33.038769] Call trace: [ 33.038836] show_stack+0x20/0x38 (C) [ 33.039170] dump_stack_lvl+0x8c/0xd0 [ 33.039550] print_report+0x118/0x608 [ 33.039873] kasan_report+0xdc/0x128 [ 33.040040] __asan_report_load1_noabort+0x20/0x30 [ 33.040135] mempool_uaf_helper+0x314/0x340 [ 33.040520] mempool_page_alloc_uaf+0xc0/0x118 [ 33.040663] kunit_try_run_case+0x170/0x3f0 [ 33.040839] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.041099] kthread+0x328/0x630 [ 33.041152] ret_from_fork+0x10/0x20 [ 33.041202] [ 33.041845] The buggy address belongs to the physical page: [ 33.041947] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aec [ 33.042300] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.042708] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.042829] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.043147] page dumped because: kasan: bad access detected [ 33.043247] [ 33.043440] Memory state around the buggy address: [ 33.043639] fff00000c9aebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.043721] fff00000c9aebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.043766] >fff00000c9aec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.044115] ^ [ 33.044196] fff00000c9aec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.044246] fff00000c9aec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.044355] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 32.970757] ================================================================== [ 32.970819] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 32.970874] Read of size 1 at addr fff00000c9acc240 by task kunit_try_catch/264 [ 32.972787] [ 32.972902] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.973196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.973231] Hardware name: linux,dummy-virt (DT) [ 32.973274] Call trace: [ 32.973299] show_stack+0x20/0x38 (C) [ 32.973352] dump_stack_lvl+0x8c/0xd0 [ 32.973401] print_report+0x118/0x608 [ 32.973836] kasan_report+0xdc/0x128 [ 32.974095] __asan_report_load1_noabort+0x20/0x30 [ 32.974348] mempool_uaf_helper+0x314/0x340 [ 32.974663] mempool_slab_uaf+0xc0/0x118 [ 32.975030] kunit_try_run_case+0x170/0x3f0 [ 32.975735] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.976285] kthread+0x328/0x630 [ 32.976448] ret_from_fork+0x10/0x20 [ 32.976582] [ 32.976940] Allocated by task 264: [ 32.976980] kasan_save_stack+0x3c/0x68 [ 32.977262] kasan_save_track+0x20/0x40 [ 32.977305] kasan_save_alloc_info+0x40/0x58 [ 32.977343] __kasan_mempool_unpoison_object+0xbc/0x180 [ 32.977771] remove_element+0x16c/0x1f8 [ 32.977901] mempool_alloc_preallocated+0x58/0xc0 [ 32.978053] mempool_uaf_helper+0xa4/0x340 [ 32.978406] mempool_slab_uaf+0xc0/0x118 [ 32.978463] kunit_try_run_case+0x170/0x3f0 [ 32.978612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.978693] kthread+0x328/0x630 [ 32.978738] ret_from_fork+0x10/0x20 [ 32.979032] [ 32.979296] Freed by task 264: [ 32.979687] kasan_save_stack+0x3c/0x68 [ 32.979750] kasan_save_track+0x20/0x40 [ 32.979792] kasan_save_free_info+0x4c/0x78 [ 32.979827] __kasan_mempool_poison_object+0xc0/0x150 [ 32.979869] mempool_free+0x28c/0x328 [ 32.979907] mempool_uaf_helper+0x104/0x340 [ 32.980871] mempool_slab_uaf+0xc0/0x118 [ 32.981133] kunit_try_run_case+0x170/0x3f0 [ 32.981205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.981529] kthread+0x328/0x630 [ 32.981579] ret_from_fork+0x10/0x20 [ 32.981618] [ 32.981639] The buggy address belongs to the object at fff00000c9acc240 [ 32.981639] which belongs to the cache test_cache of size 123 [ 32.981698] The buggy address is located 0 bytes inside of [ 32.981698] freed 123-byte region [fff00000c9acc240, fff00000c9acc2bb) [ 32.981759] [ 32.981782] The buggy address belongs to the physical page: [ 32.981816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109acc [ 32.982738] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.982797] page_type: f5(slab) [ 32.983117] raw: 0bfffe0000000000 fff00000c3fa2a00 dead000000000122 0000000000000000 [ 32.983492] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 32.983666] page dumped because: kasan: bad access detected [ 32.983702] [ 32.983732] Memory state around the buggy address: [ 32.983934] fff00000c9acc100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.983982] fff00000c9acc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.984488] >fff00000c9acc200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 32.984606] ^ [ 32.984971] fff00000c9acc280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.985019] fff00000c9acc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.985058] ================================================================== [ 32.924790] ================================================================== [ 32.925092] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 32.925323] Read of size 1 at addr fff00000c91f0900 by task kunit_try_catch/260 [ 32.925527] [ 32.925567] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.925663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.925691] Hardware name: linux,dummy-virt (DT) [ 32.925724] Call trace: [ 32.926295] show_stack+0x20/0x38 (C) [ 32.926622] dump_stack_lvl+0x8c/0xd0 [ 32.927037] print_report+0x118/0x608 [ 32.927216] kasan_report+0xdc/0x128 [ 32.927274] __asan_report_load1_noabort+0x20/0x30 [ 32.927485] mempool_uaf_helper+0x314/0x340 [ 32.927539] mempool_kmalloc_uaf+0xc4/0x120 [ 32.927645] kunit_try_run_case+0x170/0x3f0 [ 32.927699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.927901] kthread+0x328/0x630 [ 32.928348] ret_from_fork+0x10/0x20 [ 32.928409] [ 32.928739] Allocated by task 260: [ 32.928776] kasan_save_stack+0x3c/0x68 [ 32.928820] kasan_save_track+0x20/0x40 [ 32.928857] kasan_save_alloc_info+0x40/0x58 [ 32.929319] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.929382] remove_element+0x130/0x1f8 [ 32.929648] mempool_alloc_preallocated+0x58/0xc0 [ 32.930024] mempool_uaf_helper+0xa4/0x340 [ 32.930069] mempool_kmalloc_uaf+0xc4/0x120 [ 32.930108] kunit_try_run_case+0x170/0x3f0 [ 32.930146] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.930198] kthread+0x328/0x630 [ 32.930234] ret_from_fork+0x10/0x20 [ 32.930270] [ 32.930290] Freed by task 260: [ 32.930844] kasan_save_stack+0x3c/0x68 [ 32.930906] kasan_save_track+0x20/0x40 [ 32.930990] kasan_save_free_info+0x4c/0x78 [ 32.931098] __kasan_mempool_poison_object+0xc0/0x150 [ 32.931142] mempool_free+0x28c/0x328 [ 32.931535] mempool_uaf_helper+0x104/0x340 [ 32.931719] mempool_kmalloc_uaf+0xc4/0x120 [ 32.931785] kunit_try_run_case+0x170/0x3f0 [ 32.931826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.932092] kthread+0x328/0x630 [ 32.932409] ret_from_fork+0x10/0x20 [ 32.932561] [ 32.932583] The buggy address belongs to the object at fff00000c91f0900 [ 32.932583] which belongs to the cache kmalloc-128 of size 128 [ 32.932842] The buggy address is located 0 bytes inside of [ 32.932842] freed 128-byte region [fff00000c91f0900, fff00000c91f0980) [ 32.933143] [ 32.933293] The buggy address belongs to the physical page: [ 32.933519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 32.933607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.933951] page_type: f5(slab) [ 32.934113] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.934409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.934460] page dumped because: kasan: bad access detected [ 32.934721] [ 32.934758] Memory state around the buggy address: [ 32.935074] fff00000c91f0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.935340] fff00000c91f0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.935385] >fff00000c91f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.935584] ^ [ 32.935620] fff00000c91f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.935959] fff00000c91f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.936001] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 32.879456] ================================================================== [ 32.879537] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.880092] Read of size 1 at addr fff00000c9aca2bb by task kunit_try_catch/258 [ 32.880151] [ 32.880365] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.880725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.880967] Hardware name: linux,dummy-virt (DT) [ 32.881002] Call trace: [ 32.881237] show_stack+0x20/0x38 (C) [ 32.881458] dump_stack_lvl+0x8c/0xd0 [ 32.881510] print_report+0x118/0x608 [ 32.881828] kasan_report+0xdc/0x128 [ 32.882365] __asan_report_load1_noabort+0x20/0x30 [ 32.882428] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.882484] mempool_slab_oob_right+0xc0/0x118 [ 32.882540] kunit_try_run_case+0x170/0x3f0 [ 32.882589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.882645] kthread+0x328/0x630 [ 32.882688] ret_from_fork+0x10/0x20 [ 32.883401] [ 32.883425] Allocated by task 258: [ 32.883479] kasan_save_stack+0x3c/0x68 [ 32.883599] kasan_save_track+0x20/0x40 [ 32.883696] kasan_save_alloc_info+0x40/0x58 [ 32.883739] __kasan_mempool_unpoison_object+0xbc/0x180 [ 32.883782] remove_element+0x16c/0x1f8 [ 32.883981] mempool_alloc_preallocated+0x58/0xc0 [ 32.884391] mempool_oob_right_helper+0x98/0x2f0 [ 32.884502] mempool_slab_oob_right+0xc0/0x118 [ 32.884588] kunit_try_run_case+0x170/0x3f0 [ 32.884959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.885101] kthread+0x328/0x630 [ 32.885263] ret_from_fork+0x10/0x20 [ 32.885300] [ 32.885323] The buggy address belongs to the object at fff00000c9aca240 [ 32.885323] which belongs to the cache test_cache of size 123 [ 32.885380] The buggy address is located 0 bytes to the right of [ 32.885380] allocated 123-byte region [fff00000c9aca240, fff00000c9aca2bb) [ 32.885446] [ 32.885467] The buggy address belongs to the physical page: [ 32.886176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aca [ 32.886254] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.886764] page_type: f5(slab) [ 32.887005] raw: 0bfffe0000000000 fff00000c3fa28c0 dead000000000122 0000000000000000 [ 32.887061] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 32.887102] page dumped because: kasan: bad access detected [ 32.887134] [ 32.887316] Memory state around the buggy address: [ 32.887398] fff00000c9aca180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.887619] fff00000c9aca200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 32.888037] >fff00000c9aca280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 32.888082] ^ [ 32.888315] fff00000c9aca300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.888399] fff00000c9aca380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.888440] ================================================================== [ 32.859669] ================================================================== [ 32.859727] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.859781] Read of size 1 at addr fff00000c9aea001 by task kunit_try_catch/256 [ 32.859831] [ 32.859861] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.860238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.860289] Hardware name: linux,dummy-virt (DT) [ 32.860504] Call trace: [ 32.860530] show_stack+0x20/0x38 (C) [ 32.860606] dump_stack_lvl+0x8c/0xd0 [ 32.860653] print_report+0x118/0x608 [ 32.860701] kasan_report+0xdc/0x128 [ 32.860745] __asan_report_load1_noabort+0x20/0x30 [ 32.860795] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.860843] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 32.860894] kunit_try_run_case+0x170/0x3f0 [ 32.860955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.861007] kthread+0x328/0x630 [ 32.861246] ret_from_fork+0x10/0x20 [ 32.861416] [ 32.861479] The buggy address belongs to the physical page: [ 32.861527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8 [ 32.861581] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.861640] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.861694] page_type: f8(unknown) [ 32.861753] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.862130] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.862195] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.862243] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.862320] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff [ 32.862369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.862409] page dumped because: kasan: bad access detected [ 32.862479] [ 32.862562] Memory state around the buggy address: [ 32.862635] fff00000c9ae9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862737] fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.862782] >fff00000c9aea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.862841] ^ [ 32.862945] fff00000c9aea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.862988] fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.863052] ================================================================== [ 32.850156] ================================================================== [ 32.850228] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.850302] Read of size 1 at addr fff00000c91f0573 by task kunit_try_catch/254 [ 32.850354] [ 32.850398] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.850492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.850522] Hardware name: linux,dummy-virt (DT) [ 32.850556] Call trace: [ 32.850581] show_stack+0x20/0x38 (C) [ 32.850635] dump_stack_lvl+0x8c/0xd0 [ 32.850687] print_report+0x118/0x608 [ 32.850736] kasan_report+0xdc/0x128 [ 32.850782] __asan_report_load1_noabort+0x20/0x30 [ 32.850832] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.850882] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.850947] kunit_try_run_case+0x170/0x3f0 [ 32.850997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.851051] kthread+0x328/0x630 [ 32.851095] ret_from_fork+0x10/0x20 [ 32.851145] [ 32.851164] Allocated by task 254: [ 32.851195] kasan_save_stack+0x3c/0x68 [ 32.851236] kasan_save_track+0x20/0x40 [ 32.851276] kasan_save_alloc_info+0x40/0x58 [ 32.851312] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.851356] remove_element+0x130/0x1f8 [ 32.851394] mempool_alloc_preallocated+0x58/0xc0 [ 32.851435] mempool_oob_right_helper+0x98/0x2f0 [ 32.851474] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.851515] kunit_try_run_case+0x170/0x3f0 [ 32.851590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.851637] kthread+0x328/0x630 [ 32.851669] ret_from_fork+0x10/0x20 [ 32.851708] [ 32.851728] The buggy address belongs to the object at fff00000c91f0500 [ 32.851728] which belongs to the cache kmalloc-128 of size 128 [ 32.851787] The buggy address is located 0 bytes to the right of [ 32.851787] allocated 115-byte region [fff00000c91f0500, fff00000c91f0573) [ 32.851852] [ 32.851877] The buggy address belongs to the physical page: [ 32.851911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 32.851979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.852032] page_type: f5(slab) [ 32.852074] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.852125] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.852167] page dumped because: kasan: bad access detected [ 32.852217] [ 32.852251] Memory state around the buggy address: [ 32.852285] fff00000c91f0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.852329] fff00000c91f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.852374] >fff00000c91f0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.852414] ^ [ 32.852455] fff00000c91f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.852498] fff00000c91f0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.852538] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 32.290411] ================================================================== [ 32.290500] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 32.290578] Read of size 1 at addr fff00000c113a780 by task kunit_try_catch/248 [ 32.290630] [ 32.290675] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.290768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.290797] Hardware name: linux,dummy-virt (DT) [ 32.290831] Call trace: [ 32.290857] show_stack+0x20/0x38 (C) [ 32.290912] dump_stack_lvl+0x8c/0xd0 [ 32.290979] print_report+0x118/0x608 [ 32.291030] kasan_report+0xdc/0x128 [ 32.291075] __kasan_check_byte+0x54/0x70 [ 32.291124] kmem_cache_destroy+0x34/0x218 [ 32.291173] kmem_cache_double_destroy+0x174/0x300 [ 32.291223] kunit_try_run_case+0x170/0x3f0 [ 32.291274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.291328] kthread+0x328/0x630 [ 32.291374] ret_from_fork+0x10/0x20 [ 32.291423] [ 32.291442] Allocated by task 248: [ 32.291476] kasan_save_stack+0x3c/0x68 [ 32.291519] kasan_save_track+0x20/0x40 [ 32.291560] kasan_save_alloc_info+0x40/0x58 [ 32.291607] __kasan_slab_alloc+0xa8/0xb0 [ 32.291645] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.291689] __kmem_cache_create_args+0x178/0x280 [ 32.291728] kmem_cache_double_destroy+0xc0/0x300 [ 32.291769] kunit_try_run_case+0x170/0x3f0 [ 32.291809] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.291853] kthread+0x328/0x630 [ 32.291887] ret_from_fork+0x10/0x20 [ 32.291923] [ 32.291956] Freed by task 248: [ 32.291984] kasan_save_stack+0x3c/0x68 [ 32.292021] kasan_save_track+0x20/0x40 [ 32.292060] kasan_save_free_info+0x4c/0x78 [ 32.292096] __kasan_slab_free+0x6c/0x98 [ 32.292135] kmem_cache_free+0x260/0x468 [ 32.292173] slab_kmem_cache_release+0x38/0x50 [ 32.292214] kmem_cache_release+0x1c/0x30 [ 32.292251] kobject_put+0x17c/0x420 [ 32.292290] sysfs_slab_release+0x1c/0x30 [ 32.292328] kmem_cache_destroy+0x118/0x218 [ 32.292366] kmem_cache_double_destroy+0x128/0x300 [ 32.292407] kunit_try_run_case+0x170/0x3f0 [ 