Date
July 3, 2025, 10:10 a.m.
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 33.557395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x414/0x4858 [ 33.738135] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xca0/0x4858 [ 33.569259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4e4/0x4858 [ 33.546900] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f94/0x4858
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 33.423017] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 33.471018] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0
Failure - log-parser-boot/internal-error-oops-oops-smp
[ 112.955307] Internal error: Oops: 0000000096000005 [#1] SMP [ 112.959620] Modules linked in: [ 112.960113] CPU: 1 UID: 0 PID: 564 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 112.960664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 112.960888] Hardware name: linux,dummy-virt (DT) [ 112.961241] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 112.961909] pc : kunit_test_null_dereference+0x70/0x170 [ 112.962320] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 112.962658] sp : ffff800082017d30 [ 112.962959] x29: ffff800082017d90 x28: 0000000000000000 x27: 0000000000000000 [ 112.963508] x26: 1ffe000018874941 x25: 0000000000000000 x24: 0000000000000004 [ 112.963990] x23: fff00000c43a4a0c x22: ffffa65275829c78 x21: fff00000c43c4a88 [ 112.964454] x20: 1ffff00010402fa6 x19: ffff800080087990 x18: 000000002c9ee6a3 [ 112.965070] x17: 0000000000000001 x16: fff00000da480ce8 x15: 00000000d0a8c1b6 [ 112.965864] x14: 00000000b5610e91 x13: 1ffe00001924a654 x12: fffd800018f738b4 [ 112.966360] x11: 1ffe000018f738b3 x10: fffd800018f738b3 x9 : ffffa65275821408 [ 112.966758] x8 : ffff800082017c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 112.967109] x5 : ffff700010402fa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 112.967445] x2 : dfff800000000000 x1 : fff00000c7b9bcc0 x0 : ffff800080087990 [ 112.967810] Call trace: [ 112.968206] kunit_test_null_dereference+0x70/0x170 (P) [ 112.968756] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 112.969377] kthread+0x328/0x630 [ 112.969767] ret_from_fork+0x10/0x20 [ 112.970468] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 112.971334] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 67.085413] ================================================================== [ 67.085485] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 67.085485] [ 67.085576] Use-after-free read at 0x00000000b8f16c48 (in kfence-#215): [ 67.085629] test_krealloc+0x51c/0x830 [ 67.085674] kunit_try_run_case+0x170/0x3f0 [ 67.085723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.085772] kthread+0x328/0x630 [ 67.085813] ret_from_fork+0x10/0x20 [ 67.085869] [ 67.085896] kfence-#215: 0x00000000b8f16c48-0x000000005f870872, size=32, cache=kmalloc-32 [ 67.085896] [ 67.085955] allocated by task 369 on cpu 0 at 67.084719s (0.001232s ago): [ 67.086026] test_alloc+0x29c/0x628 [ 67.086066] test_krealloc+0xc0/0x830 [ 67.086106] kunit_try_run_case+0x170/0x3f0 [ 67.086149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.086194] kthread+0x328/0x630 [ 67.086229] ret_from_fork+0x10/0x20 [ 67.086271] [ 67.086294] freed by task 369 on cpu 0 at 67.085021s (0.001269s ago): [ 67.086357] krealloc_noprof+0x148/0x360 [ 67.086398] test_krealloc+0x1dc/0x830 [ 67.086438] kunit_try_run_case+0x170/0x3f0 [ 67.086481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.086527] kthread+0x328/0x630 [ 67.086562] ret_from_fork+0x10/0x20 [ 67.086602] [ 67.086650] CPU: 0 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 67.086730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 67.086759] Hardware name: linux,dummy-virt (DT) [ 67.086795] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 67.004789] ================================================================== [ 67.004906] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 67.004906] [ 67.005011] Use-after-free read at 0x000000005bfaa7c9 (in kfence-#214): [ 67.005067] test_memcache_typesafe_by_rcu+0x280/0x560 [ 67.005121] kunit_try_run_case+0x170/0x3f0 [ 67.005168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.005215] kthread+0x328/0x630 [ 67.005256] ret_from_fork+0x10/0x20 [ 67.005297] [ 67.005320] kfence-#214: 0x000000005bfaa7c9-0x00000000bdbbd1f6, size=32, cache=test [ 67.005320] [ 67.005373] allocated by task 367 on cpu 1 at 66.988672s (0.016697s ago): [ 67.005446] test_alloc+0x230/0x628 [ 67.005486] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 67.005531] kunit_try_run_case+0x170/0x3f0 [ 67.005571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.005617] kthread+0x328/0x630 [ 67.005652] ret_from_fork+0x10/0x20 [ 67.005692] [ 67.005715] freed by task 367 on cpu 1 at 66.988783s (0.016929s ago): [ 67.005773] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 67.005821] kunit_try_run_case+0x170/0x3f0 [ 67.005870] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 67.005914] kthread+0x328/0x630 [ 67.005961] ret_from_fork+0x10/0x20 [ 67.006002] [ 67.006050] CPU: 1 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 67.006154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 67.006185] Hardware name: linux,dummy-virt (DT) [ 67.006221] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 43.916966] ================================================================== [ 43.917113] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 43.917113] [ 43.917218] Invalid read at 0x000000009ce44d74: [ 43.917300] test_invalid_access+0xdc/0x1f0 [ 43.917357] kunit_try_run_case+0x170/0x3f0 [ 43.917410] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.917463] kthread+0x328/0x630 [ 43.917509] ret_from_fork+0x10/0x20 [ 43.917563] [ 43.917615] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 43.917769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.917807] Hardware name: linux,dummy-virt (DT) [ 43.917871] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 43.684987] ================================================================== [ 43.685088] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 43.685088] [ 43.685154] Corrupted memory at 0x00000000f5f033ec [ ! . . . . . . . . . . . . . . . ] (in kfence-#210): [ 43.685464] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 43.685519] kunit_try_run_case+0x170/0x3f0 [ 43.685563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.685611] kthread+0x328/0x630 [ 43.685650] ret_from_fork+0x10/0x20 [ 43.685690] [ 43.685714] kfence-#210: 0x0000000023598719-0x00000000eea394ba, size=73, cache=kmalloc-96 [ 43.685714] [ 43.685770] allocated by task 357 on cpu 1 at 43.684721s (0.001046s ago): [ 43.685848] test_alloc+0x29c/0x628 [ 43.685891] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 43.685938] kunit_try_run_case+0x170/0x3f0 [ 43.685986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.686031] kthread+0x328/0x630 [ 43.686068] ret_from_fork+0x10/0x20 [ 43.686108] [ 43.686133] freed by task 357 on cpu 1 at 43.684885s (0.001244s ago): [ 43.686199] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 43.686246] kunit_try_run_case+0x170/0x3f0 [ 43.686289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.686336] kthread+0x328/0x630 [ 43.686372] ret_from_fork+0x10/0x20 [ 43.686411] [ 43.686459] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 43.686542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.686572] Hardware name: linux,dummy-virt (DT) [ 43.686606] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 43.269071] ================================================================== [ 43.269172] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 43.269172] [ 43.269279] Out-of-bounds read at 0x0000000052d39993 (105B right of kfence-#206): [ 43.269340] test_kmalloc_aligned_oob_read+0x238/0x468 [ 43.269390] kunit_try_run_case+0x170/0x3f0 [ 43.269437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.269483] kthread+0x328/0x630 [ 43.269521] ret_from_fork+0x10/0x20 [ 43.269564] [ 43.269589] kfence-#206: 0x00000000161bdc8a-0x000000004c3de870, size=73, cache=kmalloc-96 [ 43.269589] [ 43.269643] allocated by task 355 on cpu 1 at 43.268779s (0.000860s ago): [ 43.269716] test_alloc+0x29c/0x628 [ 43.269758] test_kmalloc_aligned_oob_read+0x100/0x468 [ 43.269804] kunit_try_run_case+0x170/0x3f0 [ 43.269859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.269906] kthread+0x328/0x630 [ 43.269941] ret_from_fork+0x10/0x20 [ 43.269990] [ 43.270040] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 43.270123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.270153] Hardware name: linux,dummy-virt (DT) [ 43.270187] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 37.233042] ================================================================== [ 37.233161] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 37.233161] [ 37.233232] Corrupted memory at 0x000000006433ed97 [ ! . . . . . . . . . . . . . . . ] (in kfence-#148): [ 37.234358] test_corruption+0x278/0x378 [ 37.234412] kunit_try_run_case+0x170/0x3f0 [ 37.234461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.234508] kthread+0x328/0x630 [ 37.234549] ret_from_fork+0x10/0x20 [ 37.234592] [ 37.234616] kfence-#148: 0x00000000a7cd20d7-0x0000000037f5709d, size=32, cache=kmalloc-32 [ 37.234616] [ 37.234673] allocated by task 343 on cpu 1 at 37.232724s (0.001946s ago): [ 37.234739] test_alloc+0x29c/0x628 [ 37.234781] test_corruption+0xdc/0x378 [ 37.234822] kunit_try_run_case+0x170/0x3f0 [ 37.234878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.234924] kthread+0x328/0x630 [ 37.234961] ret_from_fork+0x10/0x20 [ 37.234999] [ 37.235022] freed by task 343 on cpu 1 at 37.232847s (0.002172s ago): [ 37.235087] test_corruption+0x278/0x378 [ 37.235127] kunit_try_run_case+0x170/0x3f0 [ 37.235168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.235214] kthread+0x328/0x630 [ 37.235249] ret_from_fork+0x10/0x20 [ 37.235288] [ 37.235338] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 37.235417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.235445] Hardware name: linux,dummy-virt (DT) [ 37.235481] ================================================================== [ 38.272939] ================================================================== [ 38.273034] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 38.273034] [ 38.273097] Corrupted memory at 0x0000000035230aca [ ! ] (in kfence-#158): [ 38.273210] test_corruption+0x1d8/0x378 [ 38.273259] kunit_try_run_case+0x170/0x3f0 [ 38.273302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.273348] kthread+0x328/0x630 [ 38.273388] ret_from_fork+0x10/0x20 [ 38.273429] [ 38.273453] kfence-#158: 0x00000000eb6a16cc-0x000000000696d509, size=32, cache=test [ 38.273453] [ 38.273509] allocated by task 345 on cpu 1 at 38.272762s (0.000743s ago): [ 38.273572] test_alloc+0x230/0x628 [ 38.273615] test_corruption+0x198/0x378 [ 38.273657] kunit_try_run_case+0x170/0x3f0 [ 38.273698] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.273744] kthread+0x328/0x630 [ 38.273781] ret_from_fork+0x10/0x20 [ 38.273822] [ 38.273859] freed by task 345 on cpu 1 at 38.272824s (0.001031s ago): [ 38.273924] test_corruption+0x1d8/0x378 [ 38.273978] kunit_try_run_case+0x170/0x3f0 [ 38.274024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.274069] kthread+0x328/0x630 [ 38.274106] ret_from_fork+0x10/0x20 [ 38.274146] [ 38.274187] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 38.274266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.274295] Hardware name: linux,dummy-virt (DT) [ 38.274330] ================================================================== [ 37.753042] ================================================================== [ 37.753141] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 37.753141] [ 37.753207] Corrupted memory at 0x0000000017268e3f [ ! ] (in kfence-#153): [ 37.753342] test_corruption+0x284/0x378 [ 37.753390] kunit_try_run_case+0x170/0x3f0 [ 37.753435] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.753481] kthread+0x328/0x630 [ 37.753521] ret_from_fork+0x10/0x20 [ 37.753560] [ 37.753585] kfence-#153: 0x000000009041dc3c-0x0000000055f1de4c, size=32, cache=kmalloc-32 [ 37.753585] [ 37.753640] allocated by task 343 on cpu 1 at 37.752747s (0.000890s ago): [ 37.753704] test_alloc+0x29c/0x628 [ 37.753745] test_corruption+0x198/0x378 [ 37.753787] kunit_try_run_case+0x170/0x3f0 [ 37.753828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.753886] kthread+0x328/0x630 [ 37.753924] ret_from_fork+0x10/0x20 [ 37.753969] [ 37.753993] freed by task 343 on cpu 1 at 37.752862s (0.001127s ago): [ 37.754057] test_corruption+0x284/0x378 [ 37.754099] kunit_try_run_case+0x170/0x3f0 [ 37.754140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.754188] kthread+0x328/0x630 [ 37.754225] ret_from_fork+0x10/0x20 [ 37.754266] [ 37.754308] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 37.754389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.754419] Hardware name: linux,dummy-virt (DT) [ 37.754454] ================================================================== [ 38.168948] ================================================================== [ 38.169048] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 38.169048] [ 38.169111] Corrupted memory at 0x000000009c00ceab [ ! . . . . . . . . . . . . . . . ] (in kfence-#157): [ 38.169422] test_corruption+0x120/0x378 [ 38.169470] kunit_try_run_case+0x170/0x3f0 [ 38.169515] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.169562] kthread+0x328/0x630 [ 38.169601] ret_from_fork+0x10/0x20 [ 38.169641] [ 38.169664] kfence-#157: 0x000000003c452b1a-0x0000000015e644eb, size=32, cache=test [ 38.169664] [ 38.169720] allocated by task 345 on cpu 1 at 38.168781s (0.000935s ago): [ 38.169784] test_alloc+0x230/0x628 [ 38.169825] test_corruption+0xdc/0x378 [ 38.169882] kunit_try_run_case+0x170/0x3f0 [ 38.169923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.169975] kthread+0x328/0x630 [ 38.170011] ret_from_fork+0x10/0x20 [ 38.170051] [ 38.170074] freed by task 345 on cpu 1 at 38.168853s (0.001217s ago): [ 38.170138] test_corruption+0x120/0x378 [ 38.170179] kunit_try_run_case+0x170/0x3f0 [ 38.170221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.170266] kthread+0x328/0x630 [ 38.170301] ret_from_fork+0x10/0x20 [ 38.170342] [ 38.170384] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 38.170465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.170495] Hardware name: linux,dummy-virt (DT) [ 38.170529] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 36.920892] ================================================================== [ 36.920986] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 36.920986] [ 36.921048] Invalid free of 0x00000000d40afea9 (in kfence-#145): [ 36.921102] test_invalid_addr_free+0xec/0x238 [ 36.921151] kunit_try_run_case+0x170/0x3f0 [ 36.921195] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.921242] kthread+0x328/0x630 [ 36.921282] ret_from_fork+0x10/0x20 [ 36.921322] [ 36.921345] kfence-#145: 0x00000000f6c0028c-0x00000000820bfec4, size=32, cache=test [ 36.921345] [ 36.921398] allocated by task 341 on cpu 0 at 36.920744s (0.000651s ago): [ 36.921462] test_alloc+0x230/0x628 [ 36.921506] test_invalid_addr_free+0xd4/0x238 [ 36.921549] kunit_try_run_case+0x170/0x3f0 [ 36.921592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.921638] kthread+0x328/0x630 [ 36.921675] ret_from_fork+0x10/0x20 [ 36.921714] [ 36.921757] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.921849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.921879] Hardware name: linux,dummy-virt (DT) [ 36.921913] ================================================================== [ 36.816913] ================================================================== [ 36.817002] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 36.817002] [ 36.817068] Invalid free of 0x00000000689798e6 (in kfence-#144): [ 36.817122] test_invalid_addr_free+0x1ac/0x238 [ 36.817172] kunit_try_run_case+0x170/0x3f0 [ 36.817218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.817265] kthread+0x328/0x630 [ 36.817306] ret_from_fork+0x10/0x20 [ 36.817348] [ 36.817373] kfence-#144: 0x00000000da49c652-0x00000000ebf564b9, size=32, cache=kmalloc-32 [ 36.817373] [ 36.817428] allocated by task 339 on cpu 0 at 36.816734s (0.000690s ago): [ 36.817495] test_alloc+0x29c/0x628 [ 36.817536] test_invalid_addr_free+0xd4/0x238 [ 36.817578] kunit_try_run_case+0x170/0x3f0 [ 36.817620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.817669] kthread+0x328/0x630 [ 36.817707] ret_from_fork+0x10/0x20 [ 36.817747] [ 36.817797] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.817891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.817920] Hardware name: linux,dummy-virt (DT) [ 36.817957] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 36.712897] ================================================================== [ 36.712990] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 36.712990] [ 36.713054] Invalid free of 0x00000000a66ee7d7 (in kfence-#143): [ 36.713106] test_double_free+0x100/0x238 [ 36.713153] kunit_try_run_case+0x170/0x3f0 [ 36.713199] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.713246] kthread+0x328/0x630 [ 36.713283] ret_from_fork+0x10/0x20 [ 36.713323] [ 36.713348] kfence-#143: 0x00000000a66ee7d7-0x00000000121de331, size=32, cache=test [ 36.713348] [ 36.713402] allocated by task 337 on cpu 1 at 36.712674s (0.000725s ago): [ 36.713467] test_alloc+0x230/0x628 [ 36.713508] test_double_free+0xd4/0x238 [ 36.713550] kunit_try_run_case+0x170/0x3f0 [ 36.713592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.713637] kthread+0x328/0x630 [ 36.713673] ret_from_fork+0x10/0x20 [ 36.713712] [ 36.713736] freed by task 337 on cpu 1 at 36.712739s (0.000993s ago): [ 36.713800] test_double_free+0xf0/0x238 [ 36.713853] kunit_try_run_case+0x170/0x3f0 [ 36.713894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.713938] kthread+0x328/0x630 [ 36.713985] ret_from_fork+0x10/0x20 [ 36.714026] [ 36.714068] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.714150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.714180] Hardware name: linux,dummy-virt (DT) [ 36.714215] ================================================================== [ 36.609076] ================================================================== [ 36.609193] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 36.609193] [ 36.609263] Invalid free of 0x0000000053534c83 (in kfence-#142): [ 36.609327] test_double_free+0x1bc/0x238 [ 36.609375] kunit_try_run_case+0x170/0x3f0 [ 36.609421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.609468] kthread+0x328/0x630 [ 36.609508] ret_from_fork+0x10/0x20 [ 36.609550] [ 36.609573] kfence-#142: 0x0000000053534c83-0x0000000061e9bbed, size=32, cache=kmalloc-32 [ 36.609573] [ 36.609630] allocated by task 335 on cpu 1 at 36.608744s (0.000883s ago): [ 36.609696] test_alloc+0x29c/0x628 [ 36.609738] test_double_free+0xd4/0x238 [ 36.609780] kunit_try_run_case+0x170/0x3f0 [ 36.609822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.609887] kthread+0x328/0x630 [ 36.609923] ret_from_fork+0x10/0x20 [ 36.609969] [ 36.609994] freed by task 335 on cpu 1 at 36.608818s (0.001172s ago): [ 36.610059] test_double_free+0x1ac/0x238 [ 36.610100] kunit_try_run_case+0x170/0x3f0 [ 36.610142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.610189] kthread+0x328/0x630 [ 36.610224] ret_from_fork+0x10/0x20 [ 36.610262] [ 36.610310] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.610391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.610422] Hardware name: linux,dummy-virt (DT) [ 36.610456] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 36.296921] ================================================================== [ 36.297018] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 36.297018] [ 36.297110] Use-after-free read at 0x00000000b80fc115 (in kfence-#139): [ 36.297161] test_use_after_free_read+0x114/0x248 [ 36.297212] kunit_try_run_case+0x170/0x3f0 [ 36.297257] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.297302] kthread+0x328/0x630 [ 36.297340] ret_from_fork+0x10/0x20 [ 36.297381] [ 36.297405] kfence-#139: 0x00000000b80fc115-0x00000000f2bf07ca, size=32, cache=test [ 36.297405] [ 36.297456] allocated by task 329 on cpu 1 at 36.296703s (0.000749s ago): [ 36.297529] test_alloc+0x230/0x628 [ 36.297569] test_use_after_free_read+0xd0/0x248 [ 36.297614] kunit_try_run_case+0x170/0x3f0 [ 36.297655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.297704] kthread+0x328/0x630 [ 36.297740] ret_from_fork+0x10/0x20 [ 36.297779] [ 36.297805] freed by task 329 on cpu 1 at 36.296768s (0.001032s ago): [ 36.297919] test_use_after_free_read+0xf0/0x248 [ 36.297976] kunit_try_run_case+0x170/0x3f0 [ 36.298022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.298069] kthread+0x328/0x630 [ 36.298104] ret_from_fork+0x10/0x20 [ 36.298143] [ 36.298188] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.298268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.298298] Hardware name: linux,dummy-virt (DT) [ 36.298332] ================================================================== [ 36.193242] ================================================================== [ 36.193357] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 36.193357] [ 36.193466] Use-after-free read at 0x00000000cc996ba5 (in kfence-#138): [ 36.193517] test_use_after_free_read+0x114/0x248 [ 36.193568] kunit_try_run_case+0x170/0x3f0 [ 36.193616] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.193663] kthread+0x328/0x630 [ 36.193702] ret_from_fork+0x10/0x20 [ 36.193745] [ 36.193769] kfence-#138: 0x00000000cc996ba5-0x000000006894e637, size=32, cache=kmalloc-32 [ 36.193769] [ 36.193824] allocated by task 327 on cpu 1 at 36.193000s (0.000820s ago): [ 36.193913] test_alloc+0x29c/0x628 [ 36.193958] test_use_after_free_read+0xd0/0x248 [ 36.194002] kunit_try_run_case+0x170/0x3f0 [ 36.194042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.194090] kthread+0x328/0x630 [ 36.194125] ret_from_fork+0x10/0x20 [ 36.194171] [ 36.194296] freed by task 327 on cpu 1 at 36.193046s (0.001171s ago): [ 36.194410] test_use_after_free_read+0x1c0/0x248 [ 36.194456] kunit_try_run_case+0x170/0x3f0 [ 36.194499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.194545] kthread+0x328/0x630 [ 36.194582] ret_from_fork+0x10/0x20 [ 36.194634] [ 36.194683] CPU: 1 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.194766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.194796] Hardware name: linux,dummy-virt (DT) [ 36.194831] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 36.088853] ================================================================== [ 36.088951] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 36.088951] [ 36.089047] Out-of-bounds write at 0x000000006b076a26 (1B left of kfence-#137): [ 36.089105] test_out_of_bounds_write+0x100/0x240 [ 36.089155] kunit_try_run_case+0x170/0x3f0 [ 36.089201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.089248] kthread+0x328/0x630 [ 36.089288] ret_from_fork+0x10/0x20 [ 36.089330] [ 36.089354] kfence-#137: 0x000000000ece4cc7-0x000000006820354e, size=32, cache=test [ 36.089354] [ 36.089406] allocated by task 325 on cpu 0 at 36.088751s (0.000651s ago): [ 36.089477] test_alloc+0x230/0x628 [ 36.089519] test_out_of_bounds_write+0xc8/0x240 [ 36.089562] kunit_try_run_case+0x170/0x3f0 [ 36.089602] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.089649] kthread+0x328/0x630 [ 36.089685] ret_from_fork+0x10/0x20 [ 36.089726] [ 36.089770] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 36.089862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.089892] Hardware name: linux,dummy-virt (DT) [ 36.089924] ================================================================== [ 35.984928] ================================================================== [ 35.985036] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 35.985036] [ 35.985140] Out-of-bounds write at 0x00000000a78fc994 (1B left of kfence-#136): [ 35.985197] test_out_of_bounds_write+0x100/0x240 [ 35.985249] kunit_try_run_case+0x170/0x3f0 [ 35.985294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.985343] kthread+0x328/0x630 [ 35.985382] ret_from_fork+0x10/0x20 [ 35.985424] [ 35.985448] kfence-#136: 0x00000000b0950572-0x00000000b5493875, size=32, cache=kmalloc-32 [ 35.985448] [ 35.985500] allocated by task 323 on cpu 0 at 35.984741s (0.000756s ago): [ 35.985571] test_alloc+0x29c/0x628 [ 35.985613] test_out_of_bounds_write+0xc8/0x240 [ 35.985655] kunit_try_run_case+0x170/0x3f0 [ 35.985699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.985745] kthread+0x328/0x630 [ 35.985780] ret_from_fork+0x10/0x20 [ 35.985821] [ 35.985881] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 35.985970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.985999] Hardware name: linux,dummy-virt (DT) [ 35.986034] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 35.570090] ================================================================== [ 35.570169] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 35.570169] [ 35.570254] Out-of-bounds read at 0x00000000b69ea4b2 (32B right of kfence-#132): [ 35.570310] test_out_of_bounds_read+0x1c8/0x3e0 [ 35.570359] kunit_try_run_case+0x170/0x3f0 [ 35.570405] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.570451] kthread+0x328/0x630 [ 35.570505] ret_from_fork+0x10/0x20 [ 35.570548] [ 35.570573] kfence-#132: 0x000000004289f83d-0x000000006b2a1225, size=32, cache=test [ 35.570573] [ 35.570625] allocated by task 321 on cpu 0 at 35.569998s (0.000623s ago): [ 35.570692] test_alloc+0x230/0x628 [ 35.570735] test_out_of_bounds_read+0x198/0x3e0 [ 35.570778] kunit_try_run_case+0x170/0x3f0 [ 35.570819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.570883] kthread+0x328/0x630 [ 35.570920] ret_from_fork+0x10/0x20 [ 35.570959] [ 35.571002] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 35.571083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.571112] Hardware name: linux,dummy-virt (DT) [ 35.571161] ================================================================== [ 35.466776] ================================================================== [ 35.466871] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 35.466871] [ 35.466998] Out-of-bounds read at 0x00000000cb042ecc (1B left of kfence-#131): [ 35.467103] test_out_of_bounds_read+0x114/0x3e0 [ 35.467293] kunit_try_run_case+0x170/0x3f0 [ 35.467509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.467949] kthread+0x328/0x630 [ 35.468012] ret_from_fork+0x10/0x20 [ 35.468090] [ 35.468143] kfence-#131: 0x00000000aef765cf-0x00000000a95a87c7, size=32, cache=test [ 35.468143] [ 35.468364] allocated by task 321 on cpu 0 at 35.466441s (0.001902s ago): [ 35.468818] test_alloc+0x230/0x628 [ 35.469066] test_out_of_bounds_read+0xdc/0x3e0 [ 35.469143] kunit_try_run_case+0x170/0x3f0 [ 35.469188] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.469244] kthread+0x328/0x630 [ 35.469279] ret_from_fork+0x10/0x20 [ 35.469754] [ 35.470114] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 35.470209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.470279] Hardware name: linux,dummy-virt (DT) [ 35.470813] ================================================================== [ 35.157790] ================================================================== [ 35.158455] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 35.158455] [ 35.158616] Out-of-bounds read at 0x00000000e4b6fd1a (1B left of kfence-#128): [ 35.159372] test_out_of_bounds_read+0x114/0x3e0 [ 35.159559] kunit_try_run_case+0x170/0x3f0 [ 35.159666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.159751] kthread+0x328/0x630 [ 35.160093] ret_from_fork+0x10/0x20 [ 35.160515] [ 35.161759] kfence-#128: 0x0000000052b3fe03-0x000000009ecc7324, size=32, cache=kmalloc-32 [ 35.161759] [ 35.163062] allocated by task 319 on cpu 0 at 35.154506s (0.008480s ago): [ 35.163533] test_alloc+0x29c/0x628 [ 35.163618] test_out_of_bounds_read+0xdc/0x3e0 [ 35.163685] kunit_try_run_case+0x170/0x3f0 [ 35.163738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.163801] kthread+0x328/0x630 [ 35.163851] ret_from_fork+0x10/0x20 [ 35.163971] [ 35.164064] CPU: 0 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 35.164161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.164191] Hardware