32.292448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.292494] kthread+0x328/0x630 [ 32.292528] ret_from_fork+0x10/0x20 [ 32.292565] [ 32.292585] The buggy address belongs to the object at fff00000c113a780 [ 32.292585] which belongs to the cache kmem_cache of size 208 [ 32.292644] The buggy address is located 0 bytes inside of [ 32.292644] freed 208-byte region [fff00000c113a780, fff00000c113a850) [ 32.292705] [ 32.292730] The buggy address belongs to the physical page: [ 32.292765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10113a [ 32.292825] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.292880] page_type: f5(slab) [ 32.292923] raw: 0bfffe0000000000 fff00000c0001000 dead000000000100 dead000000000122 [ 32.292984] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 32.293027] page dumped because: kasan: bad access detected [ 32.293061] [ 32.293079] Memory state around the buggy address: [ 32.293114] fff00000c113a680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.293158] fff00000c113a700: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.293204] >fff00000c113a780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.293243] ^ [ 32.293271] fff00000c113a800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 32.293312] fff00000c113a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.293352] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 32.184418] ================================================================== [ 32.184517] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 32.184598] Read of size 1 at addr fff00000c406b000 by task kunit_try_catch/246 [ 32.184650] [ 32.184695] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.184789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.184818] Hardware name: linux,dummy-virt (DT) [ 32.184986] Call trace: [ 32.185018] show_stack+0x20/0x38 (C) [ 32.185185] dump_stack_lvl+0x8c/0xd0 [ 32.185285] print_report+0x118/0x608 [ 32.185444] kasan_report+0xdc/0x128 [ 32.185492] __asan_report_load1_noabort+0x20/0x30 [ 32.185654] kmem_cache_rcu_uaf+0x388/0x468 [ 32.185718] kunit_try_run_case+0x170/0x3f0 [ 32.185816] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.185892] kthread+0x328/0x630 [ 32.186151] ret_from_fork+0x10/0x20 [ 32.186214] [ 32.186369] Allocated by task 246: [ 32.186834] kasan_save_stack+0x3c/0x68 [ 32.186902] kasan_save_track+0x20/0x40 [ 32.187132] kasan_save_alloc_info+0x40/0x58 [ 32.187209] __kasan_slab_alloc+0xa8/0xb0 [ 32.187294] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.187357] kmem_cache_rcu_uaf+0x12c/0x468 [ 32.187414] kunit_try_run_case+0x170/0x3f0 [ 32.187454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.187499] kthread+0x328/0x630 [ 32.187661] ret_from_fork+0x10/0x20 [ 32.187736] [ 32.187999] Freed by task 0: [ 32.188068] kasan_save_stack+0x3c/0x68 [ 32.188154] kasan_save_track+0x20/0x40 [ 32.188272] kasan_save_free_info+0x4c/0x78 [ 32.188342] __kasan_slab_free+0x6c/0x98 [ 32.188427] slab_free_after_rcu_debug+0xd4/0x2f8 [ 32.188513] rcu_core+0x9f4/0x1e20 [ 32.188562] rcu_core_si+0x18/0x30 [ 32.188597] handle_softirqs+0x374/0xb28 [ 32.188634] __do_softirq+0x1c/0x28 [ 32.188669] [ 32.188689] Last potentially related work creation: [ 32.188739] kasan_save_stack+0x3c/0x68 [ 32.188780] kasan_record_aux_stack+0xb4/0xc8 [ 32.188816] kmem_cache_free+0x120/0x468 [ 32.189020] kmem_cache_rcu_uaf+0x16c/0x468 [ 32.189132] kunit_try_run_case+0x170/0x3f0 [ 32.189233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.189291] kthread+0x328/0x630 [ 32.189322] ret_from_fork+0x10/0x20 [ 32.189517] [ 32.189654] The buggy address belongs to the object at fff00000c406b000 [ 32.189654] which belongs to the cache test_cache of size 200 [ 32.189783] The buggy address is located 0 bytes inside of [ 32.189783] freed 200-byte region [fff00000c406b000, fff00000c406b0c8) [ 32.189894] [ 32.190013] The buggy address belongs to the physical page: [ 32.190068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10406b [ 32.190147] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.190254] page_type: f5(slab) [ 32.190325] raw: 0bfffe0000000000 fff00000c3fa2780 dead000000000122 0000000000000000 [ 32.190378] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 32.190423] page dumped because: kasan: bad access detected [ 32.190465] [ 32.190484] Memory state around the buggy address: [ 32.190523] fff00000c406af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.190568] fff00000c406af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.190614] >fff00000c406b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.190664] ^ [ 32.190693] fff00000c406b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 32.190752] fff00000c406b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.190791] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 31.464658] ================================================================== [ 31.464775] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 31.464842] Free of addr fff00000c406c001 by task kunit_try_catch/244 [ 31.464886] [ 31.464937] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.465196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.465633] Hardware name: linux,dummy-virt (DT) [ 31.465675] Call trace: [ 31.465954] show_stack+0x20/0x38 (C) [ 31.466345] dump_stack_lvl+0x8c/0xd0 [ 31.466418] print_report+0x118/0x608 [ 31.466845] kasan_report_invalid_free+0xc0/0xe8 [ 31.466913] check_slab_allocation+0xfc/0x108 [ 31.467329] __kasan_slab_pre_free+0x2c/0x48 [ 31.467906] kmem_cache_free+0xf0/0x468 [ 31.467977] kmem_cache_invalid_free+0x184/0x3c8 [ 31.468027] kunit_try_run_case+0x170/0x3f0 [ 31.468255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.468319] kthread+0x328/0x630 [ 31.468750] ret_from_fork+0x10/0x20 [ 31.468800] [ 31.468820] Allocated by task 244: [ 31.469244] kasan_save_stack+0x3c/0x68 [ 31.469302] kasan_save_track+0x20/0x40 [ 31.469352] kasan_save_alloc_info+0x40/0x58 [ 31.469587] __kasan_slab_alloc+0xa8/0xb0 [ 31.469663] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.469704] kmem_cache_invalid_free+0x12c/0x3c8 [ 31.469742] kunit_try_run_case+0x170/0x3f0 [ 31.470065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.470120] kthread+0x328/0x630 [ 31.470390] ret_from_fork+0x10/0x20 [ 31.470566] [ 31.470588] The buggy address belongs to the object at fff00000c406c000 [ 31.470588] which belongs to the cache test_cache of size 200 [ 31.471045] The buggy address is located 1 bytes inside of [ 31.471045] 200-byte region [fff00000c406c000, fff00000c406c0c8) [ 31.471658] [ 31.471745] The buggy address belongs to the physical page: [ 31.471779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10406c [ 31.472188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.472361] page_type: f5(slab) [ 31.472405] raw: 0bfffe0000000000 fff00000c3fa2640 dead000000000122 0000000000000000 [ 31.472625] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.472943] page dumped because: kasan: bad access detected [ 31.473203] [ 31.473240] Memory state around the buggy address: [ 31.473274] fff00000c406bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.473607] fff00000c406bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.473653] >fff00000c406c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.474002] ^ [ 31.474262] fff00000c406c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.474420] fff00000c406c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.474771] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 31.410691] ================================================================== [ 31.411162] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 31.411955] Free of addr fff00000c406c000 by task kunit_try_catch/242 [ 31.412102] [ 31.412148] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.412681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.412715] Hardware name: linux,dummy-virt (DT) [ 31.412751] Call trace: [ 31.413035] show_stack+0x20/0x38 (C) [ 31.413119] dump_stack_lvl+0x8c/0xd0 [ 31.413295] print_report+0x118/0x608 [ 31.413672] kasan_report_invalid_free+0xc0/0xe8 [ 31.414146] check_slab_allocation+0xd4/0x108 [ 31.414215] __kasan_slab_pre_free+0x2c/0x48 [ 31.414267] kmem_cache_free+0xf0/0x468 [ 31.414318] kmem_cache_double_free+0x190/0x3c8 [ 31.414369] kunit_try_run_case+0x170/0x3f0 [ 31.414422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.414475] kthread+0x328/0x630 [ 31.414521] ret_from_fork+0x10/0x20 [ 31.415204] [ 31.415230] Allocated by task 242: [ 31.415531] kasan_save_stack+0x3c/0x68 [ 31.415864] kasan_save_track+0x20/0x40 [ 31.415907] kasan_save_alloc_info+0x40/0x58 [ 31.415953] __kasan_slab_alloc+0xa8/0xb0 [ 31.416648] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.416896] kmem_cache_double_free+0x12c/0x3c8 [ 31.416950] kunit_try_run_case+0x170/0x3f0 [ 31.417291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.417377] kthread+0x328/0x630 [ 31.417412] ret_from_fork+0x10/0x20 [ 31.417761] [ 31.418119] Freed by task 242: [ 31.418325] kasan_save_stack+0x3c/0x68 [ 31.418403] kasan_save_track+0x20/0x40 [ 31.418440] kasan_save_free_info+0x4c/0x78 [ 31.418480] __kasan_slab_free+0x6c/0x98 [ 31.418517] kmem_cache_free+0x260/0x468 [ 31.418553] kmem_cache_double_free+0x140/0x3c8 [ 31.418696] kunit_try_run_case+0x170/0x3f0 [ 31.418875] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.419179] kthread+0x328/0x630 [ 31.419219] ret_from_fork+0x10/0x20 [ 31.419257] [ 31.419277] The buggy address belongs to the object at fff00000c406c000 [ 31.419277] which belongs to the cache test_cache of size 200 [ 31.419835] The buggy address is located 0 bytes inside of [ 31.419835] 200-byte region [fff00000c406c000, fff00000c406c0c8) [ 31.419978] [ 31.420158] The buggy address belongs to the physical page: [ 31.420221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10406c [ 31.420285] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.420634] page_type: f5(slab) [ 31.420699] raw: 0bfffe0000000000 fff00000c3fa2500 dead000000000122 0000000000000000 [ 31.420974] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.421066] page dumped because: kasan: bad access detected [ 31.421099] [ 31.421118] Memory state around the buggy address: [ 31.421235] fff00000c406bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.421291] fff00000c406bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.421688] >fff00000c406c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.422070] ^ [ 31.422220] fff00000c406c080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.422267] fff00000c406c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.422652] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 30.974713] ================================================================== [ 30.974783] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 30.974832] Free of addr fff00000c919c7c0 by task kunit_try_catch/225 [ 30.974875] [ 30.974903] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.975004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.975032] Hardware name: linux,dummy-virt (DT) [ 30.975400] Call trace: [ 30.975493] show_stack+0x20/0x38 (C) [ 30.975696] dump_stack_lvl+0x8c/0xd0 [ 30.975757] print_report+0x118/0x608 [ 30.976037] kasan_report_invalid_free+0xc0/0xe8 [ 30.976136] check_slab_allocation+0xd4/0x108 [ 30.976267] __kasan_slab_pre_free+0x2c/0x48 [ 30.976369] kfree+0xe8/0x3c8 [ 30.976427] kfree_sensitive+0x3c/0xb0 [ 30.976606] kmalloc_double_kzfree+0x168/0x308 [ 30.976693] kunit_try_run_case+0x170/0x3f0 [ 30.976759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.976992] kthread+0x328/0x630 [ 30.977127] ret_from_fork+0x10/0x20 [ 30.977359] [ 30.977448] Allocated by task 225: [ 30.977498] kasan_save_stack+0x3c/0x68 [ 30.977576] kasan_save_track+0x20/0x40 [ 30.977695] kasan_save_alloc_info+0x40/0x58 [ 30.977762] __kasan_kmalloc+0xd4/0xd8 [ 30.977836] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.978278] kmalloc_double_kzfree+0xb8/0x308 [ 30.978359] kunit_try_run_case+0x170/0x3f0 [ 30.978442] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.978622] kthread+0x328/0x630 [ 30.978679] ret_from_fork+0x10/0x20 [ 30.978743] [ 30.979135] Freed by task 225: [ 30.979188] kasan_save_stack+0x3c/0x68 [ 30.979235] kasan_save_track+0x20/0x40 [ 30.979680] kasan_save_free_info+0x4c/0x78 [ 30.979748] __kasan_slab_free+0x6c/0x98 [ 30.979831] kfree+0x214/0x3c8 [ 30.979889] kfree_sensitive+0x80/0xb0 [ 30.980043] kmalloc_double_kzfree+0x11c/0x308 [ 30.980111] kunit_try_run_case+0x170/0x3f0 [ 30.980318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.980537] kthread+0x328/0x630 [ 30.980608] ret_from_fork+0x10/0x20 [ 30.980734] [ 30.980823] The buggy address belongs to the object at fff00000c919c7c0 [ 30.980823] which belongs to the cache kmalloc-16 of size 16 [ 30.980910] The buggy address is located 0 bytes inside of [ 30.980910] 16-byte region [fff00000c919c7c0, fff00000c919c7d0) [ 30.981436] [ 30.981484] The buggy address belongs to the physical page: [ 30.981549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.981782] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.981987] page_type: f5(slab) [ 30.982089] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.982166] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.982271] page dumped because: kasan: bad access detected [ 30.982341] [ 30.982382] Memory state around the buggy address: [ 30.982656] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.982712] fff00000c919c700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.983079] >fff00000c919c780: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 30.983219] ^ [ 30.983279] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.983344] fff00000c919c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.983444] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 30.966877] ================================================================== [ 30.966951] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 30.967004] Read of size 1 at addr fff00000c919c7c0 by task kunit_try_catch/225 [ 30.967440] [ 30.967504] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.967635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.967815] Hardware name: linux,dummy-virt (DT) [ 30.967852] Call trace: [ 30.967876] show_stack+0x20/0x38 (C) [ 30.968163] dump_stack_lvl+0x8c/0xd0 [ 30.968266] print_report+0x118/0x608 [ 30.968412] kasan_report+0xdc/0x128 [ 30.968494] __kasan_check_byte+0x54/0x70 [ 30.968576] kfree_sensitive+0x30/0xb0 [ 30.968717] kmalloc_double_kzfree+0x168/0x308 [ 30.968826] kunit_try_run_case+0x170/0x3f0 [ 30.968875] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.969180] kthread+0x328/0x630 [ 30.969394] ret_from_fork+0x10/0x20 [ 30.969510] [ 30.969559] Allocated by task 225: [ 30.969675] kasan_save_stack+0x3c/0x68 [ 30.969756] kasan_save_track+0x20/0x40 [ 30.969900] kasan_save_alloc_info+0x40/0x58 [ 30.969950] __kasan_kmalloc+0xd4/0xd8 [ 30.970015] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.970216] kmalloc_double_kzfree+0xb8/0x308 [ 30.970450] kunit_try_run_case+0x170/0x3f0 [ 30.970542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.970688] kthread+0x328/0x630 [ 30.970755] ret_from_fork+0x10/0x20 [ 30.970821] [ 30.970865] Freed by task 225: [ 30.971046] kasan_save_stack+0x3c/0x68 [ 30.971178] kasan_save_track+0x20/0x40 [ 30.971330] kasan_save_free_info+0x4c/0x78 [ 30.971459] __kasan_slab_free+0x6c/0x98 [ 30.971528] kfree+0x214/0x3c8 [ 30.971690] kfree_sensitive+0x80/0xb0 [ 30.971754] kmalloc_double_kzfree+0x11c/0x308 [ 30.971795] kunit_try_run_case+0x170/0x3f0 [ 30.971834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.971878] kthread+0x328/0x630 [ 30.971911] ret_from_fork+0x10/0x20 [ 30.972555] [ 30.972662] The buggy address belongs to the object at fff00000c919c7c0 [ 30.972662] which belongs to the cache kmalloc-16 of size 16 [ 30.972788] The buggy address is located 0 bytes inside of [ 30.972788] freed 16-byte region [fff00000c919c7c0, fff00000c919c7d0) [ 30.972862] [ 30.972882] The buggy address belongs to the physical page: [ 30.973218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.973491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.973639] page_type: f5(slab) [ 30.973689] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.973780] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.973888] page dumped because: kasan: bad access detected [ 30.973921] [ 30.973960] Memory state around the buggy address: [ 30.974008] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.974067] fff00000c919c700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.974110] >fff00000c919c780: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 30.974149] ^ [ 30.974188] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.974231] fff00000c919c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.974270] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 30.947476] ================================================================== [ 30.947651] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 30.947855] Read of size 1 at addr fff00000c91edb28 by task kunit_try_catch/221 [ 30.947987] [ 30.948129] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.948316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.948376] Hardware name: linux,dummy-virt (DT) [ 30.948636] Call trace: [ 30.948747] show_stack+0x20/0x38 (C) [ 30.948864] dump_stack_lvl+0x8c/0xd0 [ 30.948917] print_report+0x118/0x608 [ 30.948986] kasan_report+0xdc/0x128 [ 30.949032] __asan_report_load1_noabort+0x20/0x30 [ 30.949082] kmalloc_uaf2+0x3f4/0x468 [ 30.949128] kunit_try_run_case+0x170/0x3f0 [ 30.949194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.949248] kthread+0x328/0x630 [ 30.949294] ret_from_fork+0x10/0x20 [ 30.949350] [ 30.949370] Allocated by task 221: [ 30.949399] kasan_save_stack+0x3c/0x68 [ 30.949441] kasan_save_track+0x20/0x40 [ 30.949480] kasan_save_alloc_info+0x40/0x58 [ 30.949517] __kasan_kmalloc+0xd4/0xd8 [ 30.949563] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.949604] kmalloc_uaf2+0xc4/0x468 [ 30.949643] kunit_try_run_case+0x170/0x3f0 [ 30.949687] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.949737] kthread+0x328/0x630 [ 30.949770] ret_from_fork+0x10/0x20 [ 30.949805] [ 30.949835] Freed by task 221: [ 30.949875] kasan_save_stack+0x3c/0x68 [ 30.949919] kasan_save_track+0x20/0x40 [ 30.949982] kasan_save_free_info+0x4c/0x78 [ 30.950018] __kasan_slab_free+0x6c/0x98 [ 30.950057] kfree+0x214/0x3c8 [ 30.950091] kmalloc_uaf2+0x134/0x468 [ 30.950136] kunit_try_run_case+0x170/0x3f0 [ 30.950172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.950226] kthread+0x328/0x630 [ 30.950259] ret_from_fork+0x10/0x20 [ 30.950294] [ 30.950312] The buggy address belongs to the object at fff00000c91edb00 [ 30.950312] which belongs to the cache kmalloc-64 of size 64 [ 30.950370] The buggy address is located 40 bytes inside of [ 30.950370] freed 64-byte region [fff00000c91edb00, fff00000c91edb40) [ 30.950432] [ 30.950460] The buggy address belongs to the physical page: [ 30.950497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed [ 30.950560] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.950607] page_type: f5(slab) [ 30.950656] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.950707] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.950748] page dumped because: kasan: bad access detected [ 30.950778] [ 30.950798] Memory state around the buggy address: [ 30.950827] fff00000c91eda00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.950870] fff00000c91eda80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.950914] >fff00000c91edb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.951115] ^ [ 30.951720] fff00000c91edb80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 30.951787] fff00000c91edc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.951827] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 30.931051] ================================================================== [ 30.931129] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 30.931183] Write of size 33 at addr fff00000c91eda00 by task kunit_try_catch/219 [ 30.931465] [ 30.931513] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.931969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.932029] Hardware name: linux,dummy-virt (DT) [ 30.932088] Call trace: [ 30.932272] show_stack+0x20/0x38 (C) [ 30.932481] dump_stack_lvl+0x8c/0xd0 [ 30.932588] print_report+0x118/0x608 [ 30.932722] kasan_report+0xdc/0x128 [ 30.932846] kasan_check_range+0x100/0x1a8 [ 30.933014] __asan_memset+0x34/0x78 [ 30.933091] kmalloc_uaf_memset+0x170/0x310 [ 30.933173] kunit_try_run_case+0x170/0x3f0 [ 30.933487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.933737] kthread+0x328/0x630 [ 30.933818] ret_from_fork+0x10/0x20 [ 30.933991] [ 30.934041] Allocated by task 219: [ 30.934099] kasan_save_stack+0x3c/0x68 [ 30.934161] kasan_save_track+0x20/0x40 [ 30.934461] kasan_save_alloc_info+0x40/0x58 [ 30.934665] __kasan_kmalloc+0xd4/0xd8 [ 30.934760] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.934838] kmalloc_uaf_memset+0xb8/0x310 [ 30.934979] kunit_try_run_case+0x170/0x3f0 [ 30.935071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.935141] kthread+0x328/0x630 [ 30.935173] ret_from_fork+0x10/0x20 [ 30.935399] [ 30.935466] Freed by task 219: [ 30.935618] kasan_save_stack+0x3c/0x68 [ 30.935774] kasan_save_track+0x20/0x40 [ 30.935865] kasan_save_free_info+0x4c/0x78 [ 30.936018] __kasan_slab_free+0x6c/0x98 [ 30.936087] kfree+0x214/0x3c8 [ 30.936138] kmalloc_uaf_memset+0x11c/0x310 [ 30.936183] kunit_try_run_case+0x170/0x3f0 [ 30.936222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.936265] kthread+0x328/0x630 [ 30.936298] ret_from_fork+0x10/0x20 [ 30.936779] [ 30.936857] The buggy address belongs to the object at fff00000c91eda00 [ 30.936857] which belongs to the cache kmalloc-64 of size 64 [ 30.937051] The buggy address is located 0 bytes inside of [ 30.937051] freed 64-byte region [fff00000c91eda00, fff00000c91eda40) [ 30.937160] [ 30.937198] The buggy address belongs to the physical page: [ 30.937239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed [ 30.937448] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.937545] page_type: f5(slab) [ 30.937833] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.937906] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.937977] page dumped because: kasan: bad access detected [ 30.938105] [ 30.938155] Memory state around the buggy address: [ 30.938215] fff00000c91ed900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.938270] fff00000c91ed980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.938568] >fff00000c91eda00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.938785] ^ [ 30.938874] fff00000c91eda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.938975] fff00000c91edb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.939132] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 30.917997] ================================================================== [ 30.918069] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 30.918346] Read of size 1 at addr fff00000c919c7a8 by task kunit_try_catch/217 [ 30.918426] [ 30.918552] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.918664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.918701] Hardware name: linux,dummy-virt (DT) [ 30.918790] Call trace: [ 30.918817] show_stack+0x20/0x38 (C) [ 30.918869] dump_stack_lvl+0x8c/0xd0 [ 30.919086] print_report+0x118/0x608 [ 30.919152] kasan_report+0xdc/0x128 [ 30.919301] __asan_report_load1_noabort+0x20/0x30 [ 30.919415] kmalloc_uaf+0x300/0x338 [ 30.919483] kunit_try_run_case+0x170/0x3f0 [ 30.919552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.919696] kthread+0x328/0x630 [ 30.919769] ret_from_fork+0x10/0x20 [ 30.919973] [ 30.920042] Allocated by task 217: [ 30.920193] kasan_save_stack+0x3c/0x68 [ 30.920422] kasan_save_track+0x20/0x40 [ 30.920592] kasan_save_alloc_info+0x40/0x58 [ 30.920709] __kasan_kmalloc+0xd4/0xd8 [ 30.920804] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.920874] kmalloc_uaf+0xb8/0x338 [ 30.920948] kunit_try_run_case+0x170/0x3f0 [ 30.921149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.921334] kthread+0x328/0x630 [ 30.921453] ret_from_fork+0x10/0x20 [ 30.921543] [ 30.921594] Freed by task 217: [ 30.921709] kasan_save_stack+0x3c/0x68 [ 30.921791] kasan_save_track+0x20/0x40 [ 30.921871] kasan_save_free_info+0x4c/0x78 [ 30.921992] __kasan_slab_free+0x6c/0x98 [ 30.922040] kfree+0x214/0x3c8 [ 30.922098] kmalloc_uaf+0x11c/0x338 [ 30.922434] kunit_try_run_case+0x170/0x3f0 [ 30.922513] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.922625] kthread+0x328/0x630 [ 30.922728] ret_from_fork+0x10/0x20 [ 30.922796] [ 30.922908] The buggy address belongs to the object at fff00000c919c7a0 [ 30.922908] which belongs to the cache kmalloc-16 of size 16 [ 30.923006] The buggy address is located 8 bytes inside of [ 30.923006] freed 16-byte region [fff00000c919c7a0, fff00000c919c7b0) [ 30.923312] [ 30.923517] The buggy address belongs to the physical page: [ 30.923596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.923682] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.923844] page_type: f5(slab) [ 30.923923] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.924145] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.924186] page dumped because: kasan: bad access detected [ 30.924393] [ 30.924444] Memory state around the buggy address: [ 30.924505] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.924590] fff00000c919c700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.924753] >fff00000c919c780: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 30.924958] ^ [ 30.925040] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.925111] fff00000c919c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.925238] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 30.904537] ================================================================== [ 30.904609] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.904662] Read of size 64 at addr fff00000c91ed704 by task kunit_try_catch/215 [ 30.904970] [ 30.905362] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.905480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.905508] Hardware name: linux,dummy-virt (DT) [ 30.905620] Call trace: [ 30.905647] show_stack+0x20/0x38 (C) [ 30.905700] dump_stack_lvl+0x8c/0xd0 [ 30.905748] print_report+0x118/0x608 [ 30.906275] kasan_report+0xdc/0x128 [ 30.906385] kasan_check_range+0x100/0x1a8 [ 30.906479] __asan_memmove+0x3c/0x98 [ 30.906618] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.906745] kunit_try_run_case+0x170/0x3f0 [ 30.906832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.906889] kthread+0x328/0x630 [ 30.907228] ret_from_fork+0x10/0x20 [ 30.907312] [ 30.907343] Allocated by task 215: [ 30.907408] kasan_save_stack+0x3c/0x68 [ 30.907499] kasan_save_track+0x20/0x40 [ 30.907538] kasan_save_alloc_info+0x40/0x58 [ 30.907892] __kasan_kmalloc+0xd4/0xd8 [ 30.908039] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.908130] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 30.908370] kunit_try_run_case+0x170/0x3f0 [ 30.908589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.908689] kthread+0x328/0x630 [ 30.908760] ret_from_fork+0x10/0x20 [ 30.908859] [ 30.908907] The buggy address belongs to the object at fff00000c91ed700 [ 30.908907] which belongs to the cache kmalloc-64 of size 64 [ 30.908993] The buggy address is located 4 bytes inside of [ 30.908993] allocated 64-byte region [fff00000c91ed700, fff00000c91ed740) [ 30.909189] [ 30.909246] The buggy address belongs to the physical page: [ 30.909290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed [ 30.909348] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.909398] page_type: f5(slab) [ 30.909436] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.909496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.909548] page dumped because: kasan: bad access detected [ 30.909581] [ 30.909615] Memory state around the buggy address: [ 30.909663] fff00000c91ed600: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.909710] fff00000c91ed680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.909753] >fff00000c91ed700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.909803] ^ [ 30.909838] fff00000c91ed780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.909886] fff00000c91ed800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.909944] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 30.889853] ================================================================== [ 30.889948] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 30.890013] Read of size 18446744073709551614 at addr fff00000c91ed504 by task kunit_try_catch/213 [ 30.890098] [ 30.890130] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.890217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.890244] Hardware name: linux,dummy-virt (DT) [ 30.890275] Call trace: [ 30.890300] show_stack+0x20/0x38 (C) [ 30.890354] dump_stack_lvl+0x8c/0xd0 [ 30.890404] print_report+0x118/0x608 [ 30.890461] kasan_report+0xdc/0x128 [ 30.890508] kasan_check_range+0x100/0x1a8 [ 30.890562] __asan_memmove+0x3c/0x98 [ 30.890610] kmalloc_memmove_negative_size+0x154/0x2e0 [ 30.890661] kunit_try_run_case+0x170/0x3f0 [ 30.890711] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.890765] kthread+0x328/0x630 [ 30.890821] ret_from_fork+0x10/0x20 [ 30.890870] [ 30.890888] Allocated by task 213: [ 30.890916] kasan_save_stack+0x3c/0x68 [ 30.891329] kasan_save_track+0x20/0x40 [ 30.891884] kasan_save_alloc_info+0x40/0x58 [ 30.892039] __kasan_kmalloc+0xd4/0xd8 [ 30.892119] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.892194] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 30.892323] kunit_try_run_case+0x170/0x3f0 [ 30.892378] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.892422] kthread+0x328/0x630 [ 30.892464] ret_from_fork+0x10/0x20 [ 30.892500] [ 30.892883] The buggy address belongs to the object at fff00000c91ed500 [ 30.892883] which belongs to the cache kmalloc-64 of size 64 [ 30.893013] The buggy address is located 4 bytes inside of [ 30.893013] 64-byte region [fff00000c91ed500, fff00000c91ed540) [ 30.893103] [ 30.893211] The buggy address belongs to the physical page: [ 30.893272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed [ 30.893362] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.893617] page_type: f5(slab) [ 30.893839] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.894054] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.894216] page dumped because: kasan: bad access detected [ 30.894346] [ 30.894401] Memory state around the buggy address: [ 30.894528] fff00000c91ed400: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 30.894608] fff00000c91ed480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.894658] >fff00000c91ed500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.894720] ^ [ 30.894815] fff00000c91ed580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.894892] fff00000c91ed600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.894948] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 30.877009] ================================================================== [ 30.877116] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.877170] Write of size 16 at addr fff00000c91f0069 by task kunit_try_catch/211 [ 30.877238] [ 30.877301] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.877406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.877433] Hardware name: linux,dummy-virt (DT) [ 30.877469] Call trace: [ 30.877546] show_stack+0x20/0x38 (C) [ 30.877615] dump_stack_lvl+0x8c/0xd0 [ 30.877671] print_report+0x118/0x608 [ 30.877758] kasan_report+0xdc/0x128 [ 30.877806] kasan_check_range+0x100/0x1a8 [ 30.877850] __asan_memset+0x34/0x78 [ 30.877896] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.877982] kunit_try_run_case+0x170/0x3f0 [ 30.878031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.878210] kthread+0x328/0x630 [ 30.878306] ret_from_fork+0x10/0x20 [ 30.878512] [ 30.878559] Allocated by task 211: [ 30.878589] kasan_save_stack+0x3c/0x68 [ 30.878634] kasan_save_track+0x20/0x40 [ 30.878887] kasan_save_alloc_info+0x40/0x58 [ 30.879061] __kasan_kmalloc+0xd4/0xd8 [ 30.879139] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.879189] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.879395] kunit_try_run_case+0x170/0x3f0 [ 30.879615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.879679] kthread+0x328/0x630 [ 30.879955] ret_from_fork+0x10/0x20 [ 30.880140] [ 30.880184] The buggy address belongs to the object at fff00000c91f0000 [ 30.880184] which belongs to the cache kmalloc-128 of size 128 [ 30.880324] The buggy address is located 105 bytes inside of [ 30.880324] allocated 120-byte region [fff00000c91f0000, fff00000c91f0078) [ 30.880417] [ 30.880564] The buggy address belongs to the physical page: [ 30.880620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 30.880676] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.880747] page_type: f5(slab) [ 30.880803] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.880864] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.880914] page dumped because: kasan: bad access detected [ 30.880959] [ 30.880977] Memory state around the buggy address: [ 30.881009] fff00000c91eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881063] fff00000c91eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881106] >fff00000c91f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.881145] ^ [ 30.881195] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881239] fff00000c91f0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881286] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 30.861862] ================================================================== [ 30.862121] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 30.862341] Write of size 8 at addr fff00000c404ff71 by task kunit_try_catch/209 [ 30.862404] [ 30.862452] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.862568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.862595] Hardware name: linux,dummy-virt (DT) [ 30.862669] Call trace: [ 30.862711] show_stack+0x20/0x38 (C) [ 30.862768] dump_stack_lvl+0x8c/0xd0 [ 30.862882] print_report+0x118/0x608 [ 30.862991] kasan_report+0xdc/0x128 [ 30.863040] kasan_check_range+0x100/0x1a8 [ 30.863316] __asan_memset+0x34/0x78 [ 30.863439] kmalloc_oob_memset_8+0x150/0x2f8 [ 30.863509] kunit_try_run_case+0x170/0x3f0 [ 30.863629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.863719] kthread+0x328/0x630 [ 30.863787] ret_from_fork+0x10/0x20 [ 30.863976] [ 30.864025] Allocated by task 209: [ 30.864074] kasan_save_stack+0x3c/0x68 [ 30.864124] kasan_save_track+0x20/0x40 [ 30.864359] kasan_save_alloc_info+0x40/0x58 [ 30.864590] __kasan_kmalloc+0xd4/0xd8 [ 30.864670] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.864790] kmalloc_oob_memset_8+0xb0/0x2f8 [ 30.864858] kunit_try_run_case+0x170/0x3f0 [ 30.864996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.865054] kthread+0x328/0x630 [ 30.865086] ret_from_fork+0x10/0x20 [ 30.865155] [ 30.865308] The buggy address belongs to the object at fff00000c404ff00 [ 30.865308] which belongs to the cache kmalloc-128 of size 