name: linux,dummy-virt (DT) [ 35.164243] ================================================================== [ 35.363890] ================================================================== [ 35.364033] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 35.364033] [ 35.364174] Out-of-bounds read at 0x00000000a82e0e6b (32B right of kfence-#130): [ 35.364242] test_out_of_bounds_read+0x1c8/0x3e0 [ 35.364703] kunit_try_run_case+0x170/0x3f0 [ 35.364791] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.364861] kthread+0x328/0x630 [ 35.364905] ret_from_fork+0x10/0x20 [ 35.365000] [ 35.365052] kfence-#130: 0x00000000116302f1-0x0000000036f32c77, size=32, cache=kmalloc-32 [ 35.365052] [ 35.365130] allocated by task 319 on cpu 0 at 35.362845s (0.002273s ago): [ 35.365213] test_alloc+0x29c/0x628 [ 35.365261] test_out_of_bounds_read+0x198/0x3e0 [ 35.365307] kunit_try_run_case+0x170/0x3f0 [ 35.365349] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.365395] kthread+0x328/0x630 [ 35.365442] ret_from_fork+0x10/0x20 [ 35.365490] [ 35.365547] CPU: 0 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 35.365629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.365656] Hardware name: linux,dummy-virt (DT) [ 35.365724] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 34.295055] ================================================================== [ 34.295108] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 34.295439] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.295643] [ 34.295676] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.295799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.295829] Hardware name: linux,dummy-virt (DT) [ 34.296170] Call trace: [ 34.296211] show_stack+0x20/0x38 (C) [ 34.296498] dump_stack_lvl+0x8c/0xd0 [ 34.296592] print_report+0x118/0x608 [ 34.296647] kasan_report+0xdc/0x128 [ 34.296695] kasan_check_range+0x100/0x1a8 [ 34.296747] __kasan_check_write+0x20/0x30 [ 34.296794] strncpy_from_user+0x3c/0x2a0 [ 34.297255] copy_user_test_oob+0x5c0/0xec8 [ 34.297573] kunit_try_run_case+0x170/0x3f0 [ 34.297690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.297784] kthread+0x328/0x630 [ 34.297880] ret_from_fork+0x10/0x20 [ 34.298141] [ 34.298190] Allocated by task 317: [ 34.298221] kasan_save_stack+0x3c/0x68 [ 34.298520] kasan_save_track+0x20/0x40 [ 34.298584] kasan_save_alloc_info+0x40/0x58 [ 34.298634] __kasan_kmalloc+0xd4/0xd8 [ 34.298713] __kmalloc_noprof+0x198/0x4c8 [ 34.298757] kunit_kmalloc_array+0x34/0x88 [ 34.298800] copy_user_test_oob+0xac/0xec8 [ 34.298858] kunit_try_run_case+0x170/0x3f0 [ 34.298905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.298954] kthread+0x328/0x630 [ 34.298989] ret_from_fork+0x10/0x20 [ 34.299030] [ 34.299053] The buggy address belongs to the object at fff00000c5a89500 [ 34.299053] which belongs to the cache kmalloc-128 of size 128 [ 34.299117] The buggy address is located 0 bytes inside of [ 34.299117] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.299184] [ 34.299206] The buggy address belongs to the physical page: [ 34.299243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.299299] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.299374] page_type: f5(slab) [ 34.299423] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.299479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.299523] page dumped because: kasan: bad access detected [ 34.299555] [ 34.299580] Memory state around the buggy address: [ 34.299623] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.299667] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.299723] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.299765] ^ [ 34.299824] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.300102] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.300260] ================================================================== [ 34.302306] ================================================================== [ 34.302377] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 34.302427] Write of size 1 at addr fff00000c5a89578 by task kunit_try_catch/317 [ 34.302500] [ 34.302539] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.302629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.303134] Hardware name: linux,dummy-virt (DT) [ 34.303206] Call trace: [ 34.303272] show_stack+0x20/0x38 (C) [ 34.303422] dump_stack_lvl+0x8c/0xd0 [ 34.303507] print_report+0x118/0x608 [ 34.303660] kasan_report+0xdc/0x128 [ 34.303715] __asan_report_store1_noabort+0x20/0x30 [ 34.304001] strncpy_from_user+0x270/0x2a0 [ 34.304315] copy_user_test_oob+0x5c0/0xec8 [ 34.304462] kunit_try_run_case+0x170/0x3f0 [ 34.304620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.304724] kthread+0x328/0x630 [ 34.305070] ret_from_fork+0x10/0x20 [ 34.305140] [ 34.305340] Allocated by task 317: [ 34.305644] kasan_save_stack+0x3c/0x68 [ 34.305744] kasan_save_track+0x20/0x40 [ 34.306113] kasan_save_alloc_info+0x40/0x58 [ 34.306247] __kasan_kmalloc+0xd4/0xd8 [ 34.306295] __kmalloc_noprof+0x198/0x4c8 [ 34.306651] kunit_kmalloc_array+0x34/0x88 [ 34.306730] copy_user_test_oob+0xac/0xec8 [ 34.306987] kunit_try_run_case+0x170/0x3f0 [ 34.307184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.307290] kthread+0x328/0x630 [ 34.307605] ret_from_fork+0x10/0x20 [ 34.307676] [ 34.307719] The buggy address belongs to the object at fff00000c5a89500 [ 34.307719] which belongs to the cache kmalloc-128 of size 128 [ 34.308043] The buggy address is located 0 bytes to the right of [ 34.308043] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.308127] [ 34.308149] The buggy address belongs to the physical page: [ 34.308423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.308508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.308856] page_type: f5(slab) [ 34.308922] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.309034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.309105] page dumped because: kasan: bad access detected [ 34.309139] [ 34.309159] Memory state around the buggy address: [ 34.309305] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.309353] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.309583] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.309739] ^ [ 34.309794] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.310079] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.310165] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 34.267499] ================================================================== [ 34.267912] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.268037] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.268131] [ 34.268221] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.268312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.268357] Hardware name: linux,dummy-virt (DT) [ 34.268863] Call trace: [ 34.269014] show_stack+0x20/0x38 (C) [ 34.269408] dump_stack_lvl+0x8c/0xd0 [ 34.269537] print_report+0x118/0x608 [ 34.269593] kasan_report+0xdc/0x128 [ 34.269943] kasan_check_range+0x100/0x1a8 [ 34.270072] __kasan_check_read+0x20/0x30 [ 34.270571] copy_user_test_oob+0x3c8/0xec8 [ 34.270736] kunit_try_run_case+0x170/0x3f0 [ 34.270904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.270965] kthread+0x328/0x630 [ 34.271016] ret_from_fork+0x10/0x20 [ 34.271126] [ 34.271149] Allocated by task 317: [ 34.271197] kasan_save_stack+0x3c/0x68 [ 34.271243] kasan_save_track+0x20/0x40 [ 34.271285] kasan_save_alloc_info+0x40/0x58 [ 34.271326] __kasan_kmalloc+0xd4/0xd8 [ 34.271366] __kmalloc_noprof+0x198/0x4c8 [ 34.271408] kunit_kmalloc_array+0x34/0x88 [ 34.271456] copy_user_test_oob+0xac/0xec8 [ 34.271499] kunit_try_run_case+0x170/0x3f0 [ 34.271555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.271605] kthread+0x328/0x630 [ 34.271641] ret_from_fork+0x10/0x20 [ 34.271682] [ 34.271712] The buggy address belongs to the object at fff00000c5a89500 [ 34.271712] which belongs to the cache kmalloc-128 of size 128 [ 34.271794] The buggy address is located 0 bytes inside of [ 34.271794] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.272087] [ 34.272545] The buggy address belongs to the physical page: [ 34.272602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.272862] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.273194] page_type: f5(slab) [ 34.273262] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.273617] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.273761] page dumped because: kasan: bad access detected [ 34.273815] [ 34.273872] Memory state around the buggy address: [ 34.274346] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.274545] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275087] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.275254] ^ [ 34.275573] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275714] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275852] ================================================================== [ 34.226210] ================================================================== [ 34.226341] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.226489] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.226699] [ 34.226753] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.227097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.227440] Hardware name: linux,dummy-virt (DT) [ 34.227506] Call trace: [ 34.227655] show_stack+0x20/0x38 (C) [ 34.227747] dump_stack_lvl+0x8c/0xd0 [ 34.227899] print_report+0x118/0x608 [ 34.227993] kasan_report+0xdc/0x128 [ 34.228137] kasan_check_range+0x100/0x1a8 [ 34.228190] __kasan_check_write+0x20/0x30 [ 34.228239] copy_user_test_oob+0x234/0xec8 [ 34.228432] kunit_try_run_case+0x170/0x3f0 [ 34.228769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.228976] kthread+0x328/0x630 [ 34.229136] ret_from_fork+0x10/0x20 [ 34.229258] [ 34.229280] Allocated by task 317: [ 34.229321] kasan_save_stack+0x3c/0x68 [ 34.229368] kasan_save_track+0x20/0x40 [ 34.229740] kasan_save_alloc_info+0x40/0x58 [ 34.229931] __kasan_kmalloc+0xd4/0xd8 [ 34.230139] __kmalloc_noprof+0x198/0x4c8 [ 34.230191] kunit_kmalloc_array+0x34/0x88 [ 34.230438] copy_user_test_oob+0xac/0xec8 [ 34.230901] kunit_try_run_case+0x170/0x3f0 [ 34.231071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.231377] kthread+0x328/0x630 [ 34.231458] ret_from_fork+0x10/0x20 [ 34.231604] [ 34.231704] The buggy address belongs to the object at fff00000c5a89500 [ 34.231704] which belongs to the cache kmalloc-128 of size 128 [ 34.231959] The buggy address is located 0 bytes inside of [ 34.231959] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.232302] [ 34.232462] The buggy address belongs to the physical page: [ 34.232614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.232747] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.232860] page_type: f5(slab) [ 34.232908] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.233239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.233440] page dumped because: kasan: bad access detected [ 34.233599] [ 34.233775] Memory state around the buggy address: [ 34.233892] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.233942] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234005] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.234324] ^ [ 34.234430] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234532] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234574] ================================================================== [ 34.243371] ================================================================== [ 34.243472] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.243763] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.243860] [ 34.243896] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.244070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.244104] Hardware name: linux,dummy-virt (DT) [ 34.244196] Call trace: [ 34.244529] show_stack+0x20/0x38 (C) [ 34.244603] dump_stack_lvl+0x8c/0xd0 [ 34.244657] print_report+0x118/0x608 [ 34.244708] kasan_report+0xdc/0x128 [ 34.244780] kasan_check_range+0x100/0x1a8 [ 34.245116] __kasan_check_read+0x20/0x30 [ 34.245197] copy_user_test_oob+0x728/0xec8 [ 34.245279] kunit_try_run_case+0x170/0x3f0 [ 34.245599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.245696] kthread+0x328/0x630 [ 34.245741] ret_from_fork+0x10/0x20 [ 34.245817] [ 34.245852] Allocated by task 317: [ 34.245919] kasan_save_stack+0x3c/0x68 [ 34.245992] kasan_save_track+0x20/0x40 [ 34.246033] kasan_save_alloc_info+0x40/0x58 [ 34.246074] __kasan_kmalloc+0xd4/0xd8 [ 34.246130] __kmalloc_noprof+0x198/0x4c8 [ 34.246171] kunit_kmalloc_array+0x34/0x88 [ 34.246213] copy_user_test_oob+0xac/0xec8 [ 34.246256] kunit_try_run_case+0x170/0x3f0 [ 34.246296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.246343] kthread+0x328/0x630 [ 34.246379] ret_from_fork+0x10/0x20 [ 34.246426] [ 34.246457] The buggy address belongs to the object at fff00000c5a89500 [ 34.246457] which belongs to the cache kmalloc-128 of size 128 [ 34.246525] The buggy address is located 0 bytes inside of [ 34.246525] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.246605] [ 34.246628] The buggy address belongs to the physical page: [ 34.246671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.246728] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.246794] page_type: f5(slab) [ 34.247069] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.247156] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.247568] page dumped because: kasan: bad access detected [ 34.247692] [ 34.248113] Memory state around the buggy address: [ 34.248168] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.248498] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.248666] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.248730] ^ [ 34.248786] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.249055] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.249107] ================================================================== [ 34.278026] ================================================================== [ 34.278107] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.278192] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.278337] [ 34.278388] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.278483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.278850] Hardware name: linux,dummy-virt (DT) [ 34.278903] Call trace: [ 34.278929] show_stack+0x20/0x38 (C) [ 34.279283] dump_stack_lvl+0x8c/0xd0 [ 34.279438] print_report+0x118/0x608 [ 34.279565] kasan_report+0xdc/0x128 [ 34.279851] kasan_check_range+0x100/0x1a8 [ 34.279923] __kasan_check_write+0x20/0x30 [ 34.279978] copy_user_test_oob+0x434/0xec8 [ 34.280338] kunit_try_run_case+0x170/0x3f0 [ 34.280460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.280539] kthread+0x328/0x630 [ 34.280744] ret_from_fork+0x10/0x20 [ 34.280940] [ 34.280963] Allocated by task 317: [ 34.281002] kasan_save_stack+0x3c/0x68 [ 34.281357] kasan_save_track+0x20/0x40 [ 34.281438] kasan_save_alloc_info+0x40/0x58 [ 34.281759] __kasan_kmalloc+0xd4/0xd8 [ 34.282150] __kmalloc_noprof+0x198/0x4c8 [ 34.282230] kunit_kmalloc_array+0x34/0x88 [ 34.282412] copy_user_test_oob+0xac/0xec8 [ 34.282473] kunit_try_run_case+0x170/0x3f0 [ 34.282518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.282583] kthread+0x328/0x630 [ 34.282631] ret_from_fork+0x10/0x20 [ 34.282685] [ 34.282720] The buggy address belongs to the object at fff00000c5a89500 [ 34.282720] which belongs to the cache kmalloc-128 of size 128 [ 34.282802] The buggy address is located 0 bytes inside of [ 34.282802] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.282883] [ 34.282916] The buggy address belongs to the physical page: [ 34.282957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.283021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.283072] page_type: f5(slab) [ 34.283120] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.283184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.283237] page dumped because: kasan: bad access detected [ 34.283274] [ 34.283318] Memory state around the buggy address: [ 34.283375] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.283420] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283465] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.283514] ^ [ 34.283566] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283610] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283660] ================================================================== [ 34.258504] ================================================================== [ 34.258569] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.259035] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.259264] [ 34.259305] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.259396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.259425] Hardware name: linux,dummy-virt (DT) [ 34.259460] Call trace: [ 34.259484] show_stack+0x20/0x38 (C) [ 34.259539] dump_stack_lvl+0x8c/0xd0 [ 34.259589] print_report+0x118/0x608 [ 34.259648] kasan_report+0xdc/0x128 [ 34.259696] kasan_check_range+0x100/0x1a8 [ 34.259747] __kasan_check_write+0x20/0x30 [ 34.259794] copy_user_test_oob+0x35c/0xec8 [ 34.259854] kunit_try_run_case+0x170/0x3f0 [ 34.259905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.259962] kthread+0x328/0x630 [ 34.260004] ret_from_fork+0x10/0x20 [ 34.260055] [ 34.260086] Allocated by task 317: [ 34.260123] kasan_save_stack+0x3c/0x68 [ 34.260168] kasan_save_track+0x20/0x40 [ 34.260208] kasan_save_alloc_info+0x40/0x58 [ 34.260248] __kasan_kmalloc+0xd4/0xd8 [ 34.260289] __kmalloc_noprof+0x198/0x4c8 [ 34.260663] kunit_kmalloc_array+0x34/0x88 [ 34.260964] copy_user_test_oob+0xac/0xec8 [ 34.261264] kunit_try_run_case+0x170/0x3f0 [ 34.261430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.261515] kthread+0x328/0x630 [ 34.261551] ret_from_fork+0x10/0x20 [ 34.261598] [ 34.261872] The buggy address belongs to the object at fff00000c5a89500 [ 34.261872] which belongs to the cache kmalloc-128 of size 128 [ 34.262109] The buggy address is located 0 bytes inside of [ 34.262109] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.262523] [ 34.262686] The buggy address belongs to the physical page: [ 34.263072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.263253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.263384] page_type: f5(slab) [ 34.263429] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.263768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.263860] page dumped because: kasan: bad access detected [ 34.264170] [ 34.264229] Memory state around the buggy address: [ 34.264325] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.264379] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.264613] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.264790] ^ [ 34.265144] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.265372] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.265431] ================================================================== [ 34.284608] ================================================================== [ 34.284677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.285244] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.285298] [ 34.285363] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.285680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.285749] Hardware name: linux,dummy-virt (DT) [ 34.285892] Call trace: [ 34.285944] show_stack+0x20/0x38 (C) [ 34.286333] dump_stack_lvl+0x8c/0xd0 [ 34.286422] print_report+0x118/0x608 [ 34.286554] kasan_report+0xdc/0x128 [ 34.286682] kasan_check_range+0x100/0x1a8 [ 34.286769] __kasan_check_read+0x20/0x30 [ 34.287141] copy_user_test_oob+0x4a0/0xec8 [ 34.287630] kunit_try_run_case+0x170/0x3f0 [ 34.287770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.287961] kthread+0x328/0x630 [ 34.288049] ret_from_fork+0x10/0x20 [ 34.288854] [ 34.288895] Allocated by task 317: [ 34.288931] kasan_save_stack+0x3c/0x68 [ 34.289309] kasan_save_track+0x20/0x40 [ 34.289397] kasan_save_alloc_info+0x40/0x58 [ 34.289529] __kasan_kmalloc+0xd4/0xd8 [ 34.289686] __kmalloc_noprof+0x198/0x4c8 [ 34.289849] kunit_kmalloc_array+0x34/0x88 [ 34.289981] copy_user_test_oob+0xac/0xec8 [ 34.290099] kunit_try_run_case+0x170/0x3f0 [ 34.290219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.290272] kthread+0x328/0x630 [ 34.290308] ret_from_fork+0x10/0x20 [ 34.290613] [ 34.290698] The buggy address belongs to the object at fff00000c5a89500 [ 34.290698] which belongs to the cache kmalloc-128 of size 128 [ 34.291035] The buggy address is located 0 bytes inside of [ 34.291035] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.291195] [ 34.291221] The buggy address belongs to the physical page: [ 34.291255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.291622] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.291702] page_type: f5(slab) [ 34.292043] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.292168] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.292214] page dumped because: kasan: bad access detected [ 34.292358] [ 34.292545] Memory state around the buggy address: [ 34.292925] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.293031] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293110] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.293160] ^ [ 34.293206] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293380] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293577] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 34.173745] ================================================================== [ 34.174143] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 34.174269] Read of size 8 at addr fff00000c5a89478 by task kunit_try_catch/313 [ 34.174604] [ 34.174647] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.174740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.175328] Hardware name: linux,dummy-virt (DT) [ 34.175408] Call trace: [ 34.175449] show_stack+0x20/0x38 (C) [ 34.176010] dump_stack_lvl+0x8c/0xd0 [ 34.176329] print_report+0x118/0x608 [ 34.176451] kasan_report+0xdc/0x128 [ 34.176605] __asan_report_load8_noabort+0x20/0x30 [ 34.176828] copy_to_kernel_nofault+0x204/0x250 [ 34.176904] copy_to_kernel_nofault_oob+0x158/0x418 [ 34.177255] kunit_try_run_case+0x170/0x3f0 [ 34.177392] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.177535] kthread+0x328/0x630 [ 34.177606] ret_from_fork+0x10/0x20 [ 34.177740] [ 34.177809] Allocated by task 313: [ 34.177932] kasan_save_stack+0x3c/0x68 [ 34.178031] kasan_save_track+0x20/0x40 [ 34.178112] kasan_save_alloc_info+0x40/0x58 [ 34.178153] __kasan_kmalloc+0xd4/0xd8 [ 34.178193] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.178246] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.178288] kunit_try_run_case+0x170/0x3f0 [ 34.178331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.178399] kthread+0x328/0x630 [ 34.178437] ret_from_fork+0x10/0x20 [ 34.178475] [ 34.178499] The buggy address belongs to the object at fff00000c5a89400 [ 34.178499] which belongs to the cache kmalloc-128 of size 128 [ 34.178568] The buggy address is located 0 bytes to the right of [ 34.178568] allocated 120-byte region [fff00000c5a89400, fff00000c5a89478) [ 34.178647] [ 34.178681] The buggy address belongs to the physical page: [ 34.178725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.178784] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.178856] page_type: f5(slab) [ 34.178908] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.178968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.179011] page dumped because: kasan: bad access detected [ 34.179046] [ 34.179066] Memory state around the buggy address: [ 34.179122] fff00000c5a89300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.179168] fff00000c5a89380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.179223] >fff00000c5a89400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.179274] ^ [ 34.179328] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.179374] fff00000c5a89500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.179416] ================================================================== [ 34.181341] ================================================================== [ 34.181522] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 34.181640] Write of size 8 at addr fff00000c5a89478 by task kunit_try_catch/313 [ 34.181997] [ 34.182213] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.182353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.182394] Hardware name: linux,dummy-virt (DT) [ 34.182816] Call trace: [ 34.182890] show_stack+0x20/0x38 (C) [ 34.182957] dump_stack_lvl+0x8c/0xd0 [ 34.183008] print_report+0x118/0x608 [ 34.183180] kasan_report+0xdc/0x128 [ 34.183245] kasan_check_range+0x100/0x1a8 [ 34.183297] __kasan_check_write+0x20/0x30 [ 34.183415] copy_to_kernel_nofault+0x8c/0x250 [ 34.183860] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 34.183937] kunit_try_run_case+0x170/0x3f0 [ 34.183991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.184084] kthread+0x328/0x630 [ 34.184160] ret_from_fork+0x10/0x20 [ 34.184223] [ 34.184701] Allocated by task 313: [ 34.184760] kasan_save_stack+0x3c/0x68 [ 34.184819] kasan_save_track+0x20/0x40 [ 34.184874] kasan_save_alloc_info+0x40/0x58 [ 34.185264] __kasan_kmalloc+0xd4/0xd8 [ 34.185386] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.185431] copy_to_kernel_nofault_oob+0xc8/0x418 [ 34.185667] kunit_try_run_case+0x170/0x3f0 [ 34.185985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.186135] kthread+0x328/0x630 [ 34.186336] ret_from_fork+0x10/0x20 [ 34.186500] [ 34.186605] The buggy address belongs to the object at fff00000c5a89400 [ 34.186605] which belongs to the cache kmalloc-128 of size 128 [ 34.186672] The buggy address is located 0 bytes to the right of [ 34.186672] allocated 120-byte region [fff00000c5a89400, fff00000c5a89478) [ 34.186924] [ 34.187001] The buggy address belongs to the physical page: [ 34.187176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.187285] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.187532] page_type: f5(slab) [ 34.187713] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.187927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.188210] page dumped because: kasan: bad access detected [ 34.188253] [ 34.188273] Memory state around the buggy address: [ 34.188463] fff00000c5a89300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.188737] fff00000c5a89380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.188824] >fff00000c5a89400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.188997] ^ [ 34.189193] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.189297] fff00000c5a89500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.189388] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 34.105908] ================================================================== [ 34.106675] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 34.106765] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/301 [ 34.107053] [ 34.107121] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.107618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.107662] Hardware name: linux,dummy-virt (DT) [ 34.107781] Call trace: [ 34.107812] show_stack+0x20/0x38 (C) [ 34.107885] dump_stack_lvl+0x8c/0xd0 [ 34.108074] print_report+0x310/0x608 [ 34.108422] kasan_report+0xdc/0x128 [ 34.108648] __asan_report_load1_noabort+0x20/0x30 [ 34.108847] vmalloc_oob+0x578/0x5d0 [ 34.108931] kunit_try_run_case+0x170/0x3f0 [ 34.109124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.109536] kthread+0x328/0x630 [ 34.109676] ret_from_fork+0x10/0x20 [ 34.109779] [ 34.110104] The buggy address belongs to the virtual mapping at [ 34.110104] [ffff8000800fe000, ffff800080100000) created by: [ 34.110104] vmalloc_oob+0x98/0x5d0 [ 34.110214] [ 34.110260] The buggy address belongs to the physical page: [ 34.110298] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a94 [ 34.110355] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.110429] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 34.110488] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.110532] page dumped because: kasan: bad access detected [ 34.110578] [ 34.110600] Memory state around the buggy address: [ 34.110636] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.110682] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.110728] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 34.110779] ^ [ 34.110829] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 34.110886] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 34.110933] ================================================================== [ 34.114458] ================================================================== [ 34.114512] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 34.114574] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/301 [ 34.114798] [ 34.114858] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.115058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.115140] Hardware name: linux,dummy-virt (DT) [ 34.115178] Call trace: [ 34.115204] show_stack+0x20/0x38 (C) [ 34.115422] dump_stack_lvl+0x8c/0xd0 [ 34.115588] print_report+0x310/0x608 [ 34.115894] kasan_report+0xdc/0x128 [ 34.116024] __asan_report_load1_noabort+0x20/0x30 [ 34.116119] vmalloc_oob+0x51c/0x5d0 [ 34.116256] kunit_try_run_case+0x170/0x3f0 [ 34.116381] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.116470] kthread+0x328/0x630 [ 34.116651] ret_from_fork+0x10/0x20 [ 34.116869] [ 34.116973] The buggy address belongs to the virtual mapping at [ 34.116973] [ffff8000800fe000, ffff800080100000) created by: [ 34.116973] vmalloc_oob+0x98/0x5d0 [ 34.117136] [ 34.117174] The buggy address belongs to the physical page: [ 34.117554] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a94 [ 34.117626] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.117929] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 34.117996] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 34.118182] page dumped because: kasan: bad access detected [ 34.118409] [ 34.118459] Memory state around the buggy address: [ 34.118897] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.119049] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.119146] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 34.119227] ^ [ 34.119731] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 34.120037] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 34.120254] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 33.799315] ================================================================== [ 33.799369] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 33.799422] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.799920] [ 33.799989] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.800176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.800211] Hardware name: linux,dummy-virt (DT) [ 33.800247] Call trace: [ 33.800277] show_stack+0x20/0x38 (C) [ 33.800390] dump_stack_lvl+0x8c/0xd0 [ 33.800662] print_report+0x118/0x608 [ 33.800734] kasan_report+0xdc/0x128 [ 33.800790] kasan_check_range+0x100/0x1a8 [ 33.800851] __kasan_check_write+0x20/0x30 [ 33.801411] kasan_atomics_helper+0xe44/0x4858 [ 33.801646] kasan_atomics+0x198/0x2e0 [ 33.801898] kunit_try_run_case+0x170/0x3f0 [ 33.802119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.802217] kthread+0x328/0x630 [ 33.802497] ret_from_fork+0x10/0x20 [ 33.802938] [ 33.803118] Allocated by task 297: [ 33.803311] kasan_save_stack+0x3c/0x68 [ 33.803657] kasan_save_track+0x20/0x40 [ 33.803946] kasan_save_alloc_info+0x40/0x58 [ 33.804204] __kasan_kmalloc+0xd4/0xd8 [ 33.804491] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.804548] kasan_atomics+0xb8/0x2e0 [ 33.804822] kunit_try_run_case+0x170/0x3f0 [ 33.805069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.805283] kthread+0x328/0x630 [ 33.805402] ret_from_fork+0x10/0x20 [ 33.805444] [ 33.805628] The buggy address belongs to the object at fff00000c5a8e300 [ 33.805628] which belongs to the cache kmalloc-64 of size 64 [ 33.805865] The buggy address is located 0 bytes to the right of [ 33.805865] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.806118] [ 33.806353] The buggy address belongs to the physical page: [ 33.806442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.806519] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.806587] page_type: f5(slab) [ 33.806628] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.806693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.806738] page dumped because: kasan: bad access detected [ 33.806772] [ 33.806803] Memory state around the buggy address: [ 33.806847] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.806893] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.806938] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.806979] ^ [ 33.807034] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.807088] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.807138] ================================================================== [ 33.841013] ================================================================== [ 33.841265] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 33.841335] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.841389] [ 33.841425] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.841561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.842155] Hardware name: linux,dummy-virt (DT) [ 33.842340] Call trace: [ 33.842380] show_stack+0x20/0x38 (C) [ 33.842651] dump_stack_lvl+0x8c/0xd0 [ 33.842866] print_report+0x118/0x608 [ 33.843108] kasan_report+0xdc/0x128 [ 33.843263] kasan_check_range+0x100/0x1a8 [ 33.843318] __kasan_check_write+0x20/0x30 [ 33.843615] kasan_atomics_helper+0xf88/0x4858 [ 33.843871] kasan_atomics+0x198/0x2e0 [ 33.844051] kunit_try_run_case+0x170/0x3f0 [ 33.844107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.844846] kthread+0x328/0x630 [ 33.844951] ret_from_fork+0x10/0x20 [ 33.845060] [ 33.845085] Allocated by task 297: [ 33.845115] kasan_save_stack+0x3c/0x68 [ 33.845164] kasan_save_track+0x20/0x40 [ 33.845206] kasan_save_alloc_info+0x40/0x58 [ 33.845707] __kasan_kmalloc+0xd4/0xd8 [ 33.846043] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.846274] kasan_atomics+0xb8/0x2e0 [ 33.846496] kunit_try_run_case+0x170/0x3f0 [ 33.846567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.846872] kthread+0x328/0x630 [ 33.846933] ret_from_fork+0x10/0x20 [ 33.847095] [ 33.847143] The buggy address belongs to the object at fff00000c5a8e300 [ 33.847143] which belongs to the cache kmalloc-64 of size 64 [ 33.847217] The buggy address is located 0 bytes to the right of [ 33.847217] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.847300] [ 33.847341] The buggy address belongs to the physical page: [ 33.847376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.847450] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.847512] page_type: f5(slab) [ 33.847556] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.847619] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.847663] page dumped because: kasan: bad access detected [ 33.847696] [ 33.847718] Memory state around the buggy address: [ 33.847757] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.847803] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.847888] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.848306] ^ [ 33.848418] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.848993] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.849299] ================================================================== [ 33.967980] ================================================================== [ 33.968101] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 33.968302] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.968357] [ 33.968391] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.968480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.968508] Hardware name: linux,dummy-virt (DT) [ 33.968543] Call trace: [ 33.968567] show_stack+0x20/0x38 (C) [ 33.968618] dump_stack_lvl+0x8c/0xd0 [ 33.968669] print_report+0x118/0x608 [ 33.969052] kasan_report+0xdc/0x128 [ 33.969177] kasan_check_range+0x100/0x1a8 [ 33.969678] __kasan_check_write+0x20/0x30 [ 33.969923] kasan_atomics_helper+0x147c/0x4858 [ 33.970151] kasan_atomics+0x198/0x2e0 [ 33.970266] kunit_try_run_case+0x170/0x3f0 [ 33.970703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.971055] kthread+0x328/0x630 [ 33.971195] ret_from_fork+0x10/0x20 [ 33.971575] [ 33.971617] Allocated by task 297: [ 33.971769] kasan_save_stack+0x3c/0x68 [ 33.972001] kasan_save_track+0x20/0x40 [ 33.972292] kasan_save_alloc_info+0x40/0x58 [ 33.972479] __kasan_kmalloc+0xd4/0xd8 [ 33.972531] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.972577] kasan_atomics+0xb8/0x2e0 [ 33.972625] kunit_try_run_case+0x170/0x3f0 [ 33.972667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.973080] kthread+0x328/0x630 [ 33.973142] ret_from_fork+0x10/0x20 [ 33.973184] [ 33.973207] The buggy address belongs to the object at fff00000c5a8e300 [ 33.973207] which belongs to the cache kmalloc-64 of size 64 [ 33.973280] The buggy address is located 0 bytes to the right of [ 33.973280] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.973351] [ 33.973391] The buggy address belongs to the physical page: [ 33.973428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.973494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.973553] page_type: f5(slab) [ 33.973598] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.973650] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.973703] page dumped because: kasan: bad access detected [ 33.973760] [ 33.973789] Memory state around the buggy address: [ 33.973846] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.974650] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.974709] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.975023] ^ [ 33.975304] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.975388] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.975488] ================================================================== [ 33.904414] ================================================================== [ 33.904475] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 33.904858] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.905162] [ 33.905465] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.905847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.906134] Hardware name: linux,dummy-virt (DT) [ 33.906215] Call trace: [ 33.906331] show_stack+0x20/0x38 (C) [ 33.906830] dump_stack_lvl+0x8c/0xd0 [ 33.907104] print_report+0x118/0x608 [ 33.907342] kasan_report+0xdc/0x128 [ 33.907587] kasan_check_range+0x100/0x1a8 [ 33.907759] __kasan_check_write+0x20/0x30 [ 33.907811] kasan_atomics_helper+0x11f8/0x4858 [ 33.908046] kasan_atomics+0x198/0x2e0 [ 33.908445] kunit_try_run_case+0x170/0x3f0 [ 33.908814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.909028] kthread+0x328/0x630 [ 33.909209] ret_from_fork+0x10/0x20 [ 33.909517] [ 33.909549] Allocated by task 297: [ 33.909863] kasan_save_stack+0x3c/0x68 [ 33.910054] kasan_save_track+0x20/0x40 [ 33.910288] kasan_save_alloc_info+0x40/0x58 [ 33.910398] __kasan_kmalloc+0xd4/0xd8 [ 33.910548] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.910770] kasan_atomics+0xb8/0x2e0 [ 33.911187] kunit_try_run_case+0x170/0x3f0 [ 33.912013] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.912215] kthread+0x328/0x630 [ 33.912263] ret_from_fork+0x10/0x20 [ 33.912628] [ 33.912763] The buggy address belongs to the object at fff00000c5a8e300 [ 33.912763] which belongs to the cache kmalloc-64 of size 64 [ 33.913011] The buggy address is located 0 bytes to the right of [ 33.913011] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.913481] [ 33.913535] The buggy address belongs to the physical page: [ 33.913662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.914343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.914437] page_type: f5(slab) [ 33.915031] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.915395] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.915730] page dumped because: kasan: bad access detected [ 33.915853] [ 33.915976] Memory state around the buggy address: [ 33.916113] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.916343] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.916412] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.916458] ^ [ 33.916495] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.916911] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.917100] ================================================================== [ 33.665301] ================================================================== [ 33.665356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 33.665846] Write of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.665917] [ 33.666122] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.666413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.666472] Hardware name: linux,dummy-virt (DT) [ 33.666602] Call trace: [ 33.666630] show_stack+0x20/0x38 (C) [ 33.666722] dump_stack_lvl+0x8c/0xd0 [ 33.666784] print_report+0x118/0x608 [ 33.667000] kasan_report+0xdc/0x128 [ 33.667071] kasan_check_range+0x100/0x1a8 [ 33.667368] __kasan_check_write+0x20/0x30 [ 33.667436] kasan_atomics_helper+0xa6c/0x4858 [ 33.667690] kasan_atomics+0x198/0x2e0 [ 33.667872] kunit_try_run_case+0x170/0x3f0 [ 33.668332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.668494] kthread+0x328/0x630 [ 33.668657] ret_from_fork+0x10/0x20 [ 33.668796] [ 33.668874] Allocated by task 297: [ 33.668907] kasan_save_stack+0x3c/0x68 [ 33.669130] kasan_save_track+0x20/0x40 [ 33.669341] kasan_save_alloc_info+0x40/0x58 [ 33.669568] __kasan_kmalloc+0xd4/0xd8 [ 33.669684] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.669862] kasan_atomics+0xb8/0x2e0 [ 33.669918] kunit_try_run_case+0x170/0x3f0 [ 33.670308] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.670492] kthread+0x328/0x630 [ 33.670637] ret_from_fork+0x10/0x20 [ 33.670866] [ 33.670895] The buggy address belongs to the object at fff00000c5a8e300 [ 33.670895] which belongs to the cache kmalloc-64 of size 64 [ 33.671319] The buggy address is located 0 bytes to the right of [ 33.671319] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.671615] [ 33.671693] The buggy address belongs to the physical page: [ 33.671832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.671978] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.672032] page_type: f5(slab) [ 33.672084] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.672166] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.672216] page dumped because: kasan: bad access detected [ 33.672266] [ 33.672448] Memory state around the buggy address: [ 33.672688] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.672754] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.673073] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.673243] ^ [ 33.673305] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.673552] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.673685] ================================================================== [ 33.746762] ================================================================== [ 33.746980] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 33.747049] Read of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.747110] [ 33.747435] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.747899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.748120] Hardware name: linux,dummy-virt (DT) [ 33.748283] Call trace: [ 33.748332] show_stack+0x20/0x38 (C) [ 33.748475] dump_stack_lvl+0x8c/0xd0 [ 33.748735] print_report+0x118/0x608 [ 33.749031] kasan_report+0xdc/0x128 [ 33.749260] __asan_report_load4_noabort+0x20/0x30 [ 33.749557] kasan_atomics_helper+0x3dd8/0x4858 [ 33.749631] kasan_atomics+0x198/0x2e0 [ 33.749967] kunit_try_run_case+0x170/0x3f0 [ 33.750444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.750791] kthread+0x328/0x630 [ 33.751185] ret_from_fork+0x10/0x20 [ 33.751390] [ 33.751415] Allocated by task 297: [ 33.751747] kasan_save_stack+0x3c/0x68 [ 33.751926] kasan_save_track+0x20/0x40 [ 33.752111] kasan_save_alloc_info+0x40/0x58 [ 33.752175] __kasan_kmalloc+0xd4/0xd8 [ 33.752316] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.752472] kasan_atomics+0xb8/0x2e0 [ 33.752917] kunit_try_run_case+0x170/0x3f0 [ 33.753062] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.753320] kthread+0x328/0x630 [ 33.753362] ret_from_fork+0x10/0x20 [ 33.753408] [ 33.753432] The buggy address belongs to the object at fff00000c5a8e300 [ 33.753432] which belongs to the cache kmalloc-64 of size 64 [ 33.754189] The buggy address is located 0 bytes to the right of [ 33.754189] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.754416] [ 33.754536] The buggy address belongs to the physical page: [ 33.754779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.754853] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.755195] page_type: f5(slab) [ 33.755325] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.755928] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.755984] page dumped because: kasan: bad access detected [ 33.756020] [ 33.756040] Memory state around the buggy address: [ 33.756076] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.756124] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.756194] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.756241] ^ [ 33.756277] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.756368] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.756612] ================================================================== [ 33.758504] ================================================================== [ 33.759040] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 33.759205] Write of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.759264] [ 33.759297] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.759392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.759710] Hardware name: linux,dummy-virt (DT) [ 33.759764] Call trace: [ 33.759791] show_stack+0x20/0x38 (C) [ 33.760082] dump_stack_lvl+0x8c/0xd0 [ 33.760527] print_report+0x118/0x608 [ 33.760713] kasan_report+0xdc/0x128 [ 33.760798] kasan_check_range+0x100/0x1a8 [ 33.761046] __kasan_check_write+0x20/0x30 [ 33.761204] kasan_atomics_helper+0xd3c/0x4858 [ 33.761265] kasan_atomics+0x198/0x2e0 [ 33.761460] kunit_try_run_case+0x170/0x3f0 [ 33.761521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.761579] kthread+0x328/0x630 [ 33.761622] ret_from_fork+0x10/0x20 [ 33.761674] [ 33.761695] Allocated by task 297: [ 33.761796] kasan_save_stack+0x3c/0x68 [ 33.761884] kasan_save_track+0x20/0x40 [ 33.761936] kasan_save_alloc_info+0x40/0x58 [ 33.761985] __kasan_kmalloc+0xd4/0xd8 [ 33.762024] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.762066] kasan_atomics+0xb8/0x2e0 [ 33.762106] kunit_try_run_case+0x170/0x3f0 [ 33.762148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.762207] kthread+0x328/0x630 [ 33.762257] ret_from_fork+0x10/0x20 [ 33.762306] [ 33.762327] The buggy address belongs to the object at fff00000c5a8e300 [ 33.762327] which belongs to the cache kmalloc-64 of size 64 [ 33.762389] The buggy address is located 0 bytes to the right of [ 33.762389] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.762460] [ 33.762483] The buggy address belongs to the physical page: [ 33.762524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.762588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.762639] page_type: f5(slab) [ 33.762679] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.762733] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.762786] page dumped because: kasan: bad access detected [ 33.762829] [ 33.763763] Memory state around the buggy address: [ 33.763844] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.763914] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.763971] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.764039] ^ [ 33.764448] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.764754] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.765087] ================================================================== [ 33.861958] ================================================================== [ 33.862011] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 33.862066] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.862119] [ 33.862317] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.862573] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.862747] Hardware name: linux,dummy-virt (DT) [ 33.862811] Call trace: [ 33.863143] show_stack+0x20/0x38 (C) [ 33.863209] dump_stack_lvl+0x8c/0xd0 [ 33.863407] print_report+0x118/0x608 [ 33.863569] kasan_report+0xdc/0x128 [ 33.863624] kasan_check_range+0x100/0x1a8 [ 33.863677] __kasan_check_write+0x20/0x30 [ 33.864075] kasan_atomics_helper+0x1058/0x4858 [ 33.864385] kasan_atomics+0x198/0x2e0 [ 33.864789] kunit_try_run_case+0x170/0x3f0 [ 33.865190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.865264] kthread+0x328/0x630 [ 33.865724] ret_from_fork+0x10/0x20 [ 33.866083] [ 33.866274] Allocated by task 297: [ 33.866397] kasan_save_stack+0x3c/0x68 [ 33.866505] kasan_save_track+0x20/0x40 [ 33.866555] kasan_save_alloc_info+0x40/0x58 [ 33.867336] __kasan_kmalloc+0xd4/0xd8 [ 33.867426] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.867642] kasan_atomics+0xb8/0x2e0 [ 33.867688] kunit_try_run_case+0x170/0x3f0 [ 33.867983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.868172] kthread+0x328/0x630 [ 33.868533] ret_from_fork+0x10/0x20 [ 33.868588] [ 33.868610] The buggy address belongs to the object at fff00000c5a8e300 [ 33.868610] which belongs to the cache kmalloc-64 of size 64 [ 33.868681] The buggy address is located 0 bytes to the right of [ 33.868681] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.868992] [ 33.869500] The buggy address belongs to the physical page: [ 33.869689] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.870058] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.870242] page_type: f5(slab) [ 33.870347] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.870405] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.870896] page dumped because: kasan: bad access detected [ 33.871096] [ 33.871155] Memory state around the buggy address: [ 33.871195] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.871243] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.871288] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.871330] ^ [ 33.871367] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.871412] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.871454] ================================================================== [ 33.766966] ================================================================== [ 33.767026] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 33.767307] Read of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.767388] [ 33.767423] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.767510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.767540] Hardware name: linux,dummy-virt (DT) [ 33.767815] Call trace: [ 33.768225] show_stack+0x20/0x38 (C) [ 33.768328] dump_stack_lvl+0x8c/0xd0 [ 33.768411] print_report+0x118/0x608 [ 33.768646] kasan_report+0xdc/0x128 [ 33.769058] __asan_report_load4_noabort+0x20/0x30 [ 33.769536] kasan_atomics_helper+0x3e04/0x4858 [ 33.769891] kasan_atomics+0x198/0x2e0 [ 33.769991] kunit_try_run_case+0x170/0x3f0 [ 33.770058] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.770737] kthread+0x328/0x630 [ 33.770968] ret_from_fork+0x10/0x20 [ 33.771025] [ 33.771054] Allocated by task 297: [ 33.771277] kasan_save_stack+0x3c/0x68 [ 33.771645] kasan_save_track+0x20/0x40 [ 33.772078] kasan_save_alloc_info+0x40/0x58 [ 33.772202] __kasan_kmalloc+0xd4/0xd8 [ 33.772278] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.772718] kasan_atomics+0xb8/0x2e0 [ 33.772819] kunit_try_run_case+0x170/0x3f0 [ 33.773300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.773818] kthread+0x328/0x630 [ 33.773904] ret_from_fork+0x10/0x20 [ 33.774079] [ 33.774167] The buggy address belongs to the object at fff00000c5a8e300 [ 33.774167] which belongs to the cache kmalloc-64 of size 64 [ 33.774492] The buggy address is located 0 bytes to the right of [ 33.774492] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.774693] [ 33.774750] The buggy address belongs to the physical page: [ 33.774995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.775179] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.775477] page_type: f5(slab) [ 33.775765] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.776055] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.776125] page dumped because: kasan: bad access detected [ 33.776332] [ 33.776500] Memory state around the buggy address: [ 33.776672] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.776872] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.776922] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.776971] ^ [ 33.777008] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.777323] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.777388] ================================================================== [ 33.851082] ================================================================== [ 33.851233] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 33.851437] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.851647] [ 33.851794] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.852053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.852337] Hardware name: linux,dummy-virt (DT) [ 33.852384] Call trace: [ 33.852774] show_stack+0x20/0x38 (C) [ 33.853145] dump_stack_lvl+0x8c/0xd0 [ 33.853426] print_report+0x118/0x608 [ 33.853688] kasan_report+0xdc/0x128 [ 33.853925] kasan_check_range+0x100/0x1a8 [ 33.854409] __kasan_check_write+0x20/0x30 [ 33.854522] kasan_atomics_helper+0xff0/0x4858 [ 33.854874] kasan_atomics+0x198/0x2e0 [ 33.854939] kunit_try_run_case+0x170/0x3f0 [ 33.855283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.855689] kthread+0x328/0x630 [ 33.855828] ret_from_fork+0x10/0x20 [ 33.856485] [ 33.856549] Allocated by task 297: [ 33.856805] kasan_save_stack+0x3c/0x68 [ 33.856869] kasan_save_track+0x20/0x40 [ 33.856912] kasan_save_alloc_info+0x40/0x58 [ 33.856954] __kasan_kmalloc+0xd4/0xd8 [ 33.856996] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.857043] kasan_atomics+0xb8/0x2e0 [ 33.857242] kunit_try_run_case+0x170/0x3f0 [ 33.857749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.858113] kthread+0x328/0x630 [ 33.858430] ret_from_fork+0x10/0x20 [ 33.858772] [ 33.858801] The buggy address belongs to the object at fff00000c5a8e300 [ 33.858801] which belongs to the cache kmalloc-64 of size 64 [ 33.859039] The buggy address is located 0 bytes to the right of [ 33.859039] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.859249] [ 33.859287] The buggy address belongs to the physical page: [ 33.859330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.859396] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.859457] page_type: f5(slab) [ 33.859507] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.859563] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.859614] page dumped because: kasan: bad access detected [ 33.859652] [ 33.859675] Memory state around the buggy address: [ 33.859711] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.859758] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.859804] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.859858] ^ [ 33.859894] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.859959] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.860008] ================================================================== [ 33.872115] ================================================================== [ 33.872169] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 33.872225] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.872277] [ 33.872326] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.872416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.872446] Hardware name: linux,dummy-virt (DT) [ 33.872490] Call trace: [ 33.872516] show_stack+0x20/0x38 (C) [ 33.872565] dump_stack_lvl+0x8c/0xd0 [ 33.872616] print_report+0x118/0x608 [ 33.872673] kasan_report+0xdc/0x128 [ 33.872721] kasan_check_range+0x100/0x1a8 [ 33.872770] __kasan_check_write+0x20/0x30 [ 33.872819] kasan_atomics_helper+0x10c0/0x4858 [ 33.872898] kasan_atomics+0x198/0x2e0 [ 