128 [ 30.865638] The buggy address is located 113 bytes inside of [ 30.865638] allocated 120-byte region [fff00000c404ff00, fff00000c404ff78) [ 30.865757] [ 30.865806] The buggy address belongs to the physical page: [ 30.865954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.866055] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.866253] page_type: f5(slab) [ 30.866415] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.866576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.866718] page dumped because: kasan: bad access detected [ 30.866777] [ 30.866826] Memory state around the buggy address: [ 30.866954] fff00000c404fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.867026] fff00000c404fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.867085] >fff00000c404ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.867277] ^ [ 30.867452] fff00000c404ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.867632] fff00000c4050000: 00 06 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 30.867694] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 30.846161] ================================================================== [ 30.846220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 30.846270] Write of size 4 at addr fff00000c404fe75 by task kunit_try_catch/207 [ 30.846319] [ 30.846350] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.846436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.846462] Hardware name: linux,dummy-virt (DT) [ 30.846493] Call trace: [ 30.846515] show_stack+0x20/0x38 (C) [ 30.846573] dump_stack_lvl+0x8c/0xd0 [ 30.846621] print_report+0x118/0x608 [ 30.846666] kasan_report+0xdc/0x128 [ 30.846721] kasan_check_range+0x100/0x1a8 [ 30.846767] __asan_memset+0x34/0x78 [ 30.846810] kmalloc_oob_memset_4+0x150/0x300 [ 30.846856] kunit_try_run_case+0x170/0x3f0 [ 30.846904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.847106] kthread+0x328/0x630 [ 30.847154] ret_from_fork+0x10/0x20 [ 30.847566] [ 30.848083] Allocated by task 207: [ 30.848137] kasan_save_stack+0x3c/0x68 [ 30.848236] kasan_save_track+0x20/0x40 [ 30.848310] kasan_save_alloc_info+0x40/0x58 [ 30.848390] __kasan_kmalloc+0xd4/0xd8 [ 30.848497] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.848612] kmalloc_oob_memset_4+0xb0/0x300 [ 30.848655] kunit_try_run_case+0x170/0x3f0 [ 30.848912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.849143] kthread+0x328/0x630 [ 30.849353] ret_from_fork+0x10/0x20 [ 30.849509] [ 30.849566] The buggy address belongs to the object at fff00000c404fe00 [ 30.849566] which belongs to the cache kmalloc-128 of size 128 [ 30.849702] The buggy address is located 117 bytes inside of [ 30.849702] allocated 120-byte region [fff00000c404fe00, fff00000c404fe78) [ 30.849793] [ 30.850190] The buggy address belongs to the physical page: [ 30.850249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.850374] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.850445] page_type: f5(slab) [ 30.850688] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.850765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.850959] page dumped because: kasan: bad access detected [ 30.850994] [ 30.851013] Memory state around the buggy address: [ 30.851045] fff00000c404fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.851317] fff00000c404fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851455] >fff00000c404fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.851521] ^ [ 30.851664] fff00000c404fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851752] fff00000c404ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851899] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 30.831299] ================================================================== [ 30.831420] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 30.831495] Write of size 2 at addr fff00000c404fd77 by task kunit_try_catch/205 [ 30.831571] [ 30.831624] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.831829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.831888] Hardware name: linux,dummy-virt (DT) [ 30.832076] Call trace: [ 30.832104] show_stack+0x20/0x38 (C) [ 30.832156] dump_stack_lvl+0x8c/0xd0 [ 30.832210] print_report+0x118/0x608 [ 30.832497] kasan_report+0xdc/0x128 [ 30.832597] kasan_check_range+0x100/0x1a8 [ 30.832674] __asan_memset+0x34/0x78 [ 30.832788] kmalloc_oob_memset_2+0x150/0x2f8 [ 30.832865] kunit_try_run_case+0x170/0x3f0 [ 30.832988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.833074] kthread+0x328/0x630 [ 30.833195] ret_from_fork+0x10/0x20 [ 30.833244] [ 30.833494] Allocated by task 205: [ 30.833631] kasan_save_stack+0x3c/0x68 [ 30.833708] kasan_save_track+0x20/0x40 [ 30.833759] kasan_save_alloc_info+0x40/0x58 [ 30.833875] __kasan_kmalloc+0xd4/0xd8 [ 30.833959] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.833999] kmalloc_oob_memset_2+0xb0/0x2f8 [ 30.834295] kunit_try_run_case+0x170/0x3f0 [ 30.834360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.834423] kthread+0x328/0x630 [ 30.834481] ret_from_fork+0x10/0x20 [ 30.834713] [ 30.834919] The buggy address belongs to the object at fff00000c404fd00 [ 30.834919] which belongs to the cache kmalloc-128 of size 128 [ 30.835301] The buggy address is located 119 bytes inside of [ 30.835301] allocated 120-byte region [fff00000c404fd00, fff00000c404fd78) [ 30.835445] [ 30.835495] The buggy address belongs to the physical page: [ 30.835551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.835687] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.835769] page_type: f5(slab) [ 30.835868] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.835918] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.835968] page dumped because: kasan: bad access detected [ 30.836021] [ 30.836041] Memory state around the buggy address: [ 30.836071] fff00000c404fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.836382] fff00000c404fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.836502] >fff00000c404fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.836595] ^ [ 30.836673] fff00000c404fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.836774] fff00000c404fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.836823] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 30.817204] ================================================================== [ 30.817263] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 30.817312] Write of size 128 at addr fff00000c404fc00 by task kunit_try_catch/203 [ 30.817549] [ 30.817836] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.818041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.818078] Hardware name: linux,dummy-virt (DT) [ 30.818513] Call trace: [ 30.818552] show_stack+0x20/0x38 (C) [ 30.818786] dump_stack_lvl+0x8c/0xd0 [ 30.818845] print_report+0x118/0x608 [ 30.818915] kasan_report+0xdc/0x128 [ 30.819079] kasan_check_range+0x100/0x1a8 [ 30.819137] __asan_memset+0x34/0x78 [ 30.819180] kmalloc_oob_in_memset+0x144/0x2d0 [ 30.819227] kunit_try_run_case+0x170/0x3f0 [ 30.819274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.819326] kthread+0x328/0x630 [ 30.819372] ret_from_fork+0x10/0x20 [ 30.819420] [ 30.819439] Allocated by task 203: [ 30.819468] kasan_save_stack+0x3c/0x68 [ 30.819508] kasan_save_track+0x20/0x40 [ 30.819545] kasan_save_alloc_info+0x40/0x58 [ 30.820299] __kasan_kmalloc+0xd4/0xd8 [ 30.820549] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.820599] kmalloc_oob_in_memset+0xb0/0x2d0 [ 30.820948] kunit_try_run_case+0x170/0x3f0 [ 30.821057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.821149] kthread+0x328/0x630 [ 30.821252] ret_from_fork+0x10/0x20 [ 30.821323] [ 30.821372] The buggy address belongs to the object at fff00000c404fc00 [ 30.821372] which belongs to the cache kmalloc-128 of size 128 [ 30.821524] The buggy address is located 0 bytes inside of [ 30.821524] allocated 120-byte region [fff00000c404fc00, fff00000c404fc78) [ 30.821603] [ 30.821720] The buggy address belongs to the physical page: [ 30.821768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.821878] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.821963] page_type: f5(slab) [ 30.822014] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.822264] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.822430] page dumped because: kasan: bad access detected [ 30.822517] [ 30.822565] Memory state around the buggy address: [ 30.822620] fff00000c404fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.822948] fff00000c404fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.823039] >fff00000c404fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.823123] ^ [ 30.823226] fff00000c404fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.823288] fff00000c404fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.823333] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 30.803364] ================================================================== [ 30.803424] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 30.803474] Read of size 16 at addr fff00000c919c780 by task kunit_try_catch/201 [ 30.803912] [ 30.803977] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.804361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.804494] Hardware name: linux,dummy-virt (DT) [ 30.804554] Call trace: [ 30.804603] show_stack+0x20/0x38 (C) [ 30.804755] dump_stack_lvl+0x8c/0xd0 [ 30.804837] print_report+0x118/0x608 [ 30.804999] kasan_report+0xdc/0x128 [ 30.805075] __asan_report_load16_noabort+0x20/0x30 [ 30.805319] kmalloc_uaf_16+0x3bc/0x438 [ 30.805550] kunit_try_run_case+0x170/0x3f0 [ 30.805698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.805774] kthread+0x328/0x630 [ 30.805826] ret_from_fork+0x10/0x20 [ 30.805900] [ 30.805920] Allocated by task 201: [ 30.806245] kasan_save_stack+0x3c/0x68 [ 30.806392] kasan_save_track+0x20/0x40 [ 30.806460] kasan_save_alloc_info+0x40/0x58 [ 30.806563] __kasan_kmalloc+0xd4/0xd8 [ 30.806626] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.806693] kmalloc_uaf_16+0x140/0x438 [ 30.806800] kunit_try_run_case+0x170/0x3f0 [ 30.806857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.806912] kthread+0x328/0x630 [ 30.806955] ret_from_fork+0x10/0x20 [ 30.807224] [ 30.807384] Freed by task 201: [ 30.807475] kasan_save_stack+0x3c/0x68 [ 30.807550] kasan_save_track+0x20/0x40 [ 30.807679] kasan_save_free_info+0x4c/0x78 [ 30.807747] __kasan_slab_free+0x6c/0x98 [ 30.807876] kfree+0x214/0x3c8 [ 30.807973] kmalloc_uaf_16+0x190/0x438 [ 30.808010] kunit_try_run_case+0x170/0x3f0 [ 30.808184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.808437] kthread+0x328/0x630 [ 30.808533] ret_from_fork+0x10/0x20 [ 30.808650] [ 30.808689] The buggy address belongs to the object at fff00000c919c780 [ 30.808689] which belongs to the cache kmalloc-16 of size 16 [ 30.808791] The buggy address is located 0 bytes inside of [ 30.808791] freed 16-byte region [fff00000c919c780, fff00000c919c790) [ 30.808864] [ 30.808894] The buggy address belongs to the physical page: [ 30.808934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.808993] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.809060] page_type: f5(slab) [ 30.809100] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.809159] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.809199] page dumped because: kasan: bad access detected [ 30.809238] [ 30.809257] Memory state around the buggy address: [ 30.809286] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.809328] fff00000c919c700: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 30.809385] >fff00000c919c780: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.809422] ^ [ 30.809450] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.809497] fff00000c919c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.809550] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 30.789738] ================================================================== [ 30.789803] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 30.790442] Write of size 16 at addr fff00000c919c720 by task kunit_try_catch/199 [ 30.790567] [ 30.790603] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.790751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.790812] Hardware name: linux,dummy-virt (DT) [ 30.790846] Call trace: [ 30.790878] show_stack+0x20/0x38 (C) [ 30.790981] dump_stack_lvl+0x8c/0xd0 [ 30.791049] print_report+0x118/0x608 [ 30.791146] kasan_report+0xdc/0x128 [ 30.791202] __asan_report_store16_noabort+0x20/0x30 [ 30.791258] kmalloc_oob_16+0x3a0/0x3f8 [ 30.791336] kunit_try_run_case+0x170/0x3f0 [ 30.791393] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.791446] kthread+0x328/0x630 [ 30.791496] ret_from_fork+0x10/0x20 [ 30.791657] [ 30.791686] Allocated by task 199: [ 30.791806] kasan_save_stack+0x3c/0x68 [ 30.791974] kasan_save_track+0x20/0x40 [ 30.792250] kasan_save_alloc_info+0x40/0x58 [ 30.792352] __kasan_kmalloc+0xd4/0xd8 [ 30.792526] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.792644] kmalloc_oob_16+0xb4/0x3f8 [ 30.792712] kunit_try_run_case+0x170/0x3f0 [ 30.792828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.792906] kthread+0x328/0x630 [ 30.792951] ret_from_fork+0x10/0x20 [ 30.793102] [ 30.793266] The buggy address belongs to the object at fff00000c919c720 [ 30.793266] which belongs to the cache kmalloc-16 of size 16 [ 30.793326] The buggy address is located 0 bytes inside of [ 30.793326] allocated 13-byte region [fff00000c919c720, fff00000c919c72d) [ 30.793624] [ 30.793710] The buggy address belongs to the physical page: [ 30.793759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.794063] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.794218] page_type: f5(slab) [ 30.794304] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.794389] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.794575] page dumped because: kasan: bad access detected [ 30.794742] [ 30.794834] Memory state around the buggy address: [ 30.794893] fff00000c919c600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.795258] fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.795328] >fff00000c919c700: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 30.795409] ^ [ 30.795464] fff00000c919c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.795515] fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.795775] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 30.776716] ================================================================== [ 30.776770] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 30.776817] Read of size 1 at addr fff00000c8f6fc00 by task kunit_try_catch/197 [ 30.777140] [ 30.777202] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.777299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.777328] Hardware name: linux,dummy-virt (DT) [ 30.777412] Call trace: [ 30.777462] show_stack+0x20/0x38 (C) [ 30.777514] dump_stack_lvl+0x8c/0xd0 [ 30.777609] print_report+0x118/0x608 [ 30.777689] kasan_report+0xdc/0x128 [ 30.777758] __asan_report_load1_noabort+0x20/0x30 [ 30.777807] krealloc_uaf+0x4c8/0x520 [ 30.778008] kunit_try_run_case+0x170/0x3f0 [ 30.778203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.778335] kthread+0x328/0x630 [ 30.778403] ret_from_fork+0x10/0x20 [ 30.778460] [ 30.778479] Allocated by task 197: [ 30.778514] kasan_save_stack+0x3c/0x68 [ 30.778630] kasan_save_track+0x20/0x40 [ 30.778689] kasan_save_alloc_info+0x40/0x58 [ 30.778725] __kasan_kmalloc+0xd4/0xd8 [ 30.778761] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.779035] krealloc_uaf+0xc8/0x520 [ 30.779172] kunit_try_run_case+0x170/0x3f0 [ 30.779219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.779263] kthread+0x328/0x630 [ 30.779352] ret_from_fork+0x10/0x20 [ 30.779409] [ 30.779449] Freed by task 197: [ 30.779487] kasan_save_stack+0x3c/0x68 [ 30.779607] kasan_save_track+0x20/0x40 [ 30.779676] kasan_save_free_info+0x4c/0x78 [ 30.779800] __kasan_slab_free+0x6c/0x98 [ 30.779849] kfree+0x214/0x3c8 [ 30.779881] krealloc_uaf+0x12c/0x520 [ 30.780090] kunit_try_run_case+0x170/0x3f0 [ 30.780148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.780312] kthread+0x328/0x630 [ 30.780426] ret_from_fork+0x10/0x20 [ 30.780483] [ 30.780528] The buggy address belongs to the object at fff00000c8f6fc00 [ 30.780528] which belongs to the cache kmalloc-256 of size 256 [ 30.780662] The buggy address is located 0 bytes inside of [ 30.780662] freed 256-byte region [fff00000c8f6fc00, fff00000c8f6fd00) [ 30.780739] [ 30.780758] The buggy address belongs to the physical page: [ 30.780788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.781251] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.781375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.781466] page_type: f5(slab) [ 30.781530] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.781649] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.781857] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.782082] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.782179] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.782310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.782380] page dumped because: kasan: bad access detected [ 30.782439] [ 30.782536] Memory state around the buggy address: [ 30.782607] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.782666] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.782960] >fff00000c8f6fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.783107] ^ [ 30.783201] fff00000c8f6fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.783277] fff00000c8f6fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.783347] ================================================================== [ 