33.873276] kunit_try_run_case+0x170/0x3f0 [ 33.873780] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.873888] kthread+0x328/0x630 [ 33.874328] ret_from_fork+0x10/0x20 [ 33.874656] [ 33.874731] Allocated by task 297: [ 33.875120] kasan_save_stack+0x3c/0x68 [ 33.875274] kasan_save_track+0x20/0x40 [ 33.875320] kasan_save_alloc_info+0x40/0x58 [ 33.875628] __kasan_kmalloc+0xd4/0xd8 [ 33.875999] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.876189] kasan_atomics+0xb8/0x2e0 [ 33.876236] kunit_try_run_case+0x170/0x3f0 [ 33.876857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.876932] kthread+0x328/0x630 [ 33.876971] ret_from_fork+0x10/0x20 [ 33.877015] [ 33.877675] The buggy address belongs to the object at fff00000c5a8e300 [ 33.877675] which belongs to the cache kmalloc-64 of size 64 [ 33.877780] The buggy address is located 0 bytes to the right of [ 33.877780] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.877861] [ 33.877884] The buggy address belongs to the physical page: [ 33.878545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.878622] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.878675] page_type: f5(slab) [ 33.878719] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.879350] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.879710] page dumped because: kasan: bad access detected [ 33.880126] [ 33.880269] Memory state around the buggy address: [ 33.880663] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.880808] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.881049] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.881244] ^ [ 33.881326] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.881668] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.881905] ================================================================== [ 33.938578] ================================================================== [ 33.938633] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 33.938689] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.938740] [ 33.938773] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.938877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.938907] Hardware name: linux,dummy-virt (DT) [ 33.938942] Call trace: [ 33.938994] show_stack+0x20/0x38 (C) [ 33.939045] dump_stack_lvl+0x8c/0xd0 [ 33.939097] print_report+0x118/0x608 [ 33.939146] kasan_report+0xdc/0x128 [ 33.939196] kasan_check_range+0x100/0x1a8 [ 33.939247] __kasan_check_write+0x20/0x30 [ 33.939305] kasan_atomics_helper+0x1384/0x4858 [ 33.939358] kasan_atomics+0x198/0x2e0 [ 33.939405] kunit_try_run_case+0x170/0x3f0 [ 33.939456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.939514] kthread+0x328/0x630 [ 33.939558] ret_from_fork+0x10/0x20 [ 33.939608] [ 33.939630] Allocated by task 297: [ 33.939661] kasan_save_stack+0x3c/0x68 [ 33.939715] kasan_save_track+0x20/0x40 [ 33.939759] kasan_save_alloc_info+0x40/0x58 [ 33.939801] __kasan_kmalloc+0xd4/0xd8 [ 33.939852] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.939988] kasan_atomics+0xb8/0x2e0 [ 33.940227] kunit_try_run_case+0x170/0x3f0 [ 33.940449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.940873] kthread+0x328/0x630 [ 33.941126] ret_from_fork+0x10/0x20 [ 33.941375] [ 33.941637] The buggy address belongs to the object at fff00000c5a8e300 [ 33.941637] which belongs to the cache kmalloc-64 of size 64 [ 33.941851] The buggy address is located 0 bytes to the right of [ 33.941851] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.941936] [ 33.941963] The buggy address belongs to the physical page: [ 33.942370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.942756] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.943210] page_type: f5(slab) [ 33.943290] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.943725] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.943879] page dumped because: kasan: bad access detected [ 33.944113] [ 33.944181] Memory state around the buggy address: [ 33.944345] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.944430] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.944550] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.944666] ^ [ 33.944892] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.945088] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.945163] ================================================================== [ 33.827890] ================================================================== [ 33.827998] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 33.828199] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.828669] [ 33.828722] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.829214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.829291] Hardware name: linux,dummy-virt (DT) [ 33.829371] Call trace: [ 33.829408] show_stack+0x20/0x38 (C) [ 33.830072] dump_stack_lvl+0x8c/0xd0 [ 33.830393] print_report+0x118/0x608 [ 33.830777] kasan_report+0xdc/0x128 [ 33.831160] kasan_check_range+0x100/0x1a8 [ 33.831365] __kasan_check_write+0x20/0x30 [ 33.831576] kasan_atomics_helper+0xf20/0x4858 [ 33.831638] kasan_atomics+0x198/0x2e0 [ 33.831898] kunit_try_run_case+0x170/0x3f0 [ 33.832076] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.832287] kthread+0x328/0x630 [ 33.832472] ret_from_fork+0x10/0x20 [ 33.832654] [ 33.832789] Allocated by task 297: [ 33.832822] kasan_save_stack+0x3c/0x68 [ 33.833268] kasan_save_track+0x20/0x40 [ 33.833462] kasan_save_alloc_info+0x40/0x58 [ 33.833710] __kasan_kmalloc+0xd4/0xd8 [ 33.834137] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.834302] kasan_atomics+0xb8/0x2e0 [ 33.834514] kunit_try_run_case+0x170/0x3f0 [ 33.834885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.835114] kthread+0x328/0x630 [ 33.835347] ret_from_fork+0x10/0x20 [ 33.835398] [ 33.835422] The buggy address belongs to the object at fff00000c5a8e300 [ 33.835422] which belongs to the cache kmalloc-64 of size 64 [ 33.836129] The buggy address is located 0 bytes to the right of [ 33.836129] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.836222] [ 33.836464] The buggy address belongs to the physical page: [ 33.836755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.836819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.836882] page_type: f5(slab) [ 33.836924] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.837183] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.837654] page dumped because: kasan: bad access detected [ 33.837797] [ 33.837978] Memory state around the buggy address: [ 33.838067] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.838132] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.838189] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.838485] ^ [ 33.838532] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.839031] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.839214] ================================================================== [ 33.646076] ================================================================== [ 33.646248] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 33.646670] Write of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.646939] [ 33.647031] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.647128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.647158] Hardware name: linux,dummy-virt (DT) [ 33.647358] Call trace: [ 33.647560] show_stack+0x20/0x38 (C) [ 33.647625] dump_stack_lvl+0x8c/0xd0 [ 33.648067] print_report+0x118/0x608 [ 33.648326] kasan_report+0xdc/0x128 [ 33.648394] kasan_check_range+0x100/0x1a8 [ 33.648547] __kasan_check_write+0x20/0x30 [ 33.648787] kasan_atomics_helper+0x99c/0x4858 [ 33.649051] kasan_atomics+0x198/0x2e0 [ 33.649237] kunit_try_run_case+0x170/0x3f0 [ 33.649391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.649509] kthread+0x328/0x630 [ 33.649681] ret_from_fork+0x10/0x20 [ 33.649945] [ 33.649975] Allocated by task 297: [ 33.650119] kasan_save_stack+0x3c/0x68 [ 33.650367] kasan_save_track+0x20/0x40 [ 33.650422] kasan_save_alloc_info+0x40/0x58 [ 33.650656] __kasan_kmalloc+0xd4/0xd8 [ 33.650820] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.651130] kasan_atomics+0xb8/0x2e0 [ 33.651286] kunit_try_run_case+0x170/0x3f0 [ 33.651624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.651886] kthread+0x328/0x630 [ 33.652027] ret_from_fork+0x10/0x20 [ 33.652340] [ 33.652459] The buggy address belongs to the object at fff00000c5a8e300 [ 33.652459] which belongs to the cache kmalloc-64 of size 64 [ 33.652689] The buggy address is located 0 bytes to the right of [ 33.652689] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.652789] [ 33.652811] The buggy address belongs to the physical page: [ 33.653076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.653310] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.653493] page_type: f5(slab) [ 33.653754] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.653872] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.653919] page dumped because: kasan: bad access detected [ 33.654186] [ 33.654342] Memory state around the buggy address: [ 33.654383] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.654596] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.654926] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.655072] ^ [ 33.655295] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.655516] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.655561] ================================================================== [ 34.070969] ================================================================== [ 34.071036] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 34.071393] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.071466] [ 34.071500] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.071617] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.071649] Hardware name: linux,dummy-virt (DT) [ 34.071684] Call trace: [ 34.071710] show_stack+0x20/0x38 (C) [ 34.071791] dump_stack_lvl+0x8c/0xd0 [ 34.071859] print_report+0x118/0x608 [ 34.071908] kasan_report+0xdc/0x128 [ 34.071959] __asan_report_load8_noabort+0x20/0x30 [ 34.072009] kasan_atomics_helper+0x3e20/0x4858 [ 34.072073] kasan_atomics+0x198/0x2e0 [ 34.072129] kunit_try_run_case+0x170/0x3f0 [ 34.072180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.072237] kthread+0x328/0x630 [ 34.072282] ret_from_fork+0x10/0x20 [ 34.072333] [ 34.072364] Allocated by task 297: [ 34.072395] kasan_save_stack+0x3c/0x68 [ 34.072441] kasan_save_track+0x20/0x40 [ 34.072483] kasan_save_alloc_info+0x40/0x58 [ 34.072523] __kasan_kmalloc+0xd4/0xd8 [ 34.072563] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.072606] kasan_atomics+0xb8/0x2e0 [ 34.072645] kunit_try_run_case+0x170/0x3f0 [ 34.072697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.072753] kthread+0x328/0x630 [ 34.072788] ret_from_fork+0x10/0x20 [ 34.072827] [ 34.073302] The buggy address belongs to the object at fff00000c5a8e300 [ 34.073302] which belongs to the cache kmalloc-64 of size 64 [ 34.073372] The buggy address is located 0 bytes to the right of [ 34.073372] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.074304] [ 34.074620] The buggy address belongs to the physical page: [ 34.074690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.074876] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.074932] page_type: f5(slab) [ 34.075061] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.075506] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.076164] page dumped because: kasan: bad access detected [ 34.076335] [ 34.076402] Memory state around the buggy address: [ 34.076612] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.077002] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.077068] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.077417] ^ [ 34.077458] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.077505] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.077546] ================================================================== [ 34.050490] ================================================================== [ 34.050749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 34.050810] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.050877] [ 34.050909] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.050997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.051024] Hardware name: linux,dummy-virt (DT) [ 34.051058] Call trace: [ 34.051248] show_stack+0x20/0x38 (C) [ 34.051558] dump_stack_lvl+0x8c/0xd0 [ 34.051821] print_report+0x118/0x608 [ 34.051938] kasan_report+0xdc/0x128 [ 34.052064] __asan_report_load8_noabort+0x20/0x30 [ 34.052123] kasan_atomics_helper+0x3e10/0x4858 [ 34.052397] kasan_atomics+0x198/0x2e0 [ 34.052560] kunit_try_run_case+0x170/0x3f0 [ 34.052921] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.052998] kthread+0x328/0x630 [ 34.053044] ret_from_fork+0x10/0x20 [ 34.053660] [ 34.053828] Allocated by task 297: [ 34.053885] kasan_save_stack+0x3c/0x68 [ 34.053934] kasan_save_track+0x20/0x40 [ 34.054241] kasan_save_alloc_info+0x40/0x58 [ 34.054563] __kasan_kmalloc+0xd4/0xd8 [ 34.054634] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.054684] kasan_atomics+0xb8/0x2e0 [ 34.054725] kunit_try_run_case+0x170/0x3f0 [ 34.054828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.054901] kthread+0x328/0x630 [ 34.054937] ret_from_fork+0x10/0x20 [ 34.054976] [ 34.055000] The buggy address belongs to the object at fff00000c5a8e300 [ 34.055000] which belongs to the cache kmalloc-64 of size 64 [ 34.055076] The buggy address is located 0 bytes to the right of [ 34.055076] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.055144] [ 34.055176] The buggy address belongs to the physical page: [ 34.055218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.055286] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.055338] page_type: f5(slab) [ 34.055380] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.055443] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.055495] page dumped because: kasan: bad access detected [ 34.055546] [ 34.055567] Memory state around the buggy address: [ 34.055601] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.055654] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.055700] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.055740] ^ [ 34.055775] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056332] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.056672] ================================================================== [ 33.790061] ================================================================== [ 33.790123] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 33.790527] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.790808] [ 33.790866] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.791081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.791148] Hardware name: linux,dummy-virt (DT) [ 33.791231] Call trace: [ 33.791341] show_stack+0x20/0x38 (C) [ 33.791550] dump_stack_lvl+0x8c/0xd0 [ 33.791973] print_report+0x118/0x608 [ 33.792052] kasan_report+0xdc/0x128 [ 33.792137] __asan_report_load8_noabort+0x20/0x30 [ 33.792245] kasan_atomics_helper+0x3f58/0x4858 [ 33.792543] kasan_atomics+0x198/0x2e0 [ 33.792733] kunit_try_run_case+0x170/0x3f0 [ 33.793021] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.793294] kthread+0x328/0x630 [ 33.793405] ret_from_fork+0x10/0x20 [ 33.793541] [ 33.793695] Allocated by task 297: [ 33.793922] kasan_save_stack+0x3c/0x68 [ 33.794259] kasan_save_track+0x20/0x40 [ 33.794358] kasan_save_alloc_info+0x40/0x58 [ 33.794702] __kasan_kmalloc+0xd4/0xd8 [ 33.794863] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.794913] kasan_atomics+0xb8/0x2e0 [ 33.795255] kunit_try_run_case+0x170/0x3f0 [ 33.795433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.795491] kthread+0x328/0x630 [ 33.795649] ret_from_fork+0x10/0x20 [ 33.795697] [ 33.795727] The buggy address belongs to the object at fff00000c5a8e300 [ 33.795727] which belongs to the cache kmalloc-64 of size 64 [ 33.795798] The buggy address is located 0 bytes to the right of [ 33.795798] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.795877] [ 33.795919] The buggy address belongs to the physical page: [ 33.795963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.796029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.796078] page_type: f5(slab) [ 33.796130] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.796185] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.796238] page dumped because: kasan: bad access detected [ 33.796280] [ 33.796549] Memory state around the buggy address: [ 33.796592] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.796992] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.797054] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.797492] ^ [ 33.797568] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.797731] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.798081] ================================================================== [ 34.079284] ================================================================== [ 34.079427] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 34.079650] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.079999] [ 34.080125] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.080232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.080272] Hardware name: linux,dummy-virt (DT) [ 34.080309] Call trace: [ 34.080492] show_stack+0x20/0x38 (C) [ 34.080704] dump_stack_lvl+0x8c/0xd0 [ 34.080783] print_report+0x118/0x608 [ 34.081244] kasan_report+0xdc/0x128 [ 34.081698] kasan_check_range+0x100/0x1a8 [ 34.081821] __kasan_check_write+0x20/0x30 [ 34.082054] kasan_atomics_helper+0x17ec/0x4858 [ 34.082289] kasan_atomics+0x198/0x2e0 [ 34.082347] kunit_try_run_case+0x170/0x3f0 [ 34.082856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.082940] kthread+0x328/0x630 [ 34.083158] ret_from_fork+0x10/0x20 [ 34.083237] [ 34.083263] Allocated by task 297: [ 34.083585] kasan_save_stack+0x3c/0x68 [ 34.083850] kasan_save_track+0x20/0x40 [ 34.084048] kasan_save_alloc_info+0x40/0x58 [ 34.084460] __kasan_kmalloc+0xd4/0xd8 [ 34.084872] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.084957] kasan_atomics+0xb8/0x2e0 [ 34.085146] kunit_try_run_case+0x170/0x3f0 [ 34.085355] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.085435] kthread+0x328/0x630 [ 34.085933] ret_from_fork+0x10/0x20 [ 34.086072] [ 34.086294] The buggy address belongs to the object at fff00000c5a8e300 [ 34.086294] which belongs to the cache kmalloc-64 of size 64 [ 34.086457] The buggy address is located 0 bytes to the right of [ 34.086457] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.086795] [ 34.086826] The buggy address belongs to the physical page: [ 34.086871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.087375] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.087745] page_type: f5(slab) [ 34.087848] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.088147] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.088316] page dumped because: kasan: bad access detected [ 34.088607] [ 34.088778] Memory state around the buggy address: [ 34.088859] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.088908] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.088953] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.088996] ^ [ 34.089032] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.089078] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.089218] ================================================================== [ 33.883754] ================================================================== [ 33.884086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 33.884160] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.884212] [ 33.884256] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.884347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.884718] Hardware name: linux,dummy-virt (DT) [ 33.884979] Call trace: [ 33.885259] show_stack+0x20/0x38 (C) [ 33.885533] dump_stack_lvl+0x8c/0xd0 [ 33.885589] print_report+0x118/0x608 [ 33.885638] kasan_report+0xdc/0x128 [ 33.885687] kasan_check_range+0x100/0x1a8 [ 33.886953] __kasan_check_write+0x20/0x30 [ 33.887056] kasan_atomics_helper+0x1128/0x4858 [ 33.887140] kasan_atomics+0x198/0x2e0 [ 33.887232] kunit_try_run_case+0x170/0x3f0 [ 33.887311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.887623] kthread+0x328/0x630 [ 33.887678] ret_from_fork+0x10/0x20 [ 33.888260] [ 33.888401] Allocated by task 297: [ 33.888526] kasan_save_stack+0x3c/0x68 [ 33.888586] kasan_save_track+0x20/0x40 [ 33.888630] kasan_save_alloc_info+0x40/0x58 [ 33.888677] __kasan_kmalloc+0xd4/0xd8 [ 33.889077] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.889378] kasan_atomics+0xb8/0x2e0 [ 33.889625] kunit_try_run_case+0x170/0x3f0 [ 33.889800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.890072] kthread+0x328/0x630 [ 33.890395] ret_from_fork+0x10/0x20 [ 33.890827] [ 33.891038] The buggy address belongs to the object at fff00000c5a8e300 [ 33.891038] which belongs to the cache kmalloc-64 of size 64 [ 33.891296] The buggy address is located 0 bytes to the right of [ 33.891296] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.891726] [ 33.891757] The buggy address belongs to the physical page: [ 33.891799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.892347] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.892484] page_type: f5(slab) [ 33.892657] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.892791] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.892845] page dumped because: kasan: bad access detected [ 33.892881] [ 33.892901] Memory state around the buggy address: [ 33.893234] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.893321] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.893426] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.893480] ^ [ 33.893516] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.893561] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.893603] ================================================================== [ 33.958754] ================================================================== [ 33.958915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 33.958976] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.959052] [ 33.959087] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.959177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.959532] Hardware name: linux,dummy-virt (DT) [ 33.959726] Call trace: [ 33.959788] show_stack+0x20/0x38 (C) [ 33.960015] dump_stack_lvl+0x8c/0xd0 [ 33.960141] print_report+0x118/0x608 [ 33.960509] kasan_report+0xdc/0x128 [ 33.960561] kasan_check_range+0x100/0x1a8 [ 33.960774] __kasan_check_write+0x20/0x30 [ 33.961442] kasan_atomics_helper+0x1414/0x4858 [ 33.961556] kasan_atomics+0x198/0x2e0 [ 33.961722] kunit_try_run_case+0x170/0x3f0 [ 33.961912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.962097] kthread+0x328/0x630 [ 33.962263] ret_from_fork+0x10/0x20 [ 33.962351] [ 33.962373] Allocated by task 297: [ 33.962717] kasan_save_stack+0x3c/0x68 [ 33.963044] kasan_save_track+0x20/0x40 [ 33.963195] kasan_save_alloc_info+0x40/0x58 [ 33.963443] __kasan_kmalloc+0xd4/0xd8 [ 33.963674] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.963739] kasan_atomics+0xb8/0x2e0 [ 33.963781] kunit_try_run_case+0x170/0x3f0 [ 33.963824] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.963899] kthread+0x328/0x630 [ 33.963936] ret_from_fork+0x10/0x20 [ 33.963985] [ 33.964009] The buggy address belongs to the object at fff00000c5a8e300 [ 33.964009] which belongs to the cache kmalloc-64 of size 64 [ 33.964078] The buggy address is located 0 bytes to the right of [ 33.964078] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.964157] [ 33.964189] The buggy address belongs to the physical page: [ 33.964225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.964281] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.964426] page_type: f5(slab) [ 33.964798] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.964870] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.964915] page dumped because: kasan: bad access detected [ 33.964950] [ 33.964970] Memory state around the buggy address: [ 33.965006] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.965053] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.965098] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.965817] ^ [ 33.965929] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.966133] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.966180] ================================================================== [ 33.820952] ================================================================== [ 33.821496] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 33.821709] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.821855] [ 33.821896] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.821995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.822024] Hardware name: linux,dummy-virt (DT) [ 33.822108] Call trace: [ 33.822143] show_stack+0x20/0x38 (C) [ 33.822200] dump_stack_lvl+0x8c/0xd0 [ 33.822253] print_report+0x118/0x608 [ 33.822303] kasan_report+0xdc/0x128 [ 33.822352] kasan_check_range+0x100/0x1a8 [ 33.822403] __kasan_check_write+0x20/0x30 [ 33.822451] kasan_atomics_helper+0xeb8/0x4858 [ 33.822507] kasan_atomics+0x198/0x2e0 [ 33.822555] kunit_try_run_case+0x170/0x3f0 [ 33.822606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.822663] kthread+0x328/0x630 [ 33.822709] ret_from_fork+0x10/0x20 [ 33.822759] [ 33.822782] Allocated by task 297: [ 33.822812] kasan_save_stack+0x3c/0x68 [ 33.822870] kasan_save_track+0x20/0x40 [ 33.822913] kasan_save_alloc_info+0x40/0x58 [ 33.822963] __kasan_kmalloc+0xd4/0xd8 [ 33.823004] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.823048] kasan_atomics+0xb8/0x2e0 [ 33.823087] kunit_try_run_case+0x170/0x3f0 [ 33.823139] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.823198] kthread+0x328/0x630 [ 33.823245] ret_from_fork+0x10/0x20 [ 33.823286] [ 33.823307] The buggy address belongs to the object at fff00000c5a8e300 [ 33.823307] which belongs to the cache kmalloc-64 of size 64 [ 33.823367] The buggy address is located 0 bytes to the right of [ 33.823367] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.823443] [ 33.823466] The buggy address belongs to the physical page: [ 33.823500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.823554] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.823605] page_type: f5(slab) [ 33.823651] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.823705] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.823755] page dumped because: kasan: bad access detected [ 33.823789] [ 33.823809] Memory state around the buggy address: [ 33.825017] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.825101] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.825184] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.825337] ^ [ 33.825382] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.825674] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.825935] ================================================================== [ 33.977669] ================================================================== [ 33.977728] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 33.978122] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.978289] [ 33.978353] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.978579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.978613] Hardware name: linux,dummy-virt (DT) [ 33.978649] Call trace: [ 33.978698] show_stack+0x20/0x38 (C) [ 33.978766] dump_stack_lvl+0x8c/0xd0 [ 33.979126] print_report+0x118/0x608 [ 33.979202] kasan_report+0xdc/0x128 [ 33.979345] kasan_check_range+0x100/0x1a8 [ 33.979457] __kasan_check_write+0x20/0x30 [ 33.979562] kasan_atomics_helper+0x14e4/0x4858 [ 33.979621] kasan_atomics+0x198/0x2e0 [ 33.980099] kunit_try_run_case+0x170/0x3f0 [ 33.980267] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.980453] kthread+0x328/0x630 [ 33.980725] ret_from_fork+0x10/0x20 [ 33.980952] [ 33.981003] Allocated by task 297: [ 33.981181] kasan_save_stack+0x3c/0x68 [ 33.981527] kasan_save_track+0x20/0x40 [ 33.981850] kasan_save_alloc_info+0x40/0x58 [ 33.982027] __kasan_kmalloc+0xd4/0xd8 [ 33.982383] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.982585] kasan_atomics+0xb8/0x2e0 [ 33.982792] kunit_try_run_case+0x170/0x3f0 [ 33.983134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.983489] kthread+0x328/0x630 [ 33.983625] ret_from_fork+0x10/0x20 [ 33.983763] [ 33.984069] The buggy address belongs to the object at fff00000c5a8e300 [ 33.984069] which belongs to the cache kmalloc-64 of size 64 [ 33.984192] The buggy address is located 0 bytes to the right of [ 33.984192] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.984265] [ 33.984306] The buggy address belongs to the physical page: [ 33.984711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.984778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.984829] page_type: f5(slab) [ 33.984887] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.985554] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.985824] page dumped because: kasan: bad access detected [ 33.985907] [ 33.985959] Memory state around the buggy address: [ 33.986176] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.986623] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.986936] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.987049] ^ [ 33.987089] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.987385] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.987544] ================================================================== [ 33.896325] ================================================================== [ 33.896563] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 33.896654] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.896708] [ 33.896741] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.897231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.897384] Hardware name: linux,dummy-virt (DT) [ 33.897675] Call trace: [ 33.897764] show_stack+0x20/0x38 (C) [ 33.897961] dump_stack_lvl+0x8c/0xd0 [ 33.898019] print_report+0x118/0x608 [ 33.898206] kasan_report+0xdc/0x128 [ 33.898430] kasan_check_range+0x100/0x1a8 [ 33.898551] __kasan_check_write+0x20/0x30 [ 33.898605] kasan_atomics_helper+0x1190/0x4858 [ 33.898665] kasan_atomics+0x198/0x2e0 [ 33.898714] kunit_try_run_case+0x170/0x3f0 [ 33.898765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.898822] kthread+0x328/0x630 [ 33.898877] ret_from_fork+0x10/0x20 [ 33.898933] [ 33.898992] Allocated by task 297: [ 33.899025] kasan_save_stack+0x3c/0x68 [ 33.899081] kasan_save_track+0x20/0x40 [ 33.899122] kasan_save_alloc_info+0x40/0x58 [ 33.899163] __kasan_kmalloc+0xd4/0xd8 [ 33.899213] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.899257] kasan_atomics+0xb8/0x2e0 [ 33.899297] kunit_try_run_case+0x170/0x3f0 [ 33.899353] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.899403] kthread+0x328/0x630 [ 33.899439] ret_from_fork+0x10/0x20 [ 33.899479] [ 33.899509] The buggy address belongs to the object at fff00000c5a8e300 [ 33.899509] which belongs to the cache kmalloc-64 of size 64 [ 33.899571] The buggy address is located 0 bytes to the right of [ 33.899571] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.899647] [ 33.899678] The buggy address belongs to the physical page: [ 33.899731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.899804] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.900249] page_type: f5(slab) [ 33.900316] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.900394] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.900462] page dumped because: kasan: bad access detected [ 33.901059] [ 33.901504] Memory state around the buggy address: [ 33.901995] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.902166] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.902222] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.902411] ^ [ 33.902456] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.902675] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.902826] ================================================================== [ 33.993572] ================================================================== [ 33.993624] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 33.993674] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.993731] [ 33.993761] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.995082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.995126] Hardware name: linux,dummy-virt (DT) [ 33.995182] Call trace: [ 33.995226] show_stack+0x20/0x38 (C) [ 33.995298] dump_stack_lvl+0x8c/0xd0 [ 33.995379] print_report+0x118/0x608 [ 33.995466] kasan_report+0xdc/0x128 [ 33.995695] kasan_check_range+0x100/0x1a8 [ 33.996268] __kasan_check_write+0x20/0x30 [ 33.996571] kasan_atomics_helper+0x15b4/0x4858 [ 33.996928] kasan_atomics+0x198/0x2e0 [ 33.997176] kunit_try_run_case+0x170/0x3f0 [ 33.997561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.997934] kthread+0x328/0x630 [ 33.998312] ret_from_fork+0x10/0x20 [ 33.998627] [ 33.998707] Allocated by task 297: [ 33.998741] kasan_save_stack+0x3c/0x68 [ 33.999087] kasan_save_track+0x20/0x40 [ 33.999853] kasan_save_alloc_info+0x40/0x58 [ 34.000040] __kasan_kmalloc+0xd4/0xd8 [ 34.000312] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.000602] kasan_atomics+0xb8/0x2e0 [ 34.000658] kunit_try_run_case+0x170/0x3f0 [ 34.001004] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.001349] kthread+0x328/0x630 [ 34.001486] ret_from_fork+0x10/0x20 [ 34.001530] [ 34.001893] The buggy address belongs to the object at fff00000c5a8e300 [ 34.001893] which belongs to the cache kmalloc-64 of size 64 [ 34.002127] The buggy address is located 0 bytes to the right of [ 34.002127] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.002637] [ 34.002708] The buggy address belongs to the physical page: [ 34.003017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.003094] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.003198] page_type: f5(slab) [ 34.003243] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.003527] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.003870] page dumped because: kasan: bad access detected [ 34.004176] [ 34.004525] Memory state around the buggy address: [ 34.004825] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.005087] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.005254] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.005295] ^ [ 34.005332] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.005379] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.005728] ================================================================== [ 33.675797] ================================================================== [ 33.675929] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xad4/0x4858 [ 33.675991] Write of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.676193] [ 33.676378] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.676494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.676662] Hardware name: linux,dummy-virt (DT) [ 33.676768] Call trace: [ 33.676902] show_stack+0x20/0x38 (C) [ 33.676988] dump_stack_lvl+0x8c/0xd0 [ 33.677045] print_report+0x118/0x608 [ 33.677093] kasan_report+0xdc/0x128 [ 33.677142] kasan_check_range+0x100/0x1a8 [ 33.677193] __kasan_check_write+0x20/0x30 [ 33.677727] kasan_atomics_helper+0xad4/0x4858 [ 33.678675] kasan_atomics+0x198/0x2e0 [ 33.678951] kunit_try_run_case+0x170/0x3f0 [ 33.679258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.680503] kasan_save_stack+0x3c/0x68 [ 33.681312] kasan_atomics+0xb8/0x2e0 [ 33.682427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.682499] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.682550] page_type: f5(slab) [ 33.682600] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.682663] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.682706] page dumped because: kasan: bad access detected [ 33.682740] [ 33.682771] Memory state around the buggy address: [ 33.682819] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.683083] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.683225] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.683670] ^ [ 33.683727] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.683777] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.686319] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dcc/0x4858 [ 33.687282] Call trace: [ 33.689706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.690665] kasan_save_alloc_info+0x40/0x58 [ 33.692847] The buggy address is located 0 bytes to the right of [ 33.692847] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.693822] page_type: f5(slab) [ 33.694051] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.694611] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.694798] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.697665] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb70/0x4858 [ 33.699540] print_report+0x118/0x608 [ 33.700101] kthread+0x328/0x630 [ 33.701797] __kasan_kmalloc+0xd4/0xd8 [ 33.703194] [ 33.703566] The buggy address is located 0 bytes to the right of [ 33.703566] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.704409] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.705713] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.706293] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.707819] [ 33.707951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.708101] dump_stack_lvl+0x8c/0xd0 [ 33.709935] kasan_save_stack+0x3c/0x68 [ 33.713164] [ 33.714499] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.716525] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.718941] ================================================================== [ 33.947335] ================================================================== [ 33.947589] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 33.947830] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.947941] [ 33.947978] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.948066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.948094] Hardware name: linux,dummy-virt (DT) [ 33.948130] Call trace: [ 33.948625] show_stack+0x20/0x38 (C) [ 33.948914] dump_stack_lvl+0x8c/0xd0 [ 33.949118] print_report+0x118/0x608 [ 33.949245] kasan_report+0xdc/0x128 [ 33.949497] __asan_report_load8_noabort+0x20/0x30 [ 33.949600] kasan_atomics_helper+0x3f04/0x4858 [ 33.949663] kasan_atomics+0x198/0x2e0 [ 33.949718] kunit_try_run_case+0x170/0x3f0 [ 33.950155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.950576] kthread+0x328/0x630 [ 33.950664] ret_from_fork+0x10/0x20 [ 33.950721] [ 33.950991] Allocated by task 297: [ 33.951406] kasan_save_stack+0x3c/0x68 [ 33.951704] kasan_save_track+0x20/0x40 [ 33.952125] kasan_save_alloc_info+0x40/0x58 [ 33.952283] __kasan_kmalloc+0xd4/0xd8 [ 33.952353] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.952477] kasan_atomics+0xb8/0x2e0 [ 33.952518] kunit_try_run_case+0x170/0x3f0 [ 33.952567] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.952616] kthread+0x328/0x630 [ 33.952844] ret_from_fork+0x10/0x20 [ 33.953188] [ 33.953224] The buggy address belongs to the object at fff00000c5a8e300 [ 33.953224] which belongs to the cache kmalloc-64 of size 64 [ 33.953324] The buggy address is located 0 bytes to the right of [ 33.953324] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.953755] [ 33.953820] The buggy address belongs to the physical page: [ 33.953970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.954035] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.954086] page_type: f5(slab) [ 33.954463] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.954856] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.955106] page dumped because: kasan: bad access detected [ 33.955492] [ 33.955648] Memory state around the buggy address: [ 33.955774] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.955854] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.955900] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.955941] ^ [ 33.955977] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.956023] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.956148] ================================================================== [ 33.989293] ================================================================== [ 33.989437] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 33.989547] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.989609] [ 33.989806] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.989922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.990324] Hardware name: linux,dummy-virt (DT) [ 33.990374] Call trace: [ 33.990399] show_stack+0x20/0x38 (C) [ 33.990455] dump_stack_lvl+0x8c/0xd0 [ 33.990683] print_report+0x118/0x608 [ 33.990872] kasan_report+0xdc/0x128 [ 33.990926] kasan_check_range+0x100/0x1a8 [ 33.991105] __kasan_check_write+0x20/0x30 [ 33.991331] kasan_atomics_helper+0x154c/0x4858 [ 33.991551] kasan_atomics+0x198/0x2e0 [ 33.991607] kunit_try_run_case+0x170/0x3f0 [ 33.991767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.991853] kthread+0x328/0x630 [ 33.991899] ret_from_fork+0x10/0x20 [ 33.991950] [ 33.991972] Allocated by task 297: [ 33.992001] kasan_save_stack+0x3c/0x68 [ 33.992058] kasan_save_track+0x20/0x40 [ 33.992111] kasan_save_alloc_info+0x40/0x58 [ 33.992153] __kasan_kmalloc+0xd4/0xd8 [ 33.992202] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.992254] kasan_atomics+0xb8/0x2e0 [ 33.992295] kunit_try_run_case+0x170/0x3f0 [ 33.992347] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.992397] kthread+0x328/0x630 [ 33.992433] ret_from_fork+0x10/0x20 [ 33.992472] [ 33.992493] The buggy address belongs to the object at fff00000c5a8e300 [ 33.992493] which belongs to the cache kmalloc-64 of size 64 [ 33.992563] The buggy address is located 0 bytes to the right of [ 33.992563] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.992632] [ 33.992653] The buggy address belongs to the physical page: [ 33.992687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.992740] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.992788] page_type: f5(slab) [ 33.992829] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.993023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.993082] page dumped because: kasan: bad access detected [ 33.993118] [ 33.993138] Memory state around the buggy address: [ 33.993172] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.993218] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.993263] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.993302] ^ [ 33.993337] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.993384] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.993456] ================================================================== [ 33.657620] ================================================================== [ 33.657696] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa04/0x4858 [ 33.657856] Write of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.657919] [ 33.657990] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.658101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.658138] Hardware name: linux,dummy-virt (DT) [ 33.658174] Call trace: [ 33.658198] show_stack+0x20/0x38 (C) [ 33.658257] dump_stack_lvl+0x8c/0xd0 [ 33.658310] print_report+0x118/0x608 [ 33.658359] kasan_report+0xdc/0x128 [ 33.658406] kasan_check_range+0x100/0x1a8 [ 33.658457] __kasan_check_write+0x20/0x30 [ 33.658503] kasan_atomics_helper+0xa04/0x4858 [ 33.658554] kasan_atomics+0x198/0x2e0 [ 33.658608] kunit_try_run_case+0x170/0x3f0 [ 33.658659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.658725] kthread+0x328/0x630 [ 33.658772] ret_from_fork+0x10/0x20 [ 33.658820] [ 33.659198] Allocated by task 297: [ 33.659248] kasan_save_stack+0x3c/0x68 [ 33.659578] kasan_save_track+0x20/0x40 [ 33.659631] kasan_save_alloc_info+0x40/0x58 [ 33.659887] __kasan_kmalloc+0xd4/0xd8 [ 33.659961] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.660171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.661252] [ 33.661390] The buggy address belongs to the physical page: [ 33.661430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.661967] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.662341] page_type: f5(slab) [ 33.662504] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.662727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.662933] page dumped because: kasan: bad access detected [ 33.663009] [ 33.663089] Memory state around the buggy address: [ 33.663178] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.663261] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.663495] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.663696] ^ [ 33.663826] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.664045] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.664266] ================================================================== [ 33.628070] ================================================================== [ 33.628386] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 33.628542] Read of size 4 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.628611] [ 33.628678] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.628781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.628811] Hardware name: linux,dummy-virt (DT) [ 33.628945] Call trace: [ 33.628979] show_stack+0x20/0x38 (C) [ 33.629042] dump_stack_lvl+0x8c/0xd0 [ 33.629104] print_report+0x118/0x608 [ 33.629161] kasan_report+0xdc/0x128 [ 33.629210] __asan_report_load4_noabort+0x20/0x30 [ 33.629262] kasan_atomics_helper+0x42d8/0x4858 [ 33.629315] kasan_atomics+0x198/0x2e0 [ 33.629374] kunit_try_run_case+0x170/0x3f0 [ 33.629425] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.629484] kthread+0x328/0x630 [ 33.629538] ret_from_fork+0x10/0x20 [ 33.629598] [ 33.629619] Allocated by task 297: [ 33.629655] kasan_save_stack+0x3c/0x68 [ 33.629700] kasan_save_track+0x20/0x40 [ 33.629742] kasan_save_alloc_info+0x40/0x58 [ 33.629791] __kasan_kmalloc+0xd4/0xd8 [ 33.629868] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.631787] [ 33.632252] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.632311] page_type: f5(slab) [ 33.632562] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.632777] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.633673] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.634590] ================================================================== [ 33.778646] ================================================================== [ 33.779253] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 33.779435] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.779692] [ 33.779737] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.780066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.780110] Hardware name: linux,dummy-virt (DT) [ 33.780146] Call trace: [ 33.780334] show_stack+0x20/0x38 (C) [ 33.780566] dump_stack_lvl+0x8c/0xd0 [ 33.780619] print_report+0x118/0x608 [ 33.780945] kasan_report+0xdc/0x128 [ 33.781411] kasan_check_range+0x100/0x1a8 [ 33.781496] __kasan_check_read+0x20/0x30 [ 33.781807] kasan_atomics_helper+0xdd4/0x4858 [ 33.781884] kasan_atomics+0x198/0x2e0 [ 33.781994] kunit_try_run_case+0x170/0x3f0 [ 33.782049] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.782118] kthread+0x328/0x630 [ 33.782163] ret_from_fork+0x10/0x20 [ 33.782222] [ 33.782251] Allocated by task 297: [ 33.782322] kasan_save_stack+0x3c/0x68 [ 33.782371] kasan_save_track+0x20/0x40 [ 33.782413] kasan_save_alloc_info+0x40/0x58 [ 33.782469] __kasan_kmalloc+0xd4/0xd8 [ 33.782517] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.782560] kasan_atomics+0xb8/0x2e0 [ 33.782601] kunit_try_run_case+0x170/0x3f0 [ 33.782641] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.782688] kthread+0x328/0x630 [ 33.782745] ret_from_fork+0x10/0x20 [ 33.782785] [ 33.782814] The buggy address belongs to the object at fff00000c5a8e300 [ 33.782814] which belongs to the cache kmalloc-64 of size 64 [ 33.783776] The buggy address is located 0 bytes to the right of [ 33.783776] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.784020] [ 33.784189] The buggy address belongs to the physical page: [ 33.784225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.784911] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.785114] page_type: f5(slab) [ 33.785399] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.785574] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.785726] page dumped because: kasan: bad access detected [ 33.785784] [ 33.786037] Memory state around the buggy address: [ 33.786212] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.786303] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.786433] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.786645] ^ [ 33.786683] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.786753] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.786972] ================================================================== [ 33.809279] ================================================================== [ 33.809333] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 33.809390] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.809441] [ 33.809964] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.810184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.810219] Hardware name: linux,dummy-virt (DT) [ 33.810317] Call trace: [ 33.810342] show_stack+0x20/0x38 (C) [ 33.810397] dump_stack_lvl+0x8c/0xd0 [ 33.810504] print_report+0x118/0x608 [ 33.810580] kasan_report+0xdc/0x128 [ 33.810640] __asan_report_store8_noabort+0x20/0x30 [ 33.810937] kasan_atomics_helper+0x3e5c/0x4858 [ 33.811135] kasan_atomics+0x198/0x2e0 [ 33.811477] kunit_try_run_case+0x170/0x3f0 [ 33.811556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.811618] kthread+0x328/0x630 [ 33.811663] ret_from_fork+0x10/0x20 [ 33.811715] [ 33.812009] Allocated by task 297: [ 33.812076] kasan_save_stack+0x3c/0x68 [ 33.812130] kasan_save_track+0x20/0x40 [ 33.812425] kasan_save_alloc_info+0x40/0x58 [ 33.812718] __kasan_kmalloc+0xd4/0xd8 [ 33.813189] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.813414] kasan_atomics+0xb8/0x2e0 [ 33.813612] kunit_try_run_case+0x170/0x3f0 [ 33.813684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.814020] kthread+0x328/0x630 [ 33.814530] ret_from_fork+0x10/0x20 [ 33.814817] [ 33.815140] The buggy address belongs to the object at fff00000c5a8e300 [ 33.815140] which belongs to the cache kmalloc-64 of size 64 [ 33.815590] The buggy address is located 0 bytes to the right of [ 33.815590] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.815901] [ 33.816083] The buggy address belongs to the physical page: [ 33.816140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.816464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.816747] page_type: f5(slab) [ 33.816911] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.816974] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.817017] page dumped because: kasan: bad access detected [ 33.817052] [ 33.817072] Memory state around the buggy address: [ 33.817406] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.817778] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.818071] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.818185] ^ [ 33.818226] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.818282] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.818324] ================================================================== [ 34.038987] ================================================================== [ 34.039257] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 34.039468] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.039639] [ 34.039674] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.040020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.040065] Hardware name: linux,dummy-virt (DT) [ 34.040102] Call trace: [ 34.040126] show_stack+0x20/0x38 (C) [ 34.040388] dump_stack_lvl+0x8c/0xd0 [ 34.040605] print_report+0x118/0x608 [ 34.040881] kasan_report+0xdc/0x128 [ 34.041161] kasan_check_range+0x100/0x1a8 [ 34.041244] __kasan_check_write+0x20/0x30 [ 34.041452] kasan_atomics_helper+0x16d0/0x4858 [ 34.042249] kasan_atomics+0x198/0x2e0 [ 34.042344] kunit_try_run_case+0x170/0x3f0 [ 34.042411] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.042493] kthread+0x328/0x630 [ 34.042564] ret_from_fork+0x10/0x20 [ 34.042789] [ 34.042915] Allocated by task 297: [ 34.042947] kasan_save_stack+0x3c/0x68 [ 34.043212] kasan_save_track+0x20/0x40 [ 34.043674] kasan_save_alloc_info+0x40/0x58 [ 34.043813] __kasan_kmalloc+0xd4/0xd8 [ 34.043869] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.044226] kasan_atomics+0xb8/0x2e0 [ 34.044505] kunit_try_run_case+0x170/0x3f0 [ 34.044658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.044715] kthread+0x328/0x630 [ 34.044752] ret_from_fork+0x10/0x20 [ 34.044802] [ 34.044825] The buggy address belongs to the object at fff00000c5a8e300 [ 34.044825] which belongs to the cache kmalloc-64 of size 64 [ 34.045155] The buggy address is located 0 bytes to the right of [ 34.045155] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.045508] [ 34.045644] The buggy address belongs to the physical page: [ 34.045965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.046287] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.046676] page_type: f5(slab) [ 34.046886] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.047092] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.047346] page dumped because: kasan: bad access detected [ 34.047545] [ 34.048037] Memory state around the buggy address: [ 34.048211] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.048270] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.048417] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.048463] ^ [ 34.048730] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.049100] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.049372] ================================================================== [ 34.018285] ================================================================== [ 34.018549] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 34.018786] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.018995] [ 34.019222] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.019462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.019887] Hardware name: linux,dummy-virt (DT) [ 34.019948] Call trace: [ 34.019977] show_stack+0x20/0x38 (C) [ 34.020325] dump_stack_lvl+0x8c/0xd0 [ 34.020672] print_report+0x118/0x608 [ 34.020880] kasan_report+0xdc/0x128 [ 34.021300] kasan_check_range+0x100/0x1a8 [ 34.021551] __kasan_check_write+0x20/0x30 [ 34.022010] kasan_atomics_helper+0x1644/0x4858 [ 34.022178] kasan_atomics+0x198/0x2e0 [ 34.022324] kunit_try_run_case+0x170/0x3f0 [ 34.022753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.023116] kthread+0x328/0x630 [ 34.023488] ret_from_fork+0x10/0x20 [ 34.023815] [ 34.023914] Allocated by task 297: [ 34.023948] kasan_save_stack+0x3c/0x68 [ 34.023999] kasan_save_track+0x20/0x40 [ 34.024063] kasan_save_alloc_info+0x40/0x58 [ 34.024106] __kasan_kmalloc+0xd4/0xd8 [ 34.024147] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.024222] kasan_atomics+0xb8/0x2e0 [ 34.024264] kunit_try_run_case+0x170/0x3f0 [ 34.024728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.025050] kthread+0x328/0x630 [ 34.025256] ret_from_fork+0x10/0x20 [ 34.025306] [ 34.025572] The buggy address belongs to the object at fff00000c5a8e300 [ 34.025572] which belongs to the cache kmalloc-64 of size 64 [ 34.026262] The buggy address is located 0 bytes to the right of [ 34.026262] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.026611] [ 34.026762] The buggy address belongs to the physical page: [ 34.027037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.027218] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.027349] page_type: f5(slab) [ 34.027699] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.028006] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.028214] page dumped because: kasan: bad access detected [ 34.028296] [ 34.028333] Memory state around the buggy address: [ 34.028463] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.028923] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.029237] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.029345] ^ [ 34.029409] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.029461] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.029733] ================================================================== [ 33.919730] ================================================================== [ 33.919858] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 33.919982] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.920313] [ 33.920361] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.920571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.920741] Hardware name: linux,dummy-virt (DT) [ 33.920860] Call trace: [ 33.920954] show_stack+0x20/0x38 (C) [ 33.921013] dump_stack_lvl+0x8c/0xd0 [ 33.921066] print_report+0x118/0x608 [ 33.921361] kasan_report+0xdc/0x128 [ 33.921614] kasan_check_range+0x100/0x1a8 [ 33.922015] __kasan_check_write+0x20/0x30 [ 33.922108] kasan_atomics_helper+0x126c/0x4858 [ 33.922380] kasan_atomics+0x198/0x2e0 [ 33.922547] kunit_try_run_case+0x170/0x3f0 [ 33.922600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.922659] kthread+0x328/0x630 [ 33.922705] ret_from_fork+0x10/0x20 [ 33.922756] [ 33.922779] Allocated by task 297: [ 33.922811] kasan_save_stack+0x3c/0x68 [ 33.922870] kasan_save_track+0x20/0x40 [ 33.922914] kasan_save_alloc_info+0x40/0x58 [ 33.922955] __kasan_kmalloc+0xd4/0xd8 [ 33.923008] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.923052] kasan_atomics+0xb8/0x2e0 [ 33.923093] kunit_try_run_case+0x170/0x3f0 [ 33.923135] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.923184] kthread+0x328/0x630 [ 33.923222] ret_from_fork+0x10/0x20 [ 33.923262] [ 33.923293] The buggy address belongs to the object at fff00000c5a8e300 [ 33.923293] which belongs to the cache kmalloc-64 of size 64 [ 33.923356] The buggy address is located 0 bytes to the right of [ 33.923356] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.923434] [ 33.923465] The buggy address belongs to the physical page: [ 33.923511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.923567] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.923617] page_type: f5(slab) [ 33.923657] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.923713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.923758] page dumped because: kasan: bad access detected [ 33.923799] [ 33.923828] Memory state around the buggy address: [ 33.923880] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.924318] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.924798] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.924880] ^ [ 33.924939] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.925158] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.925256] ================================================================== [ 34.057888] ================================================================== [ 34.058224] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 34.058294] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.058347] [ 34.059001] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.059198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.059232] Hardware name: linux,dummy-virt (DT) [ 34.059267] Call trace: [ 34.059293] show_stack+0x20/0x38 (C) [ 34.059644] dump_stack_lvl+0x8c/0xd0 [ 34.059714] print_report+0x118/0x608 [ 34.059896] kasan_report+0xdc/0x128 [ 34.059989] kasan_check_range+0x100/0x1a8 [ 34.060154] __kasan_check_write+0x20/0x30 [ 34.060372] kasan_atomics_helper+0x175c/0x4858 [ 34.060591] kasan_atomics+0x198/0x2e0 [ 34.060787] kunit_try_run_case+0x170/0x3f0 [ 34.060933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.061288] kthread+0x328/0x630 [ 34.061526] ret_from_fork+0x10/0x20 [ 34.061978] [ 34.062141] Allocated by task 297: [ 34.062364] kasan_save_stack+0x3c/0x68 [ 34.062417] kasan_save_track+0x20/0x40 [ 34.062459] kasan_save_alloc_info+0x40/0x58 [ 34.063152] __kasan_kmalloc+0xd4/0xd8 [ 34.063471] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.063655] kasan_atomics+0xb8/0x2e0 [ 34.063818] kunit_try_run_case+0x170/0x3f0 [ 34.063941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.064049] kthread+0x328/0x630 [ 34.064443] ret_from_fork+0x10/0x20 [ 34.064657] [ 34.064750] The buggy address belongs to the object at fff00000c5a8e300 [ 34.064750] which belongs to the cache kmalloc-64 of size 64 [ 34.064915] The buggy address is located 0 bytes to the right of [ 34.064915] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.065378] [ 34.065853] The buggy address belongs to the physical page: [ 34.065895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.066522] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.066920] page_type: f5(slab) [ 34.067020] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.067305] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.067750] page dumped because: kasan: bad access detected [ 34.067944] [ 34.068175] Memory state around the buggy address: [ 34.068353] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.068562] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.068804] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.069014] ^ [ 34.069059] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.069362] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.069524] ================================================================== [ 33.926814] ================================================================== [ 33.926883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 33.926945] Write of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 33.927388] [ 33.927439] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.927540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.927570] Hardware name: linux,dummy-virt (DT) [ 33.927604] Call trace: [ 33.927631] show_stack+0x20/0x38 (C) [ 33.928105] dump_stack_lvl+0x8c/0xd0 [ 33.928620] print_report+0x118/0x608 [ 33.928755] kasan_report+0xdc/0x128 [ 33.928807] kasan_check_range+0x100/0x1a8 [ 33.928871] __kasan_check_write+0x20/0x30 [ 33.929204] kasan_atomics_helper+0x12d8/0x4858 [ 33.929621] kasan_atomics+0x198/0x2e0 [ 33.929777] kunit_try_run_case+0x170/0x3f0 [ 33.930058] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.930301] kthread+0x328/0x630 [ 33.930372] ret_from_fork+0x10/0x20 [ 33.930447] [ 33.930718] Allocated by task 297: [ 33.931132] kasan_save_stack+0x3c/0x68 [ 33.931377] kasan_save_track+0x20/0x40 [ 33.931571] kasan_save_alloc_info+0x40/0x58 [ 33.931869] __kasan_kmalloc+0xd4/0xd8 [ 33.932041] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.932403] kasan_atomics+0xb8/0x2e0 [ 33.932571] kunit_try_run_case+0x170/0x3f0 [ 33.932934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.933017] kthread+0x328/0x630 [ 33.933142] ret_from_fork+0x10/0x20 [ 33.933222] [ 33.933407] The buggy address belongs to the object at fff00000c5a8e300 [ 33.933407] which belongs to the cache kmalloc-64 of size 64 [ 33.933543] The buggy address is located 0 bytes to the right of [ 33.933543] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 33.933971] [ 33.934231] The buggy address belongs to the physical page: [ 33.934272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 33.934357] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.934714] page_type: f5(slab) [ 33.935045] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.935121] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.935280] page dumped because: kasan: bad access detected [ 33.935606] [ 33.935684] Memory state around the buggy address: [ 33.935871] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.936438] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.936680] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.936882] ^ [ 33.936920] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.936974] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.937015] ================================================================== [ 34.030590] ================================================================== [ 34.030641] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 34.030695] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.030852] [ 34.030902] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.030997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.031026] Hardware name: linux,dummy-virt (DT) [ 34.031070] Call trace: [ 34.031098] show_stack+0x20/0x38 (C) [ 34.031153] dump_stack_lvl+0x8c/0xd0 [ 34.031205] print_report+0x118/0x608 [ 34.031253] kasan_report+0xdc/0x128 [ 34.031311] __asan_report_load8_noabort+0x20/0x30 [ 34.031364] kasan_atomics_helper+0x3df4/0x4858 [ 34.031415] kasan_atomics+0x198/0x2e0 [ 34.031464] kunit_try_run_case+0x170/0x3f0 [ 34.031515] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.031573] kthread+0x328/0x630 [ 34.031624] ret_from_fork+0x10/0x20 [ 34.031685] [ 34.031707] Allocated by task 297: [ 34.031737] kasan_save_stack+0x3c/0x68 [ 34.031791] kasan_save_track+0x20/0x40 [ 34.031832] kasan_save_alloc_info+0x40/0x58 [ 34.032297] __kasan_kmalloc+0xd4/0xd8 [ 34.032769] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.032848] kasan_atomics+0xb8/0x2e0 [ 34.032890] kunit_try_run_case+0x170/0x3f0 [ 34.032933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.032983] kthread+0x328/0x630 [ 34.033020] ret_from_fork+0x10/0x20 [ 34.033614] [ 34.033742] The buggy address belongs to the object at fff00000c5a8e300 [ 34.033742] which belongs to the cache kmalloc-64 of size 64 [ 34.034141] The buggy address is located 0 bytes to the right of [ 34.034141] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.034506] [ 34.034535] The buggy address belongs to the physical page: [ 34.034846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.035147] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.035352] page_type: f5(slab) [ 34.035521] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.035610] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.035677] page dumped because: kasan: bad access detected [ 34.035933] [ 34.036025] Memory state around the buggy address: [ 34.036340] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.036912] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.037022] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.037219] ^ [ 34.037458] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.037513] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.037556] ================================================================== [ 34.007945] ================================================================== [ 34.007999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 34.008338] Read of size 8 at addr fff00000c5a8e330 by task kunit_try_catch/297 [ 34.008415] [ 34.008457] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.008547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.008576] Hardware name: linux,dummy-virt (DT) [ 34.008612] Call trace: [ 34.008636] show_stack+0x20/0x38 (C) [ 34.008691] dump_stack_lvl+0x8c/0xd0 [ 34.009027] print_report+0x118/0x608 [ 34.009810] kasan_report+0xdc/0x128 [ 34.010238] __asan_report_load8_noabort+0x20/0x30 [ 34.010530] kasan_atomics_helper+0x3db0/0x4858 [ 34.010703] kasan_atomics+0x198/0x2e0 [ 34.010930] kunit_try_run_case+0x170/0x3f0 [ 34.011613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.011717] kthread+0x328/0x630 [ 34.012092] ret_from_fork+0x10/0x20 [ 34.012534] [ 34.012702] Allocated by task 297: [ 34.012741] kasan_save_stack+0x3c/0x68 [ 34.012933] kasan_save_track+0x20/0x40 [ 34.013161] kasan_save_alloc_info+0x40/0x58 [ 34.013408] __kasan_kmalloc+0xd4/0xd8 [ 34.013466] __kmalloc_cache_noprof+0x16c/0x3c0 [ 34.013511] kasan_atomics+0xb8/0x2e0 [ 34.013552] kunit_try_run_case+0x170/0x3f0 [ 34.013725] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.014281] kthread+0x328/0x630 [ 34.014432] ret_from_fork+0x10/0x20 [ 34.014490] [ 34.014519] The buggy address belongs to the object at fff00000c5a8e300 [ 34.014519] which belongs to the cache kmalloc-64 of size 64 [ 34.014786] The buggy address is located 0 bytes to the right of [ 34.014786] allocated 48-byte region [fff00000c5a8e300, fff00000c5a8e330) [ 34.015130] [ 34.015353] The buggy address belongs to the physical page: [ 34.015399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8e [ 34.015830] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.016249] page_type: f5(slab) [ 34.016299] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 34.016987] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 34.017062] page dumped because: kasan: bad access detected [ 34.017172] [ 34.017203] Memory state around the buggy address: [ 34.017239] fff00000c5a8e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.017288] fff00000c5a8e280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.017410] >fff00000c5a8e300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 34.017451] ^ [ 34.017487] fff00000c5a8e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.017533] fff00000c5a8e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.017575] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 33.441756] ================================================================== [ 33.443092] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 33.443153] Read of size 8 at addr fff00000c5a30ce8 by task kunit_try_catch/293 [ 33.443206] [ 33.443399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.444640] kasan_bitops_generic+0x11c/0x1c8 [ 33.446228] kasan_save_track+0x20/0x40 [ 33.447483] [ 33.448573] page_type: f5(slab) [ 33.449445] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.450225] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.451940] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 33.342897] ================================================================== [ 33.342972] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 33.343517] Write of size 8 at addr fff00000c5a30ce8 by task kunit_try_catch/293 [ 33.343888] [ 33.343952] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.344338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.344368] Hardware name: linux,dummy-virt (DT) [ 33.344406] Call trace: [ 33.344431] show_stack+0x20/0x38 (C) [ 33.344557] dump_stack_lvl+0x8c/0xd0 [ 33.345093] __kasan_check_write+0x20/0x30 [ 33.346322] ret_from_fork+0x10/0x20 [ 33.346377] [ 33.346425] Allocated by task 293: [ 33.346772] kasan_save_alloc_info+0x40/0x58 [ 33.347538] ret_from_fork+0x10/0x20 [ 33.347864] The buggy address is located 8 bytes inside of [ 33.347864] allocated 9-byte region [fff00000c5a30ce0, fff00000c5a30ce9) [ 33.348403] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.349137] page dumped because: kasan: bad access detected [ 33.349389] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.349871] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.352567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.353724] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.353965] kthread+0x328/0x630 [ 33.354014] ret_from_fork+0x10/0x20 [ 33.354133] [ 33.354153] Allocated by task 293: [ 33.354184] kasan_save_stack+0x3c/0x68 [ 33.354569] kasan_save_alloc_info+0x40/0x58 [ 33.355269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.355802] [ 33.356268] page_type: f5(slab) [ 33.356501] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 33.356642] page dumped because: kasan: bad access detected [ 33.356849] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.358924] [ 33.359512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.360418] kasan_report+0xdc/0x128 [ 33.360569] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 33.361029] kunit_try_run_case+0x170/0x3f0 [ 33.362346] __kasan_kmalloc+0xd4/0xd8 [ 33.363694] The buggy address is located 8 bytes inside of [ 33.363694] allocated 9-byte region [fff00000c5a30ce0, fff00000c5a30ce9) [ 33.364235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.364664] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 33.364884] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 33.365661] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 33.321757] ================================================================== [ 33.322281] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 33.322446] Read of size 1 at addr fff00000c5a8ac90 by task kunit_try_catch/291 [ 33.322632] [ 33.322678] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.322773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.323083] Hardware name: linux,dummy-virt (DT) [ 33.323336] Call trace: [ 33.323451] show_stack+0x20/0x38 (C) [ 33.323820] dump_stack_lvl+0x8c/0xd0 [ 33.324045] print_report+0x118/0x608 [ 33.324200] kasan_report+0xdc/0x128 [ 33.324254] __asan_report_load1_noabort+0x20/0x30 [ 33.324878] strnlen+0x80/0x88 [ 33.324942] kasan_strings+0x478/0xb00 [ 33.325014] kunit_try_run_case+0x170/0x3f0 [ 33.325065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.325356] kthread+0x328/0x630 [ 33.325463] ret_from_fork+0x10/0x20 [ 33.325596] [ 33.325753] Allocated by task 291: [ 33.325878] kasan_save_stack+0x3c/0x68 [ 33.325960] kasan_save_track+0x20/0x40 [ 33.326003] kasan_save_alloc_info+0x40/0x58 [ 33.326045] __kasan_kmalloc+0xd4/0xd8 [ 33.326084] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.326128] kasan_strings+0xc8/0xb00 [ 33.326167] kunit_try_run_case+0x170/0x3f0 [ 33.326208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.326431] kthread+0x328/0x630 [ 33.326475] ret_from_fork+0x10/0x20 [ 33.326869] [ 33.326895] Freed by task 291: [ 33.327254] kasan_save_stack+0x3c/0x68 [ 33.327403] kasan_save_track+0x20/0x40 [ 33.327447] kasan_save_free_info+0x4c/0x78 [ 33.327488] __kasan_slab_free+0x6c/0x98 [ 33.327531] kfree+0x214/0x3c8 [ 33.327579] kasan_strings+0x24c/0xb00 [ 33.327618] kunit_try_run_case+0x170/0x3f0 [ 33.328098] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.328483] kthread+0x328/0x630 [ 33.328522] ret_from_fork+0x10/0x20 [ 33.328563] [ 33.328587] The buggy address belongs to the object at fff00000c5a8ac80 [ 33.328587] which belongs to the cache kmalloc-32 of size 32 [ 33.328969] The buggy address is located 16 bytes inside of [ 33.328969] freed 32-byte region [fff00000c5a8ac80, fff00000c5a8aca0) [ 33.329093] [ 33.329117] The buggy address belongs to the physical page: [ 33.329152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.329259] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.329490] page_type: f5(slab) [ 33.329630] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.329730] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.329773] page dumped because: kasan: bad access detected [ 33.329847] [ 33.329879] Memory state around the buggy address: [ 33.329914] fff00000c5a8ab80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.329973] fff00000c5a8ac00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.330074] >fff00000c5a8ac80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.330256] ^ [ 33.330291] fff00000c5a8ad00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.330335] fff00000c5a8ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.330426] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 33.313243] ================================================================== [ 33.313296] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 33.313667] Read of size 1 at addr fff00000c5a8ac90 by task kunit_try_catch/291 [ 33.313964] [ 33.314085] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.314175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.314204] Hardware name: linux,dummy-virt (DT) [ 33.314238] Call trace: [ 33.314269] show_stack+0x20/0x38 (C) [ 33.314514] dump_stack_lvl+0x8c/0xd0 [ 33.314613] print_report+0x118/0x608 [ 33.314804] kasan_report+0xdc/0x128 [ 33.314864] __asan_report_load1_noabort+0x20/0x30 [ 33.314917] strlen+0xa8/0xb0 [ 33.315471] kasan_strings+0x418/0xb00 [ 33.315612] kunit_try_run_case+0x170/0x3f0 [ 33.315668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.316033] kthread+0x328/0x630 [ 33.316128] ret_from_fork+0x10/0x20 [ 33.316184] [ 33.316204] Allocated by task 291: [ 33.316287] kasan_save_stack+0x3c/0x68 [ 33.316388] kasan_save_track+0x20/0x40 [ 33.316444] kasan_save_alloc_info+0x40/0x58 [ 33.316485] __kasan_kmalloc+0xd4/0xd8 [ 33.316524] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.316967] kasan_strings+0xc8/0xb00 [ 33.317031] kunit_try_run_case+0x170/0x3f0 [ 33.317074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.317121] kthread+0x328/0x630 [ 33.317156] ret_from_fork+0x10/0x20 [ 33.317204] [ 33.317225] Freed by task 291: [ 33.317255] kasan_save_stack+0x3c/0x68 [ 33.317806] kasan_save_track+0x20/0x40 [ 33.317926] kasan_save_free_info+0x4c/0x78 [ 33.317984] __kasan_slab_free+0x6c/0x98 [ 33.318032] kfree+0x214/0x3c8 [ 33.318067] kasan_strings+0x24c/0xb00 [ 33.318107] kunit_try_run_case+0x170/0x3f0 [ 33.318520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.318683] kthread+0x328/0x630 [ 33.318722] ret_from_fork+0x10/0x20 [ 33.318781] [ 33.318809] The buggy address belongs to the object at fff00000c5a8ac80 [ 33.318809] which belongs to the cache kmalloc-32 of size 32 [ 33.318960] The buggy address is located 16 bytes inside of [ 33.318960] freed 32-byte region [fff00000c5a8ac80, fff00000c5a8aca0) [ 33.319027] [ 33.319055] The buggy address belongs to the physical page: [ 33.319209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.319399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.319483] page_type: f5(slab) [ 33.319526] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.319581] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.319657] page dumped because: kasan: bad access detected [ 33.319711] [ 33.319796] Memory state around the buggy address: [ 33.319841] fff00000c5a8ab80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.319942] fff00000c5a8ac00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.320014] >fff00000c5a8ac80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.320055] ^ [ 33.320147] fff00000c5a8ad00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.320365] fff00000c5a8ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.320408] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 33.305721] ================================================================== [ 33.306005] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 33.306287] Read of size 1 at addr fff00000c5a8ac90 by task kunit_try_catch/291 [ 33.306426] [ 33.306458] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.306545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.306572] Hardware name: linux,dummy-virt (DT) [ 33.306865] Call trace: [ 33.306959] show_stack+0x20/0x38 (C) [ 33.307023] dump_stack_lvl+0x8c/0xd0 [ 33.307131] print_report+0x118/0x608 [ 33.307277] kasan_report+0xdc/0x128 [ 33.307575] __asan_report_load1_noabort+0x20/0x30 [ 33.307630] kasan_strings+0x95c/0xb00 [ 33.307676] kunit_try_run_case+0x170/0x3f0 [ 33.307729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.307785] kthread+0x328/0x630 [ 33.307829] ret_from_fork+0x10/0x20 [ 33.307888] [ 33.307910] Allocated by task 291: [ 33.307940] kasan_save_stack+0x3c/0x68 [ 33.307986] kasan_save_track+0x20/0x40 [ 33.308026] kasan_save_alloc_info+0x40/0x58 [ 33.308069] __kasan_kmalloc+0xd4/0xd8 [ 33.308109] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.308164] kasan_strings+0xc8/0xb00 [ 33.308204] kunit_try_run_case+0x170/0x3f0 [ 33.308282] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.308593] kthread+0x328/0x630 [ 33.308780] ret_from_fork+0x10/0x20 [ 33.309002] [ 33.309211] Freed by task 291: [ 33.309254] kasan_save_stack+0x3c/0x68 [ 33.309473] kasan_save_track+0x20/0x40 [ 33.309515] kasan_save_free_info+0x4c/0x78 [ 33.309556] __kasan_slab_free+0x6c/0x98 [ 33.309598] kfree+0x214/0x3c8 [ 33.309634] kasan_strings+0x24c/0xb00 [ 33.309674] kunit_try_run_case+0x170/0x3f0 [ 33.309715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.309776] kthread+0x328/0x630 [ 33.309811] ret_from_fork+0x10/0x20 [ 33.310170] [ 33.310323] The buggy address belongs to the object at fff00000c5a8ac80 [ 33.310323] which belongs to the cache kmalloc-32 of size 32 [ 33.310638] The buggy address is located 16 bytes inside of [ 33.310638] freed 32-byte region [fff00000c5a8ac80, fff00000c5a8aca0) [ 33.310707] [ 33.310730] The buggy address belongs to the physical page: [ 33.310765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.310820] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.311163] page_type: f5(slab) [ 33.311372] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.311498] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.311787] page dumped because: kasan: bad access detected [ 33.311826] [ 33.311989] Memory state around the buggy address: [ 33.312064] fff00000c5a8ab80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.312252] fff00000c5a8ac00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.312360] >fff00000c5a8ac80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.312402] ^ [ 33.312453] fff00000c5a8ad00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.312502] fff00000c5a8ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.312559] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 33.296285] ================================================================== [ 33.296694] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 33.296767] Read of size 1 at addr fff00000c5a8ac90 by task kunit_try_catch/291 [ 33.297147] [ 33.297188] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.297358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.297658] Hardware name: linux,dummy-virt (DT) [ 33.297799] Call trace: [ 33.297887] show_stack+0x20/0x38 (C) [ 33.297988] dump_stack_lvl+0x8c/0xd0 [ 33.298061] print_report+0x118/0x608 [ 33.298299] kasan_report+0xdc/0x128 [ 33.298348] __asan_report_load1_noabort+0x20/0x30 [ 33.298400] strcmp+0xc0/0xc8 [ 33.298444] kasan_strings+0x340/0xb00 [ 33.298489] kunit_try_run_case+0x170/0x3f0 [ 33.298581] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.298705] kthread+0x328/0x630 [ 33.299372] ret_from_fork+0x10/0x20 [ 33.299436] [ 33.299457] Allocated by task 291: [ 33.299504] kasan_save_stack+0x3c/0x68 [ 33.299751] kasan_save_track+0x20/0x40 [ 33.299959] kasan_save_alloc_info+0x40/0x58 [ 33.300003] __kasan_kmalloc+0xd4/0xd8 [ 33.300044] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.300090] kasan_strings+0xc8/0xb00 [ 33.300129] kunit_try_run_case+0x170/0x3f0 [ 33.300180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.300231] kthread+0x328/0x630 [ 33.300674] ret_from_fork+0x10/0x20 [ 33.300723] [ 33.300745] Freed by task 291: [ 33.300776] kasan_save_stack+0x3c/0x68 [ 33.300857] kasan_save_track+0x20/0x40 [ 33.301235] kasan_save_free_info+0x4c/0x78 [ 33.301363] __kasan_slab_free+0x6c/0x98 [ 33.301409] kfree+0x214/0x3c8 [ 33.301503] kasan_strings+0x24c/0xb00 [ 33.301542] kunit_try_run_case+0x170/0x3f0 [ 33.301933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.302091] kthread+0x328/0x630 [ 33.302308] ret_from_fork+0x10/0x20 [ 33.302348] [ 33.302521] The buggy address belongs to the object at fff00000c5a8ac80 [ 33.302521] which belongs to the cache kmalloc-32 of size 32 [ 33.302623] The buggy address is located 16 bytes inside of [ 33.302623] freed 32-byte region [fff00000c5a8ac80, fff00000c5a8aca0) [ 33.302782] [ 33.302872] The buggy address belongs to the physical page: [ 33.302917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.303111] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.303172] page_type: f5(slab) [ 33.303297] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.303401] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.303489] page dumped because: kasan: bad access detected [ 33.303600] [ 33.303620] Memory state around the buggy address: [ 33.303731] fff00000c5a8ab80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.303777] fff00000c5a8ac00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.303823] >fff00000c5a8ac80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.303875] ^ [ 33.303909] fff00000c5a8ad00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.303957] fff00000c5a8ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 33.303999] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 33.277181] ================================================================== [ 33.277253] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 33.277463] Read of size 1 at addr fff00000c5a8aad8 by task kunit_try_catch/289 [ 33.277795] [ 33.278077] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.278273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.278339] Hardware name: linux,dummy-virt (DT) [ 33.278610] Call trace: [ 33.278772] show_stack+0x20/0x38 (C) [ 