30.768662] ================================================================== [ 30.768911] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 30.768996] Read of size 1 at addr fff00000c8f6fc00 by task kunit_try_catch/197 [ 30.769117] [ 30.769153] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.769516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.769630] Hardware name: linux,dummy-virt (DT) [ 30.769680] Call trace: [ 30.769719] show_stack+0x20/0x38 (C) [ 30.769818] dump_stack_lvl+0x8c/0xd0 [ 30.769897] print_report+0x118/0x608 [ 30.769958] kasan_report+0xdc/0x128 [ 30.770006] __kasan_check_byte+0x54/0x70 [ 30.770289] krealloc_noprof+0x44/0x360 [ 30.770380] krealloc_uaf+0x180/0x520 [ 30.770595] kunit_try_run_case+0x170/0x3f0 [ 30.770666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.770911] kthread+0x328/0x630 [ 30.770983] ret_from_fork+0x10/0x20 [ 30.771033] [ 30.771265] Allocated by task 197: [ 30.771341] kasan_save_stack+0x3c/0x68 [ 30.771396] kasan_save_track+0x20/0x40 [ 30.771553] kasan_save_alloc_info+0x40/0x58 [ 30.771644] __kasan_kmalloc+0xd4/0xd8 [ 30.771695] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.771820] krealloc_uaf+0xc8/0x520 [ 30.771869] kunit_try_run_case+0x170/0x3f0 [ 30.771989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.772074] kthread+0x328/0x630 [ 30.772119] ret_from_fork+0x10/0x20 [ 30.772156] [ 30.772194] Freed by task 197: [ 30.772576] kasan_save_stack+0x3c/0x68 [ 30.772648] kasan_save_track+0x20/0x40 [ 30.772782] kasan_save_free_info+0x4c/0x78 [ 30.772849] __kasan_slab_free+0x6c/0x98 [ 30.772972] kfree+0x214/0x3c8 [ 30.773072] krealloc_uaf+0x12c/0x520 [ 30.773140] kunit_try_run_case+0x170/0x3f0 [ 30.773253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.773299] kthread+0x328/0x630 [ 30.773628] ret_from_fork+0x10/0x20 [ 30.773794] [ 30.773864] The buggy address belongs to the object at fff00000c8f6fc00 [ 30.773864] which belongs to the cache kmalloc-256 of size 256 [ 30.774064] The buggy address is located 0 bytes inside of [ 30.774064] freed 256-byte region [fff00000c8f6fc00, fff00000c8f6fd00) [ 30.774470] [ 30.774500] The buggy address belongs to the physical page: [ 30.774535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.774589] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.774682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.774735] page_type: f5(slab) [ 30.774787] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.774847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.774895] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.774964] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.775029] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.775086] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.775127] page dumped because: kasan: bad access detected [ 30.775166] [ 30.775185] Memory state around the buggy address: [ 30.775217] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.775259] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.775308] >fff00000c8f6fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.775354] ^ [ 30.775382] fff00000c8f6fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.775428] fff00000c8f6fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.775466] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 30.733896] ================================================================== [ 30.733960] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.734259] Write of size 1 at addr fff00000c99d60c9 by task kunit_try_catch/195 [ 30.734386] [ 30.734449] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.734563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.734590] Hardware name: linux,dummy-virt (DT) [ 30.734772] Call trace: [ 30.734832] show_stack+0x20/0x38 (C) [ 30.734893] dump_stack_lvl+0x8c/0xd0 [ 30.734951] print_report+0x118/0x608 [ 30.735298] kasan_report+0xdc/0x128 [ 30.735369] __asan_report_store1_noabort+0x20/0x30 [ 30.735573] krealloc_less_oob_helper+0xa48/0xc50 [ 30.735648] krealloc_large_less_oob+0x20/0x38 [ 30.735696] kunit_try_run_case+0x170/0x3f0 [ 30.735753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.735806] kthread+0x328/0x630 [ 30.736010] ret_from_fork+0x10/0x20 [ 30.736259] [ 30.736347] The buggy address belongs to the physical page: [ 30.736417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.736551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.736608] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.736729] page_type: f8(unknown) [ 30.736789] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.736865] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.737158] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.737237] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.737431] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.737520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.737648] page dumped because: kasan: bad access detected [ 30.737706] [ 30.738052] Memory state around the buggy address: [ 30.738132] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.738226] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.738384] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.738637] ^ [ 30.738757] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.738821] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.738921] ================================================================== [ 30.701607] ================================================================== [ 30.701709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.701866] Write of size 1 at addr fff00000c8f6faeb by task kunit_try_catch/191 [ 30.702013] [ 30.702047] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.702131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.702375] Hardware name: linux,dummy-virt (DT) [ 30.702422] Call trace: [ 30.702763] show_stack+0x20/0x38 (C) [ 30.702834] dump_stack_lvl+0x8c/0xd0 [ 30.702883] print_report+0x118/0x608 [ 30.703000] kasan_report+0xdc/0x128 [ 30.703079] __asan_report_store1_noabort+0x20/0x30 [ 30.703136] krealloc_less_oob_helper+0xa58/0xc50 [ 30.703275] krealloc_less_oob+0x20/0x38 [ 30.703321] kunit_try_run_case+0x170/0x3f0 [ 30.703368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.703465] kthread+0x328/0x630 [ 30.703512] ret_from_fork+0x10/0x20 [ 30.703571] [ 30.703882] Allocated by task 191: [ 30.703948] kasan_save_stack+0x3c/0x68 [ 30.704114] kasan_save_track+0x20/0x40 [ 30.704192] kasan_save_alloc_info+0x40/0x58 [ 30.704317] __kasan_krealloc+0x118/0x178 [ 30.704396] krealloc_noprof+0x128/0x360 [ 30.704510] krealloc_less_oob_helper+0x168/0xc50 [ 30.704552] krealloc_less_oob+0x20/0x38 [ 30.704613] kunit_try_run_case+0x170/0x3f0 [ 30.704657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.704949] kthread+0x328/0x630 [ 30.705133] ret_from_fork+0x10/0x20 [ 30.705204] [ 30.705254] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.705254] which belongs to the cache kmalloc-256 of size 256 [ 30.705424] The buggy address is located 34 bytes to the right of [ 30.705424] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.705511] [ 30.705586] The buggy address belongs to the physical page: [ 30.705634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.706182] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.706255] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.706377] page_type: f5(slab) [ 30.706665] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.706827] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.706916] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.707110] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.707188] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.707332] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.707372] page dumped because: kasan: bad access detected [ 30.707429] [ 30.707619] Memory state around the buggy address: [ 30.707684] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707862] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.707947] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.708085] ^ [ 30.708152] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.708248] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.708305] ================================================================== [ 30.694311] ================================================================== [ 30.694356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.694404] Write of size 1 at addr fff00000c8f6faea by task kunit_try_catch/191 [ 30.694453] [ 30.694481] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.694563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.694589] Hardware name: linux,dummy-virt (DT) [ 30.694637] Call trace: [ 30.694659] show_stack+0x20/0x38 (C) [ 30.694706] dump_stack_lvl+0x8c/0xd0 [ 30.694758] print_report+0x118/0x608 [ 30.694805] kasan_report+0xdc/0x128 [ 30.694851] __asan_report_store1_noabort+0x20/0x30 [ 30.694899] krealloc_less_oob_helper+0xae4/0xc50 [ 30.695349] krealloc_less_oob+0x20/0x38 [ 30.695404] kunit_try_run_case+0x170/0x3f0 [ 30.695463] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.695518] kthread+0x328/0x630 [ 30.695988] ret_from_fork+0x10/0x20 [ 30.696079] [ 30.696114] Allocated by task 191: [ 30.696349] kasan_save_stack+0x3c/0x68 [ 30.696454] kasan_save_track+0x20/0x40 [ 30.696624] kasan_save_alloc_info+0x40/0x58 [ 30.696705] __kasan_krealloc+0x118/0x178 [ 30.696795] krealloc_noprof+0x128/0x360 [ 30.696888] krealloc_less_oob_helper+0x168/0xc50 [ 30.696965] krealloc_less_oob+0x20/0x38 [ 30.697163] kunit_try_run_case+0x170/0x3f0 [ 30.697335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.697420] kthread+0x328/0x630 [ 30.697602] ret_from_fork+0x10/0x20 [ 30.697670] [ 30.697718] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.697718] which belongs to the cache kmalloc-256 of size 256 [ 30.697867] The buggy address is located 33 bytes to the right of [ 30.697867] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.697971] [ 30.698332] The buggy address belongs to the physical page: [ 30.698391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.698519] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.698585] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.698694] page_type: f5(slab) [ 30.698753] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.698847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.699032] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.699095] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.699446] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.699518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.699642] page dumped because: kasan: bad access detected [ 30.699712] [ 30.699832] Memory state around the buggy address: [ 30.699898] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699954] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.700211] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.700275] ^ [ 30.700523] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.700610] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.700660] ================================================================== [ 30.673382] ================================================================== [ 30.673436] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.673487] Write of size 1 at addr fff00000c8f6fac9 by task kunit_try_catch/191 [ 30.673536] [ 30.673566] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.673649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.673675] Hardware name: linux,dummy-virt (DT) [ 30.673706] Call trace: [ 30.673727] show_stack+0x20/0x38 (C) [ 30.673774] dump_stack_lvl+0x8c/0xd0 [ 30.673821] print_report+0x118/0x608 [ 30.673868] kasan_report+0xdc/0x128 [ 30.673914] __asan_report_store1_noabort+0x20/0x30 [ 30.674085] krealloc_less_oob_helper+0xa48/0xc50 [ 30.674251] krealloc_less_oob+0x20/0x38 [ 30.674312] kunit_try_run_case+0x170/0x3f0 [ 30.674360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.674421] kthread+0x328/0x630 [ 30.674464] ret_from_fork+0x10/0x20 [ 30.674560] [ 30.674580] Allocated by task 191: [ 30.674619] kasan_save_stack+0x3c/0x68 [ 30.674662] kasan_save_track+0x20/0x40 [ 30.674707] kasan_save_alloc_info+0x40/0x58 [ 30.674752] __kasan_krealloc+0x118/0x178 [ 30.674790] krealloc_noprof+0x128/0x360 [ 30.674827] krealloc_less_oob_helper+0x168/0xc50 [ 30.674876] krealloc_less_oob+0x20/0x38 [ 30.674914] kunit_try_run_case+0x170/0x3f0 [ 30.674963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.675011] kthread+0x328/0x630 [ 30.675044] ret_from_fork+0x10/0x20 [ 30.675080] [ 30.675099] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.675099] which belongs to the cache kmalloc-256 of size 256 [ 30.675163] The buggy address is located 0 bytes to the right of [ 30.675163] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.675226] [ 30.675254] The buggy address belongs to the physical page: [ 30.675285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.675336] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.675383] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.675441] page_type: f5(slab) [ 30.675479] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.675529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.675577] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.675646] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.675695] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.675742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.675780] page dumped because: kasan: bad access detected [ 30.675810] [ 30.675828] Memory state around the buggy address: [ 30.675859] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675908] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.676513] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.676557] ^ [ 30.676596] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.676638] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.676676] ================================================================== [ 30.740694] ================================================================== [ 30.740808] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.741076] Write of size 1 at addr fff00000c99d60d0 by task kunit_try_catch/195 [ 30.741208] [ 30.741259] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.741537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.741571] Hardware name: linux,dummy-virt (DT) [ 30.741603] Call trace: [ 30.741862] show_stack+0x20/0x38 (C) [ 30.742051] dump_stack_lvl+0x8c/0xd0 [ 30.742109] print_report+0x118/0x608 [ 30.742448] kasan_report+0xdc/0x128 [ 30.742589] __asan_report_store1_noabort+0x20/0x30 [ 30.742661] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.742718] krealloc_large_less_oob+0x20/0x38 [ 30.742833] kunit_try_run_case+0x170/0x3f0 [ 30.742900] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.743014] kthread+0x328/0x630 [ 30.743059] ret_from_fork+0x10/0x20 [ 30.743127] [ 30.743148] The buggy address belongs to the physical page: [ 30.743185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.743361] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.743419] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.743470] page_type: f8(unknown) [ 30.743508] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.743740] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.743869] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.743917] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.743981] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.744334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.744488] page dumped because: kasan: bad access detected [ 30.744549] [ 30.744600] Memory state around the buggy address: [ 30.744715] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.744782] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.744831] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.744894] ^ [ 30.745144] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.745399] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.745489] ================================================================== [ 30.756613] ================================================================== [ 30.756659] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.756707] Write of size 1 at addr fff00000c99d60eb by task kunit_try_catch/195 [ 30.757057] [ 30.757163] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.757571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.757614] Hardware name: linux,dummy-virt (DT) [ 30.757662] Call trace: [ 30.757704] show_stack+0x20/0x38 (C) [ 30.757756] dump_stack_lvl+0x8c/0xd0 [ 30.757804] print_report+0x118/0x608 [ 30.757882] kasan_report+0xdc/0x128 [ 30.757955] __asan_report_store1_noabort+0x20/0x30 [ 30.758120] krealloc_less_oob_helper+0xa58/0xc50 [ 30.758175] krealloc_large_less_oob+0x20/0x38 [ 30.758265] kunit_try_run_case+0x170/0x3f0 [ 30.758317] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.758696] kthread+0x328/0x630 [ 30.758824] ret_from_fork+0x10/0x20 [ 30.758901] [ 30.758951] The buggy address belongs to the physical page: [ 30.758989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.759042] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.759120] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.759170] page_type: f8(unknown) [ 30.759207] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.759265] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.759314] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.759361] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.759409] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.759467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.759515] page dumped because: kasan: bad access detected [ 30.759918] [ 30.759959] Memory state around the buggy address: [ 30.759992] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.760056] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.760108] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.760486] ^ [ 30.760540] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.760622] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.760691] ================================================================== [ 30.687436] ================================================================== [ 30.687485] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.687534] Write of size 1 at addr fff00000c8f6fada by task kunit_try_catch/191 [ 30.687837] [ 30.687985] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.688187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.688361] Hardware name: linux,dummy-virt (DT) [ 30.688428] Call trace: [ 30.688543] show_stack+0x20/0x38 (C) [ 30.688619] dump_stack_lvl+0x8c/0xd0 [ 30.688719] print_report+0x118/0x608 [ 30.688787] kasan_report+0xdc/0x128 [ 30.688939] __asan_report_store1_noabort+0x20/0x30 [ 30.689013] krealloc_less_oob_helper+0xa80/0xc50 [ 30.689203] krealloc_less_oob+0x20/0x38 [ 30.689421] kunit_try_run_case+0x170/0x3f0 [ 30.689499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.689840] kthread+0x328/0x630 [ 30.689948] ret_from_fork+0x10/0x20 [ 30.690045] [ 30.690221] Allocated by task 191: [ 30.690421] kasan_save_stack+0x3c/0x68 [ 30.690625] kasan_save_track+0x20/0x40 [ 30.690975] kasan_save_alloc_info+0x40/0x58 [ 30.691047] __kasan_krealloc+0x118/0x178 [ 30.691155] krealloc_noprof+0x128/0x360 [ 30.691235] krealloc_less_oob_helper+0x168/0xc50 [ 30.691304] krealloc_less_oob+0x20/0x38 [ 30.691613] kunit_try_run_case+0x170/0x3f0 [ 30.691740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.691839] kthread+0x328/0x630 [ 30.691887] ret_from_fork+0x10/0x20 [ 30.691939] [ 30.692101] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.692101] which belongs to the cache kmalloc-256 of size 256 [ 30.692284] The buggy address is located 17 bytes to the right of [ 30.692284] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.692438] [ 30.692490] The buggy address belongs to the physical page: [ 30.692528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.692783] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.692852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.693082] page_type: f5(slab) [ 30.693153] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.693211] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.693307] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.693357] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.693405] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.693469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.693516] page dumped because: kasan: bad access detected [ 30.693547] [ 30.693565] Memory state around the buggy address: [ 30.693595] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693636] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.693677] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.693733] ^ [ 30.693770] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693820] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.693871] ================================================================== [ 30.745993] ================================================================== [ 30.746037] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.746082] Write of size 1 at addr fff00000c99d60da by task kunit_try_catch/195 [ 30.746293] [ 30.746335] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.746421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.746449] Hardware name: linux,dummy-virt (DT) [ 30.746478] Call trace: [ 30.746524] show_stack+0x20/0x38 (C) [ 30.746576] dump_stack_lvl+0x8c/0xd0 [ 30.746631] print_report+0x118/0x608 [ 30.746679] kasan_report+0xdc/0x128 [ 30.746725] __asan_report_store1_noabort+0x20/0x30 [ 30.746773] krealloc_less_oob_helper+0xa80/0xc50 [ 30.746837] krealloc_large_less_oob+0x20/0x38 [ 30.746885] kunit_try_run_case+0x170/0x3f0 [ 30.746943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.746996] kthread+0x328/0x630 [ 30.747038] ret_from_fork+0x10/0x20 [ 30.747085] [ 30.747104] The buggy address belongs to the physical page: [ 30.747143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.747202] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.747250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.747299] page_type: f8(unknown) [ 30.747336] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.747383] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.747431] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.747477] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.747526] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.748139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.748185] page dumped because: kasan: bad access detected [ 30.748229] [ 30.748259] Memory state around the buggy address: [ 30.748292] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.748871] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749077] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.749546] ^ [ 30.749785] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750243] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750325] ================================================================== [ 30.750891] ================================================================== [ 30.751055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.751136] Write of size 1 at addr fff00000c99d60ea by task kunit_try_catch/195 [ 30.751204] [ 30.751242] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.751360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.751406] Hardware name: linux,dummy-virt (DT) [ 30.751588] Call trace: [ 30.751663] show_stack+0x20/0x38 (C) [ 30.751719] dump_stack_lvl+0x8c/0xd0 [ 30.751774] print_report+0x118/0x608 [ 30.752151] kasan_report+0xdc/0x128 [ 30.752282] __asan_report_store1_noabort+0x20/0x30 [ 30.752371] krealloc_less_oob_helper+0xae4/0xc50 [ 30.752498] krealloc_large_less_oob+0x20/0x38 [ 30.752587] kunit_try_run_case+0x170/0x3f0 [ 30.752716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.752806] kthread+0x328/0x630 [ 30.752920] ret_from_fork+0x10/0x20 [ 30.753025] [ 30.753130] The buggy address belongs to the physical page: [ 30.753167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.753218] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.753390] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.753473] page_type: f8(unknown) [ 30.753654] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.753793] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.753872] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.754213] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.754349] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.754418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.754485] page dumped because: kasan: bad access detected [ 30.754516] [ 30.754670] Memory state around the buggy address: [ 30.755172] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.755233] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.755333] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.755400] ^ [ 30.755451] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.755771] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.755838] ================================================================== [ 30.677954] ================================================================== [ 30.678288] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.678542] Write of size 1 at addr fff00000c8f6fad0 by task kunit_try_catch/191 [ 30.678694] [ 30.678730] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.679270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.679318] Hardware name: linux,dummy-virt (DT) [ 30.679360] Call trace: [ 30.679391] show_stack+0x20/0x38 (C) [ 30.679444] dump_stack_lvl+0x8c/0xd0 [ 30.679611] print_report+0x118/0x608 [ 30.680185] kasan_report+0xdc/0x128 [ 30.680281] __asan_report_store1_noabort+0x20/0x30 [ 30.680341] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.680393] krealloc_less_oob+0x20/0x38 [ 30.680440] kunit_try_run_case+0x170/0x3f0 [ 30.681118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.681271] kthread+0x328/0x630 [ 30.681328] ret_from_fork+0x10/0x20 [ 30.681499] [ 30.681548] Allocated by task 191: [ 30.681675] kasan_save_stack+0x3c/0x68 [ 30.681754] kasan_save_track+0x20/0x40 [ 30.681862] kasan_save_alloc_info+0x40/0x58 [ 30.681949] __kasan_krealloc+0x118/0x178 [ 30.682052] krealloc_noprof+0x128/0x360 [ 30.682104] krealloc_less_oob_helper+0x168/0xc50 [ 30.682161] krealloc_less_oob+0x20/0x38 [ 30.682414] kunit_try_run_case+0x170/0x3f0 [ 30.682592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.682671] kthread+0x328/0x630 [ 30.682704] ret_from_fork+0x10/0x20 [ 30.682901] [ 30.682960] The buggy address belongs to the object at fff00000c8f6fa00 [ 30.682960] which belongs to the cache kmalloc-256 of size 256 [ 30.683254] The buggy address is located 7 bytes to the right of [ 30.683254] allocated 201-byte region [fff00000c8f6fa00, fff00000c8f6fac9) [ 30.683332] [ 30.683351] The buggy address belongs to the physical page: [ 30.683409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.683586] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.683760] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.683835] page_type: f5(slab) [ 30.683874] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.684115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.684348] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.684419] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.684483] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.684857] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.684939] page dumped because: kasan: bad access detected [ 30.684972] [ 30.685022] Memory state around the buggy address: [ 30.685215] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.685381] fff00000c8f6fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.685635] >fff00000c8f6fa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.685808] ^ [ 30.685913] fff00000c8f6fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686006] fff00000c8f6fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.686200] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 30.651207] ================================================================== [ 30.651265] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.651317] Write of size 1 at addr fff00000c8f6f8eb by task kunit_try_catch/189 [ 30.651736] [ 30.651845] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.652327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.652382] Hardware name: linux,dummy-virt (DT) [ 30.652437] Call trace: [ 30.652553] show_stack+0x20/0x38 (C) [ 30.652635] dump_stack_lvl+0x8c/0xd0 [ 30.652684] print_report+0x118/0x608 [ 30.653025] kasan_report+0xdc/0x128 [ 30.653127] __asan_report_store1_noabort+0x20/0x30 [ 30.653194] krealloc_more_oob_helper+0x60c/0x678 [ 30.653506] krealloc_more_oob+0x20/0x38 [ 30.653608] kunit_try_run_case+0x170/0x3f0 [ 30.653766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.653836] kthread+0x328/0x630 [ 30.653970] ret_from_fork+0x10/0x20 [ 30.654039] [ 30.654103] Allocated by task 189: [ 30.654400] kasan_save_stack+0x3c/0x68 [ 30.654593] kasan_save_track+0x20/0x40 [ 30.654759] kasan_save_alloc_info+0x40/0x58 [ 30.654868] __kasan_krealloc+0x118/0x178 [ 30.654921] krealloc_noprof+0x128/0x360 [ 30.654971] krealloc_more_oob_helper+0x168/0x678 [ 30.655012] krealloc_more_oob+0x20/0x38 [ 30.655048] kunit_try_run_case+0x170/0x3f0 [ 30.655086] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.655129] kthread+0x328/0x630 [ 30.655169] ret_from_fork+0x10/0x20 [ 30.655204] [ 30.655234] The buggy address belongs to the object at fff00000c8f6f800 [ 30.655234] which belongs to the cache kmalloc-256 of size 256 [ 30.655302] The buggy address is located 0 bytes to the right of [ 30.655302] allocated 235-byte region [fff00000c8f6f800, fff00000c8f6f8eb) [ 30.655365] [ 30.655393] The buggy address belongs to the physical page: [ 30.655430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.655499] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.655804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.655864] page_type: f5(slab) [ 30.656272] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.656387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.656577] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.656673] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.656941] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.657181] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.657272] page dumped because: kasan: bad access detected [ 30.657361] [ 30.657401] Memory state around the buggy address: [ 30.657461] fff00000c8f6f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.657558] fff00000c8f6f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.657620] >fff00000c8f6f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.657895] ^ [ 30.658139] fff00000c8f6f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.658212] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.658269] ================================================================== [ 30.659437] ================================================================== [ 30.659806] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.659955] Write of size 1 at addr fff00000c8f6f8f0 by task kunit_try_catch/189 [ 30.660022] [ 30.660158] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.660243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.660572] Hardware name: linux,dummy-virt (DT) [ 30.660624] Call trace: [ 30.660674] show_stack+0x20/0x38 (C) [ 30.660809] dump_stack_lvl+0x8c/0xd0 [ 30.660889] print_report+0x118/0x608 [ 30.661084] kasan_report+0xdc/0x128 [ 30.661172] __asan_report_store1_noabort+0x20/0x30 [ 30.661488] krealloc_more_oob_helper+0x5c0/0x678 [ 30.661637] krealloc_more_oob+0x20/0x38 [ 30.661703] kunit_try_run_case+0x170/0x3f0 [ 30.661878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.662146] kthread+0x328/0x630 [ 30.662307] ret_from_fork+0x10/0x20 [ 30.662390] [ 30.662499] Allocated by task 189: [ 30.662558] kasan_save_stack+0x3c/0x68 [ 30.662653] kasan_save_track+0x20/0x40 [ 30.662984] kasan_save_alloc_info+0x40/0x58 [ 30.663068] __kasan_krealloc+0x118/0x178 [ 30.663184] krealloc_noprof+0x128/0x360 [ 30.663244] krealloc_more_oob_helper+0x168/0x678 [ 30.663386] krealloc_more_oob+0x20/0x38 [ 30.663432] kunit_try_run_case+0x170/0x3f0 [ 30.663469] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.663512] kthread+0x328/0x630 [ 30.663916] ret_from_fork+0x10/0x20 [ 30.664003] [ 30.664107] The buggy address belongs to the object at fff00000c8f6f800 [ 30.664107] which belongs to the cache kmalloc-256 of size 256 [ 30.664183] The buggy address is located 5 bytes to the right of [ 30.664183] allocated 235-byte region [fff00000c8f6f800, fff00000c8f6f8eb) [ 30.664336] [ 30.664432] The buggy address belongs to the physical page: [ 30.664491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f6e [ 30.664617] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.664665] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.664757] page_type: f5(slab) [ 30.665149] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.665305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.665393] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.665495] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.665591] head: 0bfffe0000000001 ffffc1ffc323db81 00000000ffffffff 00000000ffffffff [ 30.665663] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.665972] page dumped because: kasan: bad access detected [ 30.666116] [ 30.666145] Memory state around the buggy address: [ 30.666203] fff00000c8f6f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666247] fff00000c8f6f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.666288] >fff00000c8f6f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.666335] ^ [ 30.666387] fff00000c8f6f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666429] fff00000c8f6f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666465] ================================================================== [ 30.724349] ================================================================== [ 30.724397] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.724445] Write of size 1 at addr fff00000c99d60f0 by task kunit_try_catch/193 [ 30.724493] [ 30.724523] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.724830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.724875] Hardware name: linux,dummy-virt (DT) [ 30.725097] Call trace: [ 30.725133] show_stack+0x20/0x38 (C) [ 30.725185] dump_stack_lvl+0x8c/0xd0 [ 30.725242] print_report+0x118/0x608 [ 30.725419] kasan_report+0xdc/0x128 [ 30.725480] __asan_report_store1_noabort+0x20/0x30 [ 30.725538] krealloc_more_oob_helper+0x5c0/0x678 [ 30.725587] krealloc_large_more_oob+0x20/0x38 [ 30.725636] kunit_try_run_case+0x170/0x3f0 [ 30.725684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.725748] kthread+0x328/0x630 [ 30.725791] ret_from_fork+0x10/0x20 [ 30.725839] [ 30.725861] The buggy address belongs to the physical page: [ 30.725898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.725967] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.726015] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.726066] page_type: f8(unknown) [ 30.726104] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.726152] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.726200] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.726247] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.726295] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.726342] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.726380] page dumped because: kasan: bad access detected [ 30.726415] [ 30.726434] Memory state around the buggy address: [ 30.726463] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.726503] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.726543] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.726580] ^ [ 30.726619] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.726659] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.726694] ================================================================== [ 30.717336] ================================================================== [ 30.717392] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.717442] Write of size 1 at addr fff00000c99d60eb by task kunit_try_catch/193 [ 30.717696] [ 30.717841] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.717980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.718048] Hardware name: linux,dummy-virt (DT) [ 30.718081] Call trace: [ 30.718109] show_stack+0x20/0x38 (C) [ 30.718292] dump_stack_lvl+0x8c/0xd0 [ 30.718513] print_report+0x118/0x608 [ 30.718615] kasan_report+0xdc/0x128 [ 30.718827] __asan_report_store1_noabort+0x20/0x30 [ 30.718899] krealloc_more_oob_helper+0x60c/0x678 [ 30.718963] krealloc_large_more_oob+0x20/0x38 [ 30.719329] kunit_try_run_case+0x170/0x3f0 [ 30.719470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.719577] kthread+0x328/0x630 [ 30.719779] ret_from_fork+0x10/0x20 [ 30.719989] [ 30.720033] The buggy address belongs to the physical page: [ 30.720075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d4 [ 30.720198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.720256] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.720440] page_type: f8(unknown) [ 30.720652] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.720720] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.720873] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.721131] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.721220] head: 0bfffe0000000002 ffffc1ffc3267501 00000000ffffffff 00000000ffffffff [ 30.721403] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.721463] page dumped because: kasan: bad access detected [ 30.721494] [ 30.721710] Memory state around the buggy address: [ 30.721945] fff00000c99d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.722013] fff00000c99d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.722121] >fff00000c99d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.722202] ^ [ 30.722260] fff00000c99d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.722436] fff00000c99d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.722620] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 30.635671] ================================================================== [ 30.635866] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 30.636033] Read of size 1 at addr fff00000c9a40000 by task kunit_try_catch/187 [ 30.636119] [ 30.636153] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.636573] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.636644] Hardware name: linux,dummy-virt (DT) [ 30.636753] Call trace: [ 30.636790] show_stack+0x20/0x38 (C) [ 30.636844] dump_stack_lvl+0x8c/0xd0 [ 30.636906] print_report+0x118/0x608 [ 30.636965] kasan_report+0xdc/0x128 [ 30.637012] __asan_report_load1_noabort+0x20/0x30 [ 30.637059] page_alloc_uaf+0x328/0x350 [ 30.637163] kunit_try_run_case+0x170/0x3f0 [ 30.637221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.637281] kthread+0x328/0x630 [ 30.637324] ret_from_fork+0x10/0x20 [ 30.637382] [ 30.637410] The buggy address belongs to the physical page: [ 30.637450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a40 [ 30.637517] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.637576] page_type: f0(buddy) [ 30.637632] raw: 0bfffe0000000000 fff00000ff6161b0 fff00000ff6161b0 0000000000000000 [ 30.637691] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 30.637738] page dumped because: kasan: bad access detected [ 30.637769] [ 30.637797] Memory state around the buggy address: [ 30.637829] fff00000c9a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.637882] fff00000c9a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.637944] >fff00000c9a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.637983] ^ [ 30.638017] fff00000c9a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.638077] fff00000c9a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.638125] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 30.611387] ================================================================== [ 30.611614] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 30.611840] Free of addr fff00000c99d0001 by task kunit_try_catch/183 [ 30.612096] [ 30.612144] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.612298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.612371] Hardware name: linux,dummy-virt (DT) [ 30.612466] Call trace: [ 30.612516] show_stack+0x20/0x38 (C) [ 30.612579] dump_stack_lvl+0x8c/0xd0 [ 30.612840] print_report+0x118/0x608 [ 30.613242] kasan_report_invalid_free+0xc0/0xe8 [ 30.613436] __kasan_kfree_large+0x5c/0xa8 [ 30.613532] free_large_kmalloc+0x68/0x150 [ 30.613839] kfree+0x270/0x3c8 [ 30.614149] kmalloc_large_invalid_free+0x108/0x270 [ 30.614308] kunit_try_run_case+0x170/0x3f0 [ 30.614634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.614764] kthread+0x328/0x630 [ 30.614843] ret_from_fork+0x10/0x20 [ 30.615110] [ 30.615185] The buggy address belongs to the physical page: [ 30.615331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d0 [ 30.615392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.615595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.615812] page_type: f8(unknown) [ 30.615870] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.616048] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.616110] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.616373] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.616493] head: 0bfffe0000000002 ffffc1ffc3267401 00000000ffffffff 00000000ffffffff [ 30.616571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.616789] page dumped because: kasan: bad access detected [ 30.616960] [ 30.617032] Memory state around the buggy address: [ 30.617091] fff00000c99cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.617206] fff00000c99cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.617275] >fff00000c99d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617380] ^ [ 30.617411] fff00000c99d0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617486] fff00000c99d0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.617858] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 30.596849] ================================================================== [ 30.596918] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 30.597322] Read of size 1 at addr fff00000c99d0000 by task kunit_try_catch/181 [ 30.597400] [ 30.597450] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.597609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.597639] Hardware name: linux,dummy-virt (DT) [ 30.597687] Call trace: [ 30.597727] show_stack+0x20/0x38 (C) [ 30.598087] dump_stack_lvl+0x8c/0xd0 [ 30.598155] print_report+0x118/0x608 [ 30.598268] kasan_report+0xdc/0x128 [ 30.598321] __asan_report_load1_noabort+0x20/0x30 [ 30.598389] kmalloc_large_uaf+0x2cc/0x2f8 [ 30.598443] kunit_try_run_case+0x170/0x3f0 [ 30.598489] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.598809] kthread+0x328/0x630 [ 30.598880] ret_from_fork+0x10/0x20 [ 30.598945] [ 30.599054] The buggy address belongs to the physical page: [ 30.599104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099d0 [ 30.599170] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.599464] raw: 0bfffe0000000000 ffffc1ffc3267508 fff00000da462c80 0000000000000000 [ 30.599678] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.599764] page dumped because: kasan: bad access detected [ 30.599813] [ 30.599924] Memory state around the buggy address: [ 30.600002] fff00000c99cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.600083] fff00000c99cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.600252] >fff00000c99d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.600488] ^ [ 30.600606] fff00000c99d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.600707] fff00000c99d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.600799] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 30.583586] ================================================================== [ 30.584032] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 30.584252] Write of size 1 at addr fff00000c99ce00a by task kunit_try_catch/179 [ 30.584354] [ 30.584413] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.584945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.584982] Hardware name: linux,dummy-virt (DT) [ 30.585144] Call trace: [ 30.585212] show_stack+0x20/0x38 (C) [ 30.585400] dump_stack_lvl+0x8c/0xd0 [ 30.585570] print_report+0x118/0x608 [ 30.585647] kasan_report+0xdc/0x128 [ 30.585704] __asan_report_store1_noabort+0x20/0x30 [ 30.585996] kmalloc_large_oob_right+0x278/0x2b8 [ 30.586398] kunit_try_run_case+0x170/0x3f0 [ 30.586561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.586684] kthread+0x328/0x630 [ 30.586741] ret_from_fork+0x10/0x20 [ 30.586953] [ 30.587022] The buggy address belongs to the physical page: [ 30.587279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099cc [ 30.587477] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.587658] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.587769] page_type: f8(unknown) [ 30.587976] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.588257] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.588343] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.588399] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.588448] head: 0bfffe0000000002 ffffc1ffc3267301 00000000ffffffff 00000000ffffffff [ 30.588495] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.588821] page dumped because: kasan: bad access detected [ 30.588988] [ 30.589040] Memory state around the buggy address: [ 30.589099] fff00000c99cdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.589249] fff00000c99cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.589310] >fff00000c99ce000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.589581] ^ [ 30.589797] fff00000c99ce080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.589882] fff00000c99ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.590025] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 30.561462] ================================================================== [ 30.561614] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.561674] Write of size 1 at addr fff00000c6025f00 by task kunit_try_catch/177 [ 30.561753] [ 30.562203] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.562349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.562376] Hardware name: linux,dummy-virt (DT) [ 30.562437] Call trace: [ 30.562477] show_stack+0x20/0x38 (C) [ 30.562544] dump_stack_lvl+0x8c/0xd0 [ 30.562734] print_report+0x118/0x608 [ 30.562951] kasan_report+0xdc/0x128 [ 30.563013] __asan_report_store1_noabort+0x20/0x30 [ 30.563116] kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.563185] kunit_try_run_case+0x170/0x3f0 [ 30.563242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.563480] kthread+0x328/0x630 [ 30.563529] ret_from_fork+0x10/0x20 [ 30.563717] [ 30.563737] Allocated by task 177: [ 30.563765] kasan_save_stack+0x3c/0x68 [ 30.564061] kasan_save_track+0x20/0x40 [ 30.564108] kasan_save_alloc_info+0x40/0x58 [ 30.564145] __kasan_kmalloc+0xd4/0xd8 [ 30.564184] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.564222] kmalloc_big_oob_right+0xb8/0x2f0 [ 30.564260] kunit_try_run_case+0x170/0x3f0 [ 30.564299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.564342] kthread+0x328/0x630 [ 30.564374] ret_from_fork+0x10/0x20 [ 30.564420] [ 30.564452] The buggy address belongs to the object at fff00000c6024000 [ 30.564452] which belongs to the cache kmalloc-8k of size 8192 [ 30.564520] The buggy address is located 0 bytes to the right of [ 30.564520] allocated 7936-byte region [fff00000c6024000, fff00000c6025f00) [ 30.564581] [ 30.564601] The buggy address belongs to the physical page: [ 30.564634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106020 [ 30.564694] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.564755] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.564806] page_type: f5(slab) [ 30.564844] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.564892] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.564963] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.565045] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.565113] head: 0bfffe0000000003 ffffc1ffc3180801 00000000ffffffff 00000000ffffffff [ 30.565187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 30.565258] page dumped because: kasan: bad access detected [ 30.565298] [ 30.565327] Memory state around the buggy address: [ 30.565367] fff00000c6025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.565419] fff00000c6025e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.565471] >fff00000c6025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.565508] ^ [ 30.565570] fff00000c6025f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.565627] fff00000c6026000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.565664] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 30.545131] ================================================================== [ 30.545179] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 30.545227] Write of size 1 at addr fff00000c404fb78 by task kunit_try_catch/175 [ 30.545275] [ 30.545315] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.545411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.545439] Hardware name: linux,dummy-virt (DT) [ 30.545469] Call trace: [ 30.545491] show_stack+0x20/0x38 (C) [ 30.545538] dump_stack_lvl+0x8c/0xd0 [ 30.545586] print_report+0x118/0x608 [ 30.545633] kasan_report+0xdc/0x128 [ 30.545681] __asan_report_store1_noabort+0x20/0x30 [ 30.545729] kmalloc_track_caller_oob_right+0x418/0x488 [ 30.545780] kunit_try_run_case+0x170/0x3f0 [ 30.545827] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.545880] kthread+0x328/0x630 [ 30.546229] ret_from_fork+0x10/0x20 [ 30.547027] [ 30.547076] Allocated by task 175: [ 30.547117] kasan_save_stack+0x3c/0x68 [ 30.547161] kasan_save_track+0x20/0x40 [ 30.547198] kasan_save_alloc_info+0x40/0x58 [ 30.547234] __kasan_kmalloc+0xd4/0xd8 [ 30.547271] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.547315] kmalloc_track_caller_oob_right+0x184/0x488 [ 30.547359] kunit_try_run_case+0x170/0x3f0 [ 30.547397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.547793] kthread+0x328/0x630 [ 30.547871] ret_from_fork+0x10/0x20 [ 30.548027] [ 30.548049] The buggy address belongs to the object at fff00000c404fb00 [ 30.548049] which belongs to the cache kmalloc-128 of size 128 [ 30.548106] The buggy address is located 0 bytes to the right of [ 30.548106] allocated 120-byte region [fff00000c404fb00, fff00000c404fb78) [ 30.548176] [ 30.548196] The buggy address belongs to the physical page: [ 30.548225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.549031] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.549138] page_type: f5(slab) [ 30.549216] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.549609] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.549782] page dumped because: kasan: bad access detected [ 30.549831] [ 30.549850] Memory state around the buggy address: [ 30.550025] fff00000c404fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.550246] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550328] >fff00000c404fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.550504] ^ [ 30.550701] fff00000c404fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550806] fff00000c404fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550896] ================================================================== [ 30.535171] ================================================================== [ 30.535224] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.535275] Write of size 1 at addr fff00000c404fa78 by task kunit_try_catch/175 [ 30.535325] [ 30.535356] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.535460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.535487] Hardware name: linux,dummy-virt (DT) [ 30.535517] Call trace: [ 30.535870] show_stack+0x20/0x38 (C) [ 30.536197] dump_stack_lvl+0x8c/0xd0 [ 30.536406] print_report+0x118/0x608 [ 30.536885] kasan_report+0xdc/0x128 [ 30.536992] __asan_report_store1_noabort+0x20/0x30 [ 30.537190] kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.537413] kunit_try_run_case+0x170/0x3f0 [ 30.537598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.537746] kthread+0x328/0x630 [ 30.537800] ret_from_fork+0x10/0x20 [ 30.538639] [ 30.538665] Allocated by task 175: [ 30.538696] kasan_save_stack+0x3c/0x68 [ 30.538757] kasan_save_track+0x20/0x40 [ 30.538819] kasan_save_alloc_info+0x40/0x58 [ 30.538899] __kasan_kmalloc+0xd4/0xd8 [ 30.538970] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.539208] kmalloc_track_caller_oob_right+0xa8/0x488 [ 30.539591] kunit_try_run_case+0x170/0x3f0 [ 30.539934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.540110] kthread+0x328/0x630 [ 30.540162] ret_from_fork+0x10/0x20 [ 30.540199] [ 30.540219] The buggy address belongs to the object at fff00000c404fa00 [ 30.540219] which belongs to the cache kmalloc-128 of size 128 [ 30.540540] The buggy address is located 0 bytes to the right of [ 30.540540] allocated 120-byte region [fff00000c404fa00, fff00000c404fa78) [ 30.541065] [ 30.541185] The buggy address belongs to the physical page: [ 30.541223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.541311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.541420] page_type: f5(slab) [ 30.541499] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.541598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.541672] page dumped because: kasan: bad access detected [ 30.541773] [ 30.541823] Memory state around the buggy address: [ 30.541874] fff00000c404f900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.542046] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.542327] >fff00000c404fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.542551] ^ [ 30.542682] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.542900] fff00000c404fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.543024] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 30.523339] ================================================================== [ 30.523450] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 30.523514] Read of size 1 at addr fff00000c989d000 by task kunit_try_catch/173 [ 30.523617] [ 30.523648] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.523860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.523976] Hardware name: linux,dummy-virt (DT) [ 30.524010] Call trace: [ 30.524032] show_stack+0x20/0x38 (C) [ 30.524100] dump_stack_lvl+0x8c/0xd0 [ 30.524259] print_report+0x118/0x608 [ 30.524328] kasan_report+0xdc/0x128 [ 30.524454] __asan_report_load1_noabort+0x20/0x30 [ 30.524515] kmalloc_node_oob_right+0x2f4/0x330 [ 30.524564] kunit_try_run_case+0x170/0x3f0 [ 30.524638] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.524692] kthread+0x328/0x630 [ 30.524952] ret_from_fork+0x10/0x20 [ 30.525147] [ 30.525167] Allocated by task 173: [ 30.525246] kasan_save_stack+0x3c/0x68 [ 30.525464] kasan_save_track+0x20/0x40 [ 30.525540] kasan_save_alloc_info+0x40/0x58 [ 30.525610] __kasan_kmalloc+0xd4/0xd8 [ 30.525709] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 30.525789] kmalloc_node_oob_right+0xbc/0x330 [ 30.525863] kunit_try_run_case+0x170/0x3f0 [ 30.525940] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.526020] kthread+0x328/0x630 [ 30.526052] ret_from_fork+0x10/0x20 [ 30.526303] [ 30.526359] The buggy address belongs to the object at fff00000c989c000 [ 30.526359] which belongs to the cache kmalloc-4k of size 4096 [ 30.526494] The buggy address is located 0 bytes to the right of [ 30.526494] allocated 4096-byte region [fff00000c989c000, fff00000c989d000) [ 30.526585] [ 30.526623] The buggy address belongs to the physical page: [ 30.526831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109898 [ 30.527333] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.527434] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.528049] page_type: f5(slab) [ 30.528139] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 30.528210] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 30.528340] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 30.528439] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 30.528628] head: 0bfffe0000000003 ffffc1ffc3262601 00000000ffffffff 00000000ffffffff [ 30.528809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 30.529058] page dumped because: kasan: bad access detected [ 30.529118] [ 30.529186] Memory state around the buggy address: [ 30.529283] fff00000c989cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.529346] fff00000c989cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.529414] >fff00000c989d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529498] ^ [ 30.529546] fff00000c989d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529592] fff00000c989d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529636] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 30.513969] ================================================================== [ 30.514025] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 30.514257] Read of size 1 at addr fff00000c919c6ff by task kunit_try_catch/171 [ 30.514358] [ 30.514428] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.514514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.514541] Hardware name: linux,dummy-virt (DT) [ 30.514590] Call trace: [ 30.514786] show_stack+0x20/0x38 (C) [ 30.514899] dump_stack_lvl+0x8c/0xd0 [ 30.514981] print_report+0x118/0x608 [ 30.515039] kasan_report+0xdc/0x128 [ 30.515086] __asan_report_load1_noabort+0x20/0x30 [ 30.515133] kmalloc_oob_left+0x2ec/0x320 [ 30.515399] kunit_try_run_case+0x170/0x3f0 [ 30.515501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.515627] kthread+0x328/0x630 [ 30.515698] ret_from_fork+0x10/0x20 [ 30.515794] [ 30.515820] Allocated by task 12: [ 30.515849] kasan_save_stack+0x3c/0x68 [ 30.515909] kasan_save_track+0x20/0x40 [ 30.515957] kasan_save_alloc_info+0x40/0x58 [ 30.515993] __kasan_kmalloc+0xd4/0xd8 [ 30.516164] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.516314] kvasprintf+0xe0/0x180 [ 30.516364] __kthread_create_on_node+0x16c/0x350 [ 30.516401] kthread_create_on_node+0xe4/0x130 [ 30.516437] create_worker+0x380/0x6b8 [ 30.516483] worker_thread+0x808/0xf38 [ 30.516551] kthread+0x328/0x630 [ 30.516584] ret_from_fork+0x10/0x20 [ 30.516647] [ 30.516695] The buggy address belongs to the object at fff00000c919c6e0 [ 30.516695] which belongs to the cache kmalloc-16 of size 16 [ 30.516796] The buggy address is located 19 bytes to the right of [ 30.516796] allocated 12-byte region [fff00000c919c6e0, fff00000c919c6ec) [ 30.516860] [ 30.516880] The buggy address belongs to the physical page: [ 30.516915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c [ 30.517118] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.517219] page_type: f5(slab) [ 30.517350] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.517529] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000 [ 30.517570] page dumped because: kasan: bad access detected [ 30.517724] [ 30.517743] Memory state around the buggy address: [ 30.517774] fff00000c919c580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.517816] fff00000c919c600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.517892] >fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 30.517937] ^ [ 30.517976] fff00000c919c700: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.518017] fff00000c919c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.518054] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 30.498375] ================================================================== [ 30.498423] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.498468] Write of size 1 at addr fff00000c404f978 by task kunit_try_catch/169 [ 30.498545] [ 30.498584] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.498687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.498715] Hardware name: linux,dummy-virt (DT) [ 30.498753] Call trace: [ 30.498804] show_stack+0x20/0x38 (C) [ 30.498852] dump_stack_lvl+0x8c/0xd0 [ 30.498899] print_report+0x118/0x608 [ 30.499279] kasan_report+0xdc/0x128 [ 30.499353] __asan_report_store1_noabort+0x20/0x30 [ 30.499489] kmalloc_oob_right+0x538/0x660 [ 30.499552] kunit_try_run_case+0x170/0x3f0 [ 30.499669] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.500159] kthread+0x328/0x630 [ 30.500311] ret_from_fork+0x10/0x20 [ 30.500393] [ 30.500412] Allocated by task 169: [ 30.500440] kasan_save_stack+0x3c/0x68 [ 30.500511] kasan_save_track+0x20/0x40 [ 30.500549] kasan_save_alloc_info+0x40/0x58 [ 30.500585] __kasan_kmalloc+0xd4/0xd8 [ 30.500672] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.500968] kmalloc_oob_right+0xb0/0x660 [ 30.501061] kunit_try_run_case+0x170/0x3f0 [ 30.501131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.501210] kthread+0x328/0x630 [ 30.501277] ret_from_fork+0x10/0x20 [ 30.501333] [ 30.501374] The buggy address belongs to the object at fff00000c404f900 [ 30.501374] which belongs to the cache kmalloc-128 of size 128 [ 30.501483] The buggy address is located 5 bytes to the right of [ 30.501483] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.501572] [ 30.501620] The buggy address belongs to the physical page: [ 30.501693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.501748] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.501815] page_type: f5(slab) [ 30.502193] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.502504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.502605] page dumped because: kasan: bad access detected [ 30.502666] [ 30.502729] Memory state around the buggy address: [ 30.502788] fff00000c404f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.502847] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.502894] >fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.503009] ^ [ 30.503077] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.503147] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.503225] ================================================================== [ 30.504394] ================================================================== [ 30.504461] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.504521] Read of size 1 at addr fff00000c404f980 by task kunit_try_catch/169 [ 30.504572] [ 30.504600] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.504815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.504846] Hardware name: linux,dummy-virt (DT) [ 30.504995] Call trace: [ 30.505033] show_stack+0x20/0x38 (C) [ 30.505085] dump_stack_lvl+0x8c/0xd0 [ 30.505142] print_report+0x118/0x608 [ 30.505190] kasan_report+0xdc/0x128 [ 30.505237] __asan_report_load1_noabort+0x20/0x30 [ 30.505286] kmalloc_oob_right+0x5d0/0x660 [ 30.505340] kunit_try_run_case+0x170/0x3f0 [ 30.505388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.505441] kthread+0x328/0x630 [ 30.505483] ret_from_fork+0x10/0x20 [ 30.505530] [ 30.505548] Allocated by task 169: [ 30.505585] kasan_save_stack+0x3c/0x68 [ 30.505643] kasan_save_track+0x20/0x40 [ 30.505681] kasan_save_alloc_info+0x40/0x58 [ 30.505770] __kasan_kmalloc+0xd4/0xd8 [ 30.505970] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.506154] kmalloc_oob_right+0xb0/0x660 [ 30.506199] kunit_try_run_case+0x170/0x3f0 [ 30.506237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.506419] kthread+0x328/0x630 [ 30.506456] ret_from_fork+0x10/0x20 [ 30.506601] [ 30.506627] The buggy address belongs to the object at fff00000c404f900 [ 30.506627] which belongs to the cache kmalloc-128 of size 128 [ 30.506684] The buggy address is located 13 bytes to the right of [ 30.506684] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.506747] [ 30.506766] The buggy address belongs to the physical page: [ 30.506808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.506861] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.506907] page_type: f5(slab) [ 30.506955] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.507150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.507220] page dumped because: kasan: bad access detected [ 30.507258] [ 30.507277] Memory state around the buggy address: [ 30.507333] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507376] fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.507426] >fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507464] ^ [ 30.507491] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507532] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507777] ================================================================== [ 30.490855] ================================================================== [ 30.491663] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.492507] Write of size 1 at addr fff00000c404f973 by task kunit_try_catch/169 [ 30.492616] [ 30.493387] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.493536] Tainted: [N]=TEST [ 30.493569] Hardware name: linux,dummy-virt (DT) [ 30.493786] Call trace: [ 30.493976] show_stack+0x20/0x38 (C) [ 30.494113] dump_stack_lvl+0x8c/0xd0 [ 30.494168] print_report+0x118/0x608 [ 30.494219] kasan_report+0xdc/0x128 [ 30.494266] __asan_report_store1_noabort+0x20/0x30 [ 30.494315] kmalloc_oob_right+0x5a4/0x660 [ 30.494362] kunit_try_run_case+0x170/0x3f0 [ 30.494415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.494469] kthread+0x328/0x630 [ 30.494514] ret_from_fork+0x10/0x20 [ 30.494668] [ 30.494710] Allocated by task 169: [ 30.494827] kasan_save_stack+0x3c/0x68 [ 30.494892] kasan_save_track+0x20/0x40 [ 30.494943] kasan_save_alloc_info+0x40/0x58 [ 30.494980] __kasan_kmalloc+0xd4/0xd8 [ 30.495016] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.495058] kmalloc_oob_right+0xb0/0x660 [ 30.495094] kunit_try_run_case+0x170/0x3f0 [ 30.495131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.495174] kthread+0x328/0x630 [ 30.495206] ret_from_fork+0x10/0x20 [ 30.495261] [ 30.495320] The buggy address belongs to the object at fff00000c404f900 [ 30.495320] which belongs to the cache kmalloc-128 of size 128 [ 30.495410] The buggy address is located 0 bytes to the right of [ 30.495410] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.495476] [ 30.495617] The buggy address belongs to the physical page: [ 30.495844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.496127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.496407] page_type: f5(slab) [ 30.496692] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.496754] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.496857] page dumped because: kasan: bad access detected [ 30.496897] [ 30.496922] Memory state around the buggy address: [ 30.497150] fff00000c404f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.497215] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497268] >fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.497322] ^ [ 30.497402] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497444] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497504] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 109.209524] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#1: kunit_try_catch/691 [ 109.210443] Modules linked in: [ 109.210709] CPU: 1 UID: 0 PID: 691 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 109.211331] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 109.211881] Hardware name: linux,dummy-virt (DT) [ 109.212167] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 109.212519] pc : intlog10+0x38/0x48 [ 109.212763] lr : intlog10_test+0xe4/0x200 [ 109.212988] sp : ffff8000821f7c10 [ 109.213182] x29: ffff8000821f7c90 x28: 0000000000000000 x27: 0000000000000000 [ 109.213618] x26: 1ffe0000182a5101 x25: 0000000000000000 x24: ffff8000821f7ce0 [ 109.214956] x23: ffff8000821f7d00 x22: 0000000000000000 x21: 1ffff0001043ef82 [ 109.215435] x20: ffffa106213fd400 x19: ffff800080087990 x18: 0000000091e47e60 [ 109.216049] x17: 00000000f9997ee1 x16: fff00000c646183c x15: 000000007187ec66 [ 109.216818] x14: 00000000c9c728ef x13: 1ffe00001b48bdcd x12: ffff7420c4a56589 [ 109.217287] x11: 1ffff420c4a56588 x10: ffff7420c4a56588 x9 : ffffa1061ea42234 [ 109.217750] x8 : ffffa106252b2c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 109.218219] x5 : ffff70001043ef82 x4 : 1ffff00010010f3b x3 : 1ffff420c427fa80 [ 109.218681] x2 : 1ffff420c427fa80 x1 : 0000000000000003 x0 : 0000000000000000 [ 109.219173] Call trace: [ 109.219386] intlog10+0x38/0x48 (P) [ 109.219658] kunit_try_run_case+0x170/0x3f0 [ 109.220077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 109.220374] kthread+0x328/0x630 [ 109.220592] ret_from_fork+0x10/0x20 [ 109.220819] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 109.159219] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#1: kunit_try_catch/673 [ 109.162213] Modules linked in: [ 109.162666] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 109.163737] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 109.164267] Hardware name: linux,dummy-virt (DT) [ 109.164823] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 109.165743] pc : intlog2+0xd8/0xf8 [ 109.166147] lr : intlog2_test+0xe4/0x200 [ 109.166566] sp : ffff800082157c10 [ 109.166908] x29: ffff800082157c90 x28: 0000000000000000 x27: 0000000000000000 [ 109.167778] x26: 1ffe0000193c4f61 x25: 0000000000000000 x24: ffff800082157ce0 [ 109.168662] x23: ffff800082157d00 x22: 0000000000000000 x21: 1ffff0001042af82 [ 109.169510] x20: ffffa106213fd300 x19: ffff800080087990 x18: 0000000010da8b5f [ 109.170256] x17: 000000000010fb5a x16: fff00000c646183c x15: 00000000d927d8d2 [ 109.170610] x14: 00000000f1f1f1f1 x13: 1ffe00001b48bdcd x12: ffff7420c4a56589 [ 109.170972] x11: 1ffff420c4a56588 x10: ffff7420c4a56588 x9 : ffffa1061ea42434 [ 109.171388] x8 : ffffa106252b2c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 109.171897] x5 : ffff70001042af82 x4 : 1ffff00010010f3b x3 : 1ffff420c427fa60 [ 109.172330] x2 : 1ffff420c427fa60 x1 : 0000000000000003 x0 : 0000000000000000 [ 109.172755] Call trace: [ 109.172951] intlog2+0xd8/0xf8 (P) [ 109.173178] kunit_try_run_case+0x170/0x3f0 [ 109.173433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 109.173713] kthread+0x328/0x630 [ 109.173954] ret_from_fork+0x10/0x20 [ 109.174189] ---[ end trace 0000000000000000 ]---