33.278945] dump_stack_lvl+0x8c/0xd0 [ 33.279084] print_report+0x118/0x608 [ 33.279139] kasan_report+0xdc/0x128 [ 33.279190] __asan_report_load1_noabort+0x20/0x30 [ 33.279248] memcmp+0x198/0x1d8 [ 33.279464] kasan_memcmp+0x16c/0x300 [ 33.279563] kunit_try_run_case+0x170/0x3f0 [ 33.279623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.279685] kthread+0x328/0x630 [ 33.279924] ret_from_fork+0x10/0x20 [ 33.280052] [ 33.280073] Allocated by task 289: [ 33.280106] kasan_save_stack+0x3c/0x68 [ 33.280157] kasan_save_track+0x20/0x40 [ 33.280354] kasan_save_alloc_info+0x40/0x58 [ 33.280395] __kasan_kmalloc+0xd4/0xd8 [ 33.280635] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.280984] kasan_memcmp+0xbc/0x300 [ 33.281031] kunit_try_run_case+0x170/0x3f0 [ 33.281099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.281149] kthread+0x328/0x630 [ 33.281184] ret_from_fork+0x10/0x20 [ 33.281258] [ 33.281282] The buggy address belongs to the object at fff00000c5a8aac0 [ 33.281282] which belongs to the cache kmalloc-32 of size 32 [ 33.281417] The buggy address is located 0 bytes to the right of [ 33.281417] allocated 24-byte region [fff00000c5a8aac0, fff00000c5a8aad8) [ 33.281693] [ 33.281767] The buggy address belongs to the physical page: [ 33.281803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.281923] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.282043] page_type: f5(slab) [ 33.282089] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.282333] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.282563] page dumped because: kasan: bad access detected [ 33.282599] [ 33.282620] Memory state around the buggy address: [ 33.282746] fff00000c5a8a980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.282960] fff00000c5a8aa00: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 33.283005] >fff00000c5a8aa80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.283102] ^ [ 33.283144] fff00000c5a8ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.283190] fff00000c5a8ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.283261] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 33.253232] ================================================================== [ 33.253294] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 33.253352] Read of size 1 at addr ffff800080a17b4a by task kunit_try_catch/285 [ 33.253406] [ 33.253441] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.253530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.253558] Hardware name: linux,dummy-virt (DT) [ 33.253594] Call trace: [ 33.253618] show_stack+0x20/0x38 (C) [ 33.253670] dump_stack_lvl+0x8c/0xd0 [ 33.253723] print_report+0x310/0x608 [ 33.254051] kasan_report+0xdc/0x128 [ 33.254130] __asan_report_load1_noabort+0x20/0x30 [ 33.254250] kasan_alloca_oob_right+0x2dc/0x340 [ 33.254495] kunit_try_run_case+0x170/0x3f0 [ 33.254606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.255385] kthread+0x328/0x630 [ 33.255803] ret_from_fork+0x10/0x20 [ 33.256122] [ 33.256149] The buggy address belongs to stack of task kunit_try_catch/285 [ 33.256206] [ 33.256233] The buggy address belongs to the virtual mapping at [ 33.256233] [ffff800080a10000, ffff800080a19000) created by: [ 33.256233] kernel_clone+0x150/0x7a8 [ 33.256880] [ 33.256915] The buggy address belongs to the physical page: [ 33.257004] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109855 [ 33.257113] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.257180] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.257235] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.257304] page dumped because: kasan: bad access detected [ 33.257338] [ 33.257358] Memory state around the buggy address: [ 33.257393] ffff800080a17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.257438] ffff800080a17a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.257658] >ffff800080a17b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 33.257862] ^ [ 33.257905] ffff800080a17b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 33.257954] ffff800080a17c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.257996] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 33.239715] ================================================================== [ 33.239901] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 33.240026] Read of size 1 at addr ffff800080a87b5f by task kunit_try_catch/283 [ 33.240079] [ 33.240369] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.240461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.240517] Hardware name: linux,dummy-virt (DT) [ 33.240553] Call trace: [ 33.240579] show_stack+0x20/0x38 (C) [ 33.240632] dump_stack_lvl+0x8c/0xd0 [ 33.240773] print_report+0x310/0x608 [ 33.240966] kasan_report+0xdc/0x128 [ 33.241130] __asan_report_load1_noabort+0x20/0x30 [ 33.241191] kasan_alloca_oob_left+0x2b8/0x310 [ 33.241319] kunit_try_run_case+0x170/0x3f0 [ 33.241373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.241432] kthread+0x328/0x630 [ 33.241478] ret_from_fork+0x10/0x20 [ 33.241743] [ 33.241786] The buggy address belongs to stack of task kunit_try_catch/283 [ 33.241966] [ 33.242003] The buggy address belongs to the virtual mapping at [ 33.242003] [ffff800080a80000, ffff800080a89000) created by: [ 33.242003] kernel_clone+0x150/0x7a8 [ 33.242089] [ 33.242405] The buggy address belongs to the physical page: [ 33.242554] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b42 [ 33.242638] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.242719] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.242775] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.242819] page dumped because: kasan: bad access detected [ 33.242870] [ 33.243038] Memory state around the buggy address: [ 33.243369] ffff800080a87a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.243425] ffff800080a87a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.243514] >ffff800080a87b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 33.243663] ^ [ 33.243763] ffff800080a87b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 33.243937] ffff800080a87c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.243997] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 33.225413] ================================================================== [ 33.225761] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 33.225847] Read of size 1 at addr ffff800080a87c2a by task kunit_try_catch/281 [ 33.225901] [ 33.225937] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.226384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.226472] Hardware name: linux,dummy-virt (DT) [ 33.226532] Call trace: [ 33.226560] show_stack+0x20/0x38 (C) [ 33.226624] dump_stack_lvl+0x8c/0xd0 [ 33.226794] print_report+0x310/0x608 [ 33.226944] kasan_report+0xdc/0x128 [ 33.226995] __asan_report_load1_noabort+0x20/0x30 [ 33.227047] kasan_stack_oob+0x238/0x270 [ 33.227095] kunit_try_run_case+0x170/0x3f0 [ 33.227441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.227589] kthread+0x328/0x630 [ 33.227792] ret_from_fork+0x10/0x20 [ 33.227855] [ 33.227925] The buggy address belongs to stack of task kunit_try_catch/281 [ 33.228111] and is located at offset 138 in frame: [ 33.228152] kasan_stack_oob+0x0/0x270 [ 33.228393] [ 33.228432] This frame has 4 objects: [ 33.228704] [48, 49) '__assertion' [ 33.228811] [64, 72) 'array' [ 33.228883] [96, 112) '__assertion' [ 33.228934] [128, 138) 'stack_array' [ 33.229171] [ 33.229213] The buggy address belongs to the virtual mapping at [ 33.229213] [ffff800080a80000, ffff800080a89000) created by: [ 33.229213] kernel_clone+0x150/0x7a8 [ 33.229301] [ 33.229331] The buggy address belongs to the physical page: [ 33.229408] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b42 [ 33.229472] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.229677] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.229808] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.229929] page dumped because: kasan: bad access detected [ 33.230042] [ 33.230104] Memory state around the buggy address: [ 33.230209] ffff800080a87b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.230256] ffff800080a87b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 33.230301] >ffff800080a87c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 33.230367] ^ [ 33.230501] ffff800080a87c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 33.230582] ffff800080a87d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.230771] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 33.203290] ================================================================== [ 33.203573] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 33.203773] Read of size 1 at addr ffffa6527c0e964d by task kunit_try_catch/277 [ 33.204025] [ 33.204072] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.204327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.204398] Hardware name: linux,dummy-virt (DT) [ 33.204572] Call trace: [ 33.204695] show_stack+0x20/0x38 (C) [ 33.204754] dump_stack_lvl+0x8c/0xd0 [ 33.204809] print_report+0x310/0x608 [ 33.204875] kasan_report+0xdc/0x128 [ 33.204923] __asan_report_load1_noabort+0x20/0x30 [ 33.205189] kasan_global_oob_right+0x230/0x270 [ 33.205259] kunit_try_run_case+0x170/0x3f0 [ 33.205315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.205421] kthread+0x328/0x630 [ 33.205504] ret_from_fork+0x10/0x20 [ 33.205686] [ 33.205848] The buggy address belongs to the variable: [ 33.205884] global_array+0xd/0x40 [ 33.205939] [ 33.206054] The buggy address belongs to the virtual mapping at [ 33.206054] [ffffa6527a270000, ffffa6527c1a1000) created by: [ 33.206054] paging_init+0x66c/0x7d0 [ 33.206250] [ 33.206796] The buggy address belongs to the physical page: [ 33.206869] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47ce9 [ 33.206932] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 33.207012] raw: 03fffe0000002000 ffffc1ffc01f3a48 ffffc1ffc01f3a48 0000000000000000 [ 33.207066] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.207311] page dumped because: kasan: bad access detected [ 33.207347] [ 33.207447] Memory state around the buggy address: [ 33.207486] ffffa6527c0e9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.207532] ffffa6527c0e9580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.207578] >ffffa6527c0e9600: 02 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 33.207751] ^ [ 33.207817] ffffa6527c0e9680: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 33.207893] ffffa6527c0e9700: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 33.207946] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 33.186223] ================================================================== [ 33.186281] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.186345] Free of addr fff00000c9c7c001 by task kunit_try_catch/275 [ 33.186601] [ 33.186637] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.186723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.186750] Hardware name: linux,dummy-virt (DT) [ 33.186784] Call trace: [ 33.187205] show_stack+0x20/0x38 (C) [ 33.187557] dump_stack_lvl+0x8c/0xd0 [ 33.187775] print_report+0x118/0x608 [ 33.187826] kasan_report_invalid_free+0xc0/0xe8 [ 33.187888] __kasan_mempool_poison_object+0xfc/0x150 [ 33.188187] mempool_free+0x28c/0x328 [ 33.188236] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.188290] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 33.188476] kunit_try_run_case+0x170/0x3f0 [ 33.188525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.188581] kthread+0x328/0x630 [ 33.188722] ret_from_fork+0x10/0x20 [ 33.188771] [ 33.188791] The buggy address belongs to the physical page: [ 33.189057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c7c [ 33.189118] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.189166] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.189222] page_type: f8(unknown) [ 33.189327] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.189665] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.189718] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.189768] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.189818] head: 0bfffe0000000002 ffffc1ffc3271f01 00000000ffffffff 00000000ffffffff [ 33.190314] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.190394] page dumped because: kasan: bad access detected [ 33.190440] [ 33.190459] Memory state around the buggy address: [ 33.190493] fff00000c9c7bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.190535] fff00000c9c7bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.190655] >fff00000c9c7c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.190773] ^ [ 33.190814] fff00000c9c7c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.190870] fff00000c9c7c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.190910] ================================================================== [ 33.170431] ================================================================== [ 33.170490] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.170548] Free of addr fff00000c5a89001 by task kunit_try_catch/273 [ 33.170592] [ 33.170624] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.170711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.171057] Hardware name: linux,dummy-virt (DT) [ 33.171313] Call trace: [ 33.171440] show_stack+0x20/0x38 (C) [ 33.171496] dump_stack_lvl+0x8c/0xd0 [ 33.171553] print_report+0x118/0x608 [ 33.171622] kasan_report_invalid_free+0xc0/0xe8 [ 33.171867] check_slab_allocation+0xfc/0x108 [ 33.171958] __kasan_mempool_poison_object+0x78/0x150 [ 33.172049] mempool_free+0x28c/0x328 [ 33.172162] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 33.172217] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.172270] kunit_try_run_case+0x170/0x3f0 [ 33.172365] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.172423] kthread+0x328/0x630 [ 33.172466] ret_from_fork+0x10/0x20 [ 33.172517] [ 33.172535] Allocated by task 273: [ 33.172567] kasan_save_stack+0x3c/0x68 [ 33.172609] kasan_save_track+0x20/0x40 [ 33.172705] kasan_save_alloc_info+0x40/0x58 [ 33.172769] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.172815] remove_element+0x130/0x1f8 [ 33.172862] mempool_alloc_preallocated+0x58/0xc0 [ 33.172903] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 33.172982] mempool_kmalloc_invalid_free+0xc0/0x118 [ 33.173025] kunit_try_run_case+0x170/0x3f0 [ 33.173065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.173112] kthread+0x328/0x630 [ 33.173145] ret_from_fork+0x10/0x20 [ 33.173199] [ 33.173241] The buggy address belongs to the object at fff00000c5a89000 [ 33.173241] which belongs to the cache kmalloc-128 of size 128 [ 33.173302] The buggy address is located 1 bytes inside of [ 33.173302] 128-byte region [fff00000c5a89000, fff00000c5a89080) [ 33.173418] [ 33.173480] The buggy address belongs to the physical page: [ 33.173511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 33.173575] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.173624] page_type: f5(slab) [ 33.173697] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.173762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.173803] page dumped because: kasan: bad access detected [ 33.173845] [ 33.173863] Memory state around the buggy address: [ 33.173917] fff00000c5a88f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.174097] fff00000c5a88f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.174231] >fff00000c5a89000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.174270] ^ [ 33.174356] fff00000c5a89080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.174411] fff00000c5a89100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.174466] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 33.148998] ================================================================== [ 33.149058] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.149118] Free of addr fff00000c9c7c000 by task kunit_try_catch/269 [ 33.149163] [ 33.149196] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.149282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.149309] Hardware name: linux,dummy-virt (DT) [ 33.149343] Call trace: [ 33.149366] show_stack+0x20/0x38 (C) [ 33.149413] dump_stack_lvl+0x8c/0xd0 [ 33.149463] print_report+0x118/0x608 [ 33.149511] kasan_report_invalid_free+0xc0/0xe8 [ 33.149561] __kasan_mempool_poison_object+0x14c/0x150 [ 33.149615] mempool_free+0x28c/0x328 [ 33.149661] mempool_double_free_helper+0x150/0x2e8 [ 33.149712] mempool_kmalloc_large_double_free+0xc0/0x118 [ 33.149765] kunit_try_run_case+0x170/0x3f0 [ 33.149814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.149965] kthread+0x328/0x630 [ 33.150061] ret_from_fork+0x10/0x20 [ 33.150110] [ 33.150131] The buggy address belongs to the physical page: [ 33.150227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c7c [ 33.150500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.150599] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.150702] page_type: f8(unknown) [ 33.150831] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.150892] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.150944] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.151034] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.151084] head: 0bfffe0000000002 ffffc1ffc3271f01 00000000ffffffff 00000000ffffffff [ 33.151141] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.151304] page dumped because: kasan: bad access detected [ 33.151363] [ 33.151382] Memory state around the buggy address: [ 33.151415] fff00000c9c7bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.151491] fff00000c9c7bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.151535] >fff00000c9c7c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.151574] ^ [ 33.151601] fff00000c9c7c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.151680] fff00000c9c7c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.151854] ================================================================== [ 33.160004] ================================================================== [ 33.160145] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.160310] Free of addr fff00000c9c7c000 by task kunit_try_catch/271 [ 33.160511] [ 33.160632] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.160726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.160753] Hardware name: linux,dummy-virt (DT) [ 33.160785] Call trace: [ 33.160813] show_stack+0x20/0x38 (C) [ 33.161067] dump_stack_lvl+0x8c/0xd0 [ 33.161232] print_report+0x118/0x608 [ 33.161291] kasan_report_invalid_free+0xc0/0xe8 [ 33.161341] __kasan_mempool_poison_pages+0xe0/0xe8 [ 33.161401] mempool_free+0x24c/0x328 [ 33.161617] mempool_double_free_helper+0x150/0x2e8 [ 33.161805] mempool_page_alloc_double_free+0xbc/0x118 [ 33.162130] kunit_try_run_case+0x170/0x3f0 [ 33.162548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.162745] kthread+0x328/0x630 [ 33.162888] ret_from_fork+0x10/0x20 [ 33.162938] [ 33.162960] The buggy address belongs to the physical page: [ 33.162990] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c7c [ 33.163070] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.163138] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.163192] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.163658] page dumped because: kasan: bad access detected [ 33.163742] [ 33.163862] Memory state around the buggy address: [ 33.163898] fff00000c9c7bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.163944] fff00000c9c7bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.163987] >fff00000c9c7c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.164026] ^ [ 33.164053] fff00000c9c7c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.164128] fff00000c9c7c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.164201] ================================================================== [ 33.134258] ================================================================== [ 33.134332] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 33.134398] Free of addr fff00000c9ae3c00 by task kunit_try_catch/267 [ 33.134442] [ 33.134480] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.134567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.134595] Hardware name: linux,dummy-virt (DT) [ 33.134627] Call trace: [ 33.134652] show_stack+0x20/0x38 (C) [ 33.134701] dump_stack_lvl+0x8c/0xd0 [ 33.134754] print_report+0x118/0x608 [ 33.134801] kasan_report_invalid_free+0xc0/0xe8 [ 33.136003] check_slab_allocation+0xd4/0x108 [ 33.136086] __kasan_mempool_poison_object+0x78/0x150 [ 33.136545] mempool_free+0x28c/0x328 [ 33.136695] mempool_double_free_helper+0x150/0x2e8 [ 33.136748] mempool_kmalloc_double_free+0xc0/0x118 [ 33.136802] kunit_try_run_case+0x170/0x3f0 [ 33.136868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.136925] kthread+0x328/0x630 [ 33.136996] ret_from_fork+0x10/0x20 [ 33.137369] [ 33.137419] Allocated by task 267: [ 33.137494] kasan_save_stack+0x3c/0x68 [ 33.137542] kasan_save_track+0x20/0x40 [ 33.137582] kasan_save_alloc_info+0x40/0x58 [ 33.137630] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.137676] remove_element+0x130/0x1f8 [ 33.137714] mempool_alloc_preallocated+0x58/0xc0 [ 33.138041] mempool_double_free_helper+0x94/0x2e8 [ 33.138123] mempool_kmalloc_double_free+0xc0/0x118 [ 33.138168] kunit_try_run_case+0x170/0x3f0 [ 33.138207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.138253] kthread+0x328/0x630 [ 33.138285] ret_from_fork+0x10/0x20 [ 33.138323] [ 33.138342] Freed by task 267: [ 33.138371] kasan_save_stack+0x3c/0x68 [ 33.138410] kasan_save_track+0x20/0x40 [ 33.138447] kasan_save_free_info+0x4c/0x78 [ 33.138485] __kasan_mempool_poison_object+0xc0/0x150 [ 33.138528] mempool_free+0x28c/0x328 [ 33.138575] mempool_double_free_helper+0x100/0x2e8 [ 33.138615] mempool_kmalloc_double_free+0xc0/0x118 [ 33.138657] kunit_try_run_case+0x170/0x3f0 [ 33.138695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.139066] kthread+0x328/0x630 [ 33.139102] ret_from_fork+0x10/0x20 [ 33.139141] [ 33.139160] The buggy address belongs to the object at fff00000c9ae3c00 [ 33.139160] which belongs to the cache kmalloc-128 of size 128 [ 33.139226] The buggy address is located 0 bytes inside of [ 33.139226] 128-byte region [fff00000c9ae3c00, fff00000c9ae3c80) [ 33.139296] [ 33.139319] The buggy address belongs to the physical page: [ 33.139350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 33.139642] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.139703] page_type: f5(slab) [ 33.139749] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.139811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.139863] page dumped because: kasan: bad access detected [ 33.140054] [ 33.140074] Memory state around the buggy address: [ 33.140110] fff00000c9ae3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.140516] fff00000c9ae3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.140606] >fff00000c9ae3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.140646] ^ [ 33.140675] fff00000c9ae3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.140733] fff00000c9ae3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.140773] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 33.119314] ================================================================== [ 33.119431] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 33.119877] Read of size 1 at addr fff00000c9c78000 by task kunit_try_catch/265 [ 33.119932] [ 33.119974] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.120145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.120209] Hardware name: linux,dummy-virt (DT) [ 33.120572] Call trace: [ 33.120799] show_stack+0x20/0x38 (C) [ 33.120893] dump_stack_lvl+0x8c/0xd0 [ 33.120955] print_report+0x118/0x608 [ 33.121166] kasan_report+0xdc/0x128 [ 33.121220] __asan_report_load1_noabort+0x20/0x30 [ 33.121270] mempool_uaf_helper+0x314/0x340 [ 33.121318] mempool_page_alloc_uaf+0xc0/0x118 [ 33.121367] kunit_try_run_case+0x170/0x3f0 [ 33.121421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.121972] kthread+0x328/0x630 [ 33.122285] ret_from_fork+0x10/0x20 [ 33.122439] [ 33.122493] The buggy address belongs to the physical page: [ 33.122569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c78 [ 33.122668] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.122741] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.122794] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.122853] page dumped because: kasan: bad access detected [ 33.122995] [ 33.123075] Memory state around the buggy address: [ 33.123223] fff00000c9c77f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123360] fff00000c9c77f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123453] >fff00000c9c78000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123512] ^ [ 33.123622] fff00000c9c78080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123677] fff00000c9c78100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.123717] ================================================================== [ 33.066033] ================================================================== [ 33.066508] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 33.066927] Read of size 1 at addr fff00000c9c78000 by task kunit_try_catch/261 [ 33.066996] [ 33.067036] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.067361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.067389] Hardware name: linux,dummy-virt (DT) [ 33.067425] Call trace: [ 33.067447] show_stack+0x20/0x38 (C) [ 33.067499] dump_stack_lvl+0x8c/0xd0 [ 33.067550] print_report+0x118/0x608 [ 33.067599] kasan_report+0xdc/0x128 [ 33.067645] __asan_report_load1_noabort+0x20/0x30 [ 33.067695] mempool_uaf_helper+0x314/0x340 [ 33.068574] mempool_kmalloc_large_uaf+0xc4/0x120 [ 33.068744] kunit_try_run_case+0x170/0x3f0 [ 33.068797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.069010] kthread+0x328/0x630 [ 33.069372] ret_from_fork+0x10/0x20 [ 33.069422] [ 33.069789] The buggy address belongs to the physical page: [ 33.069825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c78 [ 33.070135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.070356] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 33.070846] page_type: f8(unknown) [ 33.070898] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.070949] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.071525] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 33.071748] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 33.072228] head: 0bfffe0000000002 ffffc1ffc3271e01 00000000ffffffff 00000000ffffffff [ 33.072552] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 33.072600] page dumped because: kasan: bad access detected [ 33.072863] [ 33.072886] Memory state around the buggy address: [ 33.072936] fff00000c9c77f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.073125] fff00000c9c77f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.073171] >fff00000c9c78000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.073557] ^ [ 33.073787] fff00000c9c78080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.074063] fff00000c9c78100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.074363] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 33.083234] ================================================================== [ 33.083321] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 33.083544] Read of size 1 at addr fff00000c5a85240 by task kunit_try_catch/263 [ 33.083595] [ 33.083638] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.083785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.083812] Hardware name: linux,dummy-virt (DT) [ 33.083858] Call trace: [ 33.083882] show_stack+0x20/0x38 (C) [ 33.083932] dump_stack_lvl+0x8c/0xd0 [ 33.084009] print_report+0x118/0x608 [ 33.084058] kasan_report+0xdc/0x128 [ 33.084104] __asan_report_load1_noabort+0x20/0x30 [ 33.084210] mempool_uaf_helper+0x314/0x340 [ 33.084259] mempool_slab_uaf+0xc0/0x118 [ 33.084429] kunit_try_run_case+0x170/0x3f0 [ 33.084486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.084542] kthread+0x328/0x630 [ 33.084584] ret_from_fork+0x10/0x20 [ 33.084637] [ 33.084657] Allocated by task 263: [ 33.084709] kasan_save_stack+0x3c/0x68 [ 33.084865] kasan_save_track+0x20/0x40 [ 33.084908] kasan_save_alloc_info+0x40/0x58 [ 33.084949] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.084996] remove_element+0x16c/0x1f8 [ 33.085038] mempool_alloc_preallocated+0x58/0xc0 [ 33.085080] mempool_uaf_helper+0xa4/0x340 [ 33.085119] mempool_slab_uaf+0xc0/0x118 [ 33.085156] kunit_try_run_case+0x170/0x3f0 [ 33.085197] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.085244] kthread+0x328/0x630 [ 33.085278] ret_from_fork+0x10/0x20 [ 33.085316] [ 33.085334] Freed by task 263: [ 33.085406] kasan_save_stack+0x3c/0x68 [ 33.085581] kasan_save_track+0x20/0x40 [ 33.085766] kasan_save_free_info+0x4c/0x78 [ 33.085848] __kasan_mempool_poison_object+0xc0/0x150 [ 33.085974] mempool_free+0x28c/0x328 [ 33.086051] mempool_uaf_helper+0x104/0x340 [ 33.086167] mempool_slab_uaf+0xc0/0x118 [ 33.086254] kunit_try_run_case+0x170/0x3f0 [ 33.086301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.086482] kthread+0x328/0x630 [ 33.086556] ret_from_fork+0x10/0x20 [ 33.086673] [ 33.086693] The buggy address belongs to the object at fff00000c5a85240 [ 33.086693] which belongs to the cache test_cache of size 123 [ 33.086752] The buggy address is located 0 bytes inside of [ 33.086752] freed 123-byte region [fff00000c5a85240, fff00000c5a852bb) [ 33.086851] [ 33.086871] The buggy address belongs to the physical page: [ 33.086904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a85 [ 33.086980] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.087056] page_type: f5(slab) [ 33.087124] raw: 0bfffe0000000000 fff00000c9251000 dead000000000122 0000000000000000 [ 33.087177] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 33.087218] page dumped because: kasan: bad access detected [ 33.087249] [ 33.087267] Memory state around the buggy address: [ 33.087299] fff00000c5a85100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.087342] fff00000c5a85180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.087385] >fff00000c5a85200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 33.087423] ^ [ 33.087457] fff00000c5a85280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.087499] fff00000c5a85300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.087582] ================================================================== [ 33.049486] ================================================================== [ 33.049567] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 33.049636] Read of size 1 at addr fff00000c9ae3800 by task kunit_try_catch/259 [ 33.049689] [ 33.049727] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.049822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.049866] Hardware name: linux,dummy-virt (DT) [ 33.049902] Call trace: [ 33.049926] show_stack+0x20/0x38 (C) [ 33.049986] dump_stack_lvl+0x8c/0xd0 [ 33.050038] print_report+0x118/0x608 [ 33.050086] kasan_report+0xdc/0x128 [ 33.050133] __asan_report_load1_noabort+0x20/0x30 [ 33.050183] mempool_uaf_helper+0x314/0x340 [ 33.050230] mempool_kmalloc_uaf+0xc4/0x120 [ 33.050278] kunit_try_run_case+0x170/0x3f0 [ 33.050329] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.050385] kthread+0x328/0x630 [ 33.050426] ret_from_fork+0x10/0x20 [ 33.050476] [ 33.050496] Allocated by task 259: [ 33.050523] kasan_save_stack+0x3c/0x68 [ 33.050566] kasan_save_track+0x20/0x40 [ 33.050604] kasan_save_alloc_info+0x40/0x58 [ 33.050645] __kasan_mempool_unpoison_object+0x11c/0x180 [ 33.050692] remove_element+0x130/0x1f8 [ 33.050730] mempool_alloc_preallocated+0x58/0xc0 [ 33.050771] mempool_uaf_helper+0xa4/0x340 [ 33.050809] mempool_kmalloc_uaf+0xc4/0x120 [ 33.050859] kunit_try_run_case+0x170/0x3f0 [ 33.050899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.050947] kthread+0x328/0x630 [ 33.050980] ret_from_fork+0x10/0x20 [ 33.051016] [ 33.051036] Freed by task 259: [ 33.051062] kasan_save_stack+0x3c/0x68 [ 33.051101] kasan_save_track+0x20/0x40 [ 33.051141] kasan_save_free_info+0x4c/0x78 [ 33.051178] __kasan_mempool_poison_object+0xc0/0x150 [ 33.051224] mempool_free+0x28c/0x328 [ 33.051258] mempool_uaf_helper+0x104/0x340 [ 33.051298] mempool_kmalloc_uaf+0xc4/0x120 [ 33.051337] kunit_try_run_case+0x170/0x3f0 [ 33.051375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.051422] kthread+0x328/0x630 [ 33.051455] ret_from_fork+0x10/0x20 [ 33.051493] [ 33.051512] The buggy address belongs to the object at fff00000c9ae3800 [ 33.051512] which belongs to the cache kmalloc-128 of size 128 [ 33.051572] The buggy address is located 0 bytes inside of [ 33.051572] freed 128-byte region [fff00000c9ae3800, fff00000c9ae3880) [ 33.051633] [ 33.051654] The buggy address belongs to the physical page: [ 33.051687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 33.051741] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.051792] page_type: f5(slab) [ 33.051845] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.051897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.051938] page dumped because: kasan: bad access detected [ 33.051969] [ 33.051987] Memory state around the buggy address: [ 33.052020] fff00000c9ae3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.052063] fff00000c9ae3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.052106] >fff00000c9ae3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.052146] ^ [ 33.052174] fff00000c9ae3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.052216] fff00000c9ae3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.052256] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 32.975787] ================================================================== [ 32.976736] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.976877] Read of size 1 at addr fff00000c9b32001 by task kunit_try_catch/255 [ 32.976929] [ 32.976964] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.977054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.977082] Hardware name: linux,dummy-virt (DT) [ 32.977114] Call trace: [ 32.977229] show_stack+0x20/0x38 (C) [ 32.977314] dump_stack_lvl+0x8c/0xd0 [ 32.977945] print_report+0x118/0x608 [ 32.978093] kasan_report+0xdc/0x128 [ 32.978140] __asan_report_load1_noabort+0x20/0x30 [ 32.978189] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.978240] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 32.978291] kunit_try_run_case+0x170/0x3f0 [ 32.978341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.978394] kthread+0x328/0x630 [ 32.979441] ret_from_fork+0x10/0x20 [ 32.979681] [ 32.979710] The buggy address belongs to the physical page: [ 32.979747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b30 [ 32.979803] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.980070] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.980354] page_type: f8(unknown) [ 32.980407] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.980625] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.980825] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 32.981021] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 32.981081] head: 0bfffe0000000002 ffffc1ffc326cc01 00000000ffffffff 00000000ffffffff [ 32.981494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 32.981919] page dumped because: kasan: bad access detected [ 32.982003] [ 32.982022] Memory state around the buggy address: [ 32.982058] fff00000c9b31f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.982104] fff00000c9b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.982552] >fff00000c9b32000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.982638] ^ [ 32.982671] fff00000c9b32080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.982975] fff00000c9b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 32.983352] ================================================================== [ 33.006855] ================================================================== [ 33.006926] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 33.006991] Read of size 1 at addr fff00000c92512bb by task kunit_try_catch/257 [ 33.007043] [ 33.007079] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.010819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.010956] Hardware name: linux,dummy-virt (DT) [ 33.011003] Call trace: [ 33.011216] show_stack+0x20/0x38 (C) [ 33.011278] dump_stack_lvl+0x8c/0xd0 [ 33.011486] print_report+0x118/0x608 [ 33.011579] kasan_report+0xdc/0x128 [ 33.011692] __asan_report_load1_noabort+0x20/0x30 [ 33.011743] mempool_oob_right_helper+0x2ac/0x2f0 [ 33.012059] mempool_slab_oob_right+0xc0/0x118 [ 33.012380] kunit_try_run_case+0x170/0x3f0 [ 33.012722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.012785] kthread+0x328/0x630 [ 33.013236] ret_from_fork+0x10/0x20 [ 33.013424] [ 33.013567] Allocated by task 257: [ 33.013737] kasan_save_stack+0x3c/0x68 [ 33.013937] kasan_save_track+0x20/0x40 [ 33.014005] kasan_save_alloc_info+0x40/0x58 [ 33.014045] __kasan_mempool_unpoison_object+0xbc/0x180 [ 33.014091] remove_element+0x16c/0x1f8 [ 33.014131] mempool_alloc_preallocated+0x58/0xc0 [ 33.014181] mempool_oob_right_helper+0x98/0x2f0 [ 33.014439] mempool_slab_oob_right+0xc0/0x118 [ 33.014733] kunit_try_run_case+0x170/0x3f0 [ 33.015002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.015423] kthread+0x328/0x630 [ 33.015584] ret_from_fork+0x10/0x20 [ 33.015865] [ 33.015969] The buggy address belongs to the object at fff00000c9251240 [ 33.015969] which belongs to the cache test_cache of size 123 [ 33.016351] The buggy address is located 0 bytes to the right of [ 33.016351] allocated 123-byte region [fff00000c9251240, fff00000c92512bb) [ 33.016641] [ 33.016777] The buggy address belongs to the physical page: [ 33.016813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109251 [ 33.016930] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.017128] page_type: f5(slab) [ 33.017427] raw: 0bfffe0000000000 fff00000c593a3c0 dead000000000122 0000000000000000 [ 33.017542] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 33.017781] page dumped because: kasan: bad access detected [ 33.017869] [ 33.018002] Memory state around the buggy address: [ 33.018064] fff00000c9251180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.018414] fff00000c9251200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.018522] >fff00000c9251280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 33.018564] ^ [ 33.018619] fff00000c9251300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.018663] fff00000c9251380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.018712] ================================================================== [ 32.951387] ================================================================== [ 32.951472] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 32.951552] Read of size 1 at addr fff00000c3fa4c73 by task kunit_try_catch/253 [ 32.951601] [ 32.951646] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.951736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.951765] Hardware name: linux,dummy-virt (DT) [ 32.951798] Call trace: [ 32.951824] show_stack+0x20/0x38 (C) [ 32.951894] dump_stack_lvl+0x8c/0xd0 [ 32.951947] print_report+0x118/0x608 [ 32.951996] kasan_report+0xdc/0x128 [ 32.952043] __asan_report_load1_noabort+0x20/0x30 [ 32.952093] mempool_oob_right_helper+0x2ac/0x2f0 [ 32.952143] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.952194] kunit_try_run_case+0x170/0x3f0 [ 32.952245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.952308] kthread+0x328/0x630 [ 32.952365] ret_from_fork+0x10/0x20 [ 32.952414] [ 32.952433] Allocated by task 253: [ 32.952463] kasan_save_stack+0x3c/0x68 [ 32.952506] kasan_save_track+0x20/0x40 [ 32.952546] kasan_save_alloc_info+0x40/0x58 [ 32.952583] __kasan_mempool_unpoison_object+0x11c/0x180 [ 32.952629] remove_element+0x130/0x1f8 [ 32.952670] mempool_alloc_preallocated+0x58/0xc0 [ 32.952711] mempool_oob_right_helper+0x98/0x2f0 [ 32.952752] mempool_kmalloc_oob_right+0xc4/0x120 [ 32.952794] kunit_try_run_case+0x170/0x3f0 [ 32.952843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.952891] kthread+0x328/0x630 [ 32.952923] ret_from_fork+0x10/0x20 [ 32.952961] [ 32.952982] The buggy address belongs to the object at fff00000c3fa4c00 [ 32.952982] which belongs to the cache kmalloc-128 of size 128 [ 32.953041] The buggy address is located 0 bytes to the right of [ 32.953041] allocated 115-byte region [fff00000c3fa4c00, fff00000c3fa4c73) [ 32.953111] [ 32.953133] The buggy address belongs to the physical page: [ 32.953175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fa4 [ 32.953233] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.953286] page_type: f5(slab) [ 32.953331] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 32.953384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.953425] page dumped because: kasan: bad access detected [ 32.953460] [ 32.953478] Memory state around the buggy address: [ 32.953512] fff00000c3fa4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.953557] fff00000c3fa4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.953601] >fff00000c3fa4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.953642] ^ [ 32.953682] fff00000c3fa4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.953726] fff00000c3fa4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.953765] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 32.387511] ================================================================== [ 32.387595] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 32.387674] Read of size 1 at addr fff00000c1c3cc80 by task kunit_try_catch/247 [ 32.387726] [ 32.387769] CPU: 0 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.387872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.387900] Hardware name: linux,dummy-virt (DT) [ 32.387933] Call trace: [ 32.387959] show_stack+0x20/0x38 (C) [ 32.388012] dump_stack_lvl+0x8c/0xd0 [ 32.388065] print_report+0x118/0x608 [ 32.388114] kasan_report+0xdc/0x128 [ 32.388160] __kasan_check_byte+0x54/0x70 [ 32.388209] kmem_cache_destroy+0x34/0x218 [ 32.388258] kmem_cache_double_destroy+0x174/0x300 [ 32.388732] kunit_try_run_case+0x170/0x3f0 [ 32.388807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.388878] kthread+0x328/0x630 [ 32.388923] ret_from_fork+0x10/0x20 [ 32.388973] [ 32.388994] Allocated by task 247: [ 32.389024] kasan_save_stack+0x3c/0x68 [ 32.389069] kasan_save_track+0x20/0x40 [ 32.389108] kasan_save_alloc_info+0x40/0x58 [ 32.389148] __kasan_slab_alloc+0xa8/0xb0 [ 32.389187] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.389231] __kmem_cache_create_args+0x178/0x280 [ 32.389272] kmem_cache_double_destroy+0xc0/0x300 [ 32.389314] kunit_try_run_case+0x170/0x3f0 [ 32.389354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.389399] kthread+0x328/0x630 [ 32.389433] ret_from_fork+0x10/0x20 [ 32.389469] [ 32.389489] Freed by task 247: [ 32.389515] kasan_save_stack+0x3c/0x68 [ 32.389552] kasan_save_track+0x20/0x40 [ 32.389591] kasan_save_free_info+0x4c/0x78 [ 32.389630] __kasan_slab_free+0x6c/0x98 [ 32.389668] kmem_cache_free+0x260/0x468 [ 32.389706] slab_kmem_cache_release+0x38/0x50 [ 32.389747] kmem_cache_release+0x1c/0x30 [ 32.389787] kobject_put+0x17c/0x420 [ 32.389825] sysfs_slab_release+0x1c/0x30 [ 32.389873] kmem_cache_destroy+0x118/0x218 [ 32.389911] kmem_cache_double_destroy+0x128/0x300 [ 32.389958] kunit_try_run_case+0x170/0x3f0 [ 32.390002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.390050] kthread+0x328/0x630 [ 32.390084] ret_from_fork+0x10/0x20 [ 32.390122] [ 32.390142] The buggy address belongs to the object at fff00000c1c3cc80 [ 32.390142] which belongs to the cache kmem_cache of size 208 [ 32.390202] The buggy address is located 0 bytes inside of [ 32.390202] freed 208-byte region [fff00000c1c3cc80, fff00000c1c3cd50) [ 32.390265] [ 32.390288] The buggy address belongs to the physical page: [ 32.390323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c3c [ 32.390380] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.390434] page_type: f5(slab) [ 32.390477] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 32.390530] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 32.390572] page dumped because: kasan: bad access detected [ 32.390604] [ 32.390622] Memory state around the buggy address: [ 32.390656] fff00000c1c3cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.390700] fff00000c1c3cc00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.390744] >fff00000c1c3cc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.390782] ^ [ 32.390809] fff00000c1c3cd00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 32.390858] fff00000c1c3cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.390899] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 32.320723] ================================================================== [ 32.320853] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 32.320941] Read of size 1 at addr fff00000c926e000 by task kunit_try_catch/245 [ 32.320996] [ 32.321044] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.321137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.321165] Hardware name: linux,dummy-virt (DT) [ 32.321202] Call trace: [ 32.321228] show_stack+0x20/0x38 (C) [ 32.321282] dump_stack_lvl+0x8c/0xd0 [ 32.321338] print_report+0x118/0x608 [ 32.321388] kasan_report+0xdc/0x128 [ 32.321435] __asan_report_load1_noabort+0x20/0x30 [ 32.321484] kmem_cache_rcu_uaf+0x388/0x468 [ 32.321533] kunit_try_run_case+0x170/0x3f0 [ 32.321588] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.321644] kthread+0x328/0x630 [ 32.321687] ret_from_fork+0x10/0x20 [ 32.321737] [ 32.321757] Allocated by task 245: [ 32.321788] kasan_save_stack+0x3c/0x68 [ 32.321842] kasan_save_track+0x20/0x40 [ 32.321883] kasan_save_alloc_info+0x40/0x58 [ 32.321921] __kasan_slab_alloc+0xa8/0xb0 [ 32.321967] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.322010] kmem_cache_rcu_uaf+0x12c/0x468 [ 32.322049] kunit_try_run_case+0x170/0x3f0 [ 32.322089] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.322135] kthread+0x328/0x630 [ 32.322168] ret_from_fork+0x10/0x20 [ 32.322204] [ 32.322225] Freed by task 0: [ 32.322250] kasan_save_stack+0x3c/0x68 [ 32.322288] kasan_save_track+0x20/0x40 [ 32.322326] kasan_save_free_info+0x4c/0x78 [ 32.322364] __kasan_slab_free+0x6c/0x98 [ 32.322403] slab_free_after_rcu_debug+0xd4/0x2f8 [ 32.322444] rcu_core+0x9f4/0x1e20 [ 32.322484] rcu_core_si+0x18/0x30 [ 32.322518] handle_softirqs+0x374/0xb28 [ 32.322559] __do_softirq+0x1c/0x28 [ 32.322592] [ 32.322611] Last potentially related work creation: [ 32.322638] kasan_save_stack+0x3c/0x68 [ 32.322678] kasan_record_aux_stack+0xb4/0xc8 [ 32.322717] kmem_cache_free+0x120/0x468 [ 32.322755] kmem_cache_rcu_uaf+0x16c/0x468 [ 32.322794] kunit_try_run_case+0x170/0x3f0 [ 32.322841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.322889] kthread+0x328/0x630 [ 32.322921] ret_from_fork+0x10/0x20 [ 32.322956] [ 32.322975] The buggy address belongs to the object at fff00000c926e000 [ 32.322975] which belongs to the cache test_cache of size 200 [ 32.323035] The buggy address is located 0 bytes inside of [ 32.323035] freed 200-byte region [fff00000c926e000, fff00000c926e0c8) [ 32.323099] [ 32.323120] The buggy address belongs to the physical page: [ 32.323156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10926e [ 32.323214] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.323269] page_type: f5(slab) [ 32.323315] raw: 0bfffe0000000000 fff00000c593a140 dead000000000122 0000000000000000 [ 32.323368] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 32.323411] page dumped because: kasan: bad access detected [ 32.323443] [ 32.323460] Memory state around the buggy address: [ 32.323495] fff00000c926df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.323540] fff00000c926df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.323583] >fff00000c926e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.323623] ^ [ 32.323651] fff00000c926e080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 32.323694] fff00000c926e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.323733] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 31.974413] ================================================================== [ 31.974735] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 31.974839] Free of addr fff00000c9aad001 by task kunit_try_catch/243 [ 31.975266] [ 31.975382] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.975889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.975919] Hardware name: linux,dummy-virt (DT) [ 31.976126] Call trace: [ 31.976242] show_stack+0x20/0x38 (C) [ 31.976301] dump_stack_lvl+0x8c/0xd0 [ 31.976519] print_report+0x118/0x608 [ 31.976568] kasan_report_invalid_free+0xc0/0xe8 [ 31.977073] check_slab_allocation+0xfc/0x108 [ 31.977159] __kasan_slab_pre_free+0x2c/0x48 [ 31.977229] kmem_cache_free+0xf0/0x468 [ 31.977302] kmem_cache_invalid_free+0x184/0x3c8 [ 31.977800] kunit_try_run_case+0x170/0x3f0 [ 31.978126] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.978257] kthread+0x328/0x630 [ 31.978309] ret_from_fork+0x10/0x20 [ 31.978559] [ 31.978579] Allocated by task 243: [ 31.978948] kasan_save_stack+0x3c/0x68 [ 31.979117] kasan_save_track+0x20/0x40 [ 31.979454] kasan_save_alloc_info+0x40/0x58 [ 31.979503] __kasan_slab_alloc+0xa8/0xb0 [ 31.979703] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.979750] kmem_cache_invalid_free+0x12c/0x3c8 [ 31.979792] kunit_try_run_case+0x170/0x3f0 [ 31.980305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.980403] kthread+0x328/0x630 [ 31.980461] ret_from_fork+0x10/0x20 [ 31.980675] [ 31.980805] The buggy address belongs to the object at fff00000c9aad000 [ 31.980805] which belongs to the cache test_cache of size 200 [ 31.980885] The buggy address is located 1 bytes inside of [ 31.980885] 200-byte region [fff00000c9aad000, fff00000c9aad0c8) [ 31.980953] [ 31.981086] The buggy address belongs to the physical page: [ 31.981232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aad [ 31.981291] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.981912] page_type: f5(slab) [ 31.982311] raw: 0bfffe0000000000 fff00000c1c3cb40 dead000000000122 0000000000000000 [ 31.982506] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.982768] page dumped because: kasan: bad access detected [ 31.982801] [ 31.983075] Memory state around the buggy address: [ 31.983112] fff00000c9aacf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.983327] fff00000c9aacf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.983373] >fff00000c9aad000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.983412] ^ [ 31.983439] fff00000c9aad080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.984163] fff00000c9aad100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.984236] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 31.902999] ================================================================== [ 31.903082] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 31.903159] Free of addr fff00000c9aae000 by task kunit_try_catch/241 [ 31.903204] [ 31.903250] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.903338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.903365] Hardware name: linux,dummy-virt (DT) [ 31.903399] Call trace: [ 31.903949] show_stack+0x20/0x38 (C) [ 31.904277] dump_stack_lvl+0x8c/0xd0 [ 31.904421] print_report+0x118/0x608 [ 31.904506] kasan_report_invalid_free+0xc0/0xe8 [ 31.904723] check_slab_allocation+0xd4/0x108 [ 31.904775] __kasan_slab_pre_free+0x2c/0x48 [ 31.904996] kmem_cache_free+0xf0/0x468 [ 31.905305] kmem_cache_double_free+0x190/0x3c8 [ 31.906034] kunit_try_run_case+0x170/0x3f0 [ 31.906143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.906208] kthread+0x328/0x630 [ 31.906252] ret_from_fork+0x10/0x20 [ 31.906751] [ 31.906793] Allocated by task 241: [ 31.907094] kasan_save_stack+0x3c/0x68 [ 31.907204] kasan_save_track+0x20/0x40 [ 31.907561] kasan_save_alloc_info+0x40/0x58 [ 31.907609] __kasan_slab_alloc+0xa8/0xb0 [ 31.907652] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.907694] kmem_cache_double_free+0x12c/0x3c8 [ 31.907737] kunit_try_run_case+0x170/0x3f0 [ 31.907779] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.907826] kthread+0x328/0x630 [ 31.907870] ret_from_fork+0x10/0x20 [ 31.907908] [ 31.907927] Freed by task 241: [ 31.907955] kasan_save_stack+0x3c/0x68 [ 31.908720] kasan_save_track+0x20/0x40 [ 31.908768] kasan_save_free_info+0x4c/0x78 [ 31.908809] __kasan_slab_free+0x6c/0x98 [ 31.908863] kmem_cache_free+0x260/0x468 [ 31.908900] kmem_cache_double_free+0x140/0x3c8 [ 31.908941] kunit_try_run_case+0x170/0x3f0 [ 31.908981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.909027] kthread+0x328/0x630 [ 31.909060] ret_from_fork+0x10/0x20 [ 31.909140] [ 31.909168] The buggy address belongs to the object at fff00000c9aae000 [ 31.909168] which belongs to the cache test_cache of size 200 [ 31.909904] The buggy address is located 0 bytes inside of [ 31.909904] 200-byte region [fff00000c9aae000, fff00000c9aae0c8) [ 31.910267] [ 31.910683] The buggy address belongs to the physical page: [ 31.910815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109aae [ 31.911014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.911116] page_type: f5(slab) [ 31.911163] raw: 0bfffe0000000000 fff00000c1c3ca00 dead000000000122 0000000000000000 [ 31.911216] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.911664] page dumped because: kasan: bad access detected [ 31.911702] [ 31.911733] Memory state around the buggy address: [ 31.911845] fff00000c9aadf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.911892] fff00000c9aadf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.912241] >fff00000c9aae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.912287] ^ [ 31.912458] fff00000c9aae080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.912685] fff00000c9aae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.912909] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 31.651082] ================================================================== [ 31.651150] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 31.651215] Read of size 1 at addr fff00000c9b440c8 by task kunit_try_catch/239 [ 31.651527] [ 31.652066] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.652789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.652823] Hardware name: linux,dummy-virt (DT) [ 31.652968] Call trace: [ 31.653300] show_stack+0x20/0x38 (C) [ 31.653456] dump_stack_lvl+0x8c/0xd0 [ 31.653556] print_report+0x118/0x608 [ 31.653606] kasan_report+0xdc/0x128 [ 31.653652] __asan_report_load1_noabort+0x20/0x30 [ 31.653732] kmem_cache_oob+0x344/0x430 [ 31.653780] kunit_try_run_case+0x170/0x3f0 [ 31.653889] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.653945] kthread+0x328/0x630 [ 31.653994] ret_from_fork+0x10/0x20 [ 31.654099] [ 31.654119] Allocated by task 239: [ 31.654148] kasan_save_stack+0x3c/0x68 [ 31.654210] kasan_save_track+0x20/0x40 [ 31.654316] kasan_save_alloc_info+0x40/0x58 [ 31.654434] __kasan_slab_alloc+0xa8/0xb0 [ 31.654593] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.654655] kmem_cache_oob+0x12c/0x430 [ 31.654699] kunit_try_run_case+0x170/0x3f0 [ 31.654844] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.654891] kthread+0x328/0x630 [ 31.654923] ret_from_fork+0x10/0x20 [ 31.654994] [ 31.655014] The buggy address belongs to the object at fff00000c9b44000 [ 31.655014] which belongs to the cache test_cache of size 200 [ 31.655074] The buggy address is located 0 bytes to the right of [ 31.655074] allocated 200-byte region [fff00000c9b44000, fff00000c9b440c8) [ 31.655140] [ 31.655712] The buggy address belongs to the physical page: [ 31.655760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b44 [ 31.656128] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.656340] page_type: f5(slab) [ 31.656576] raw: 0bfffe0000000000 fff00000c1c3c8c0 dead000000000122 0000000000000000 [ 31.656646] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.656744] page dumped because: kasan: bad access detected [ 31.656858] [ 31.656876] Memory state around the buggy address: [ 31.656911] fff00000c9b43f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.656967] fff00000c9b44000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.657011] >fff00000c9b44080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.657051] ^ [ 31.657482] fff00000c9b44100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.657552] fff00000c9b44180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.657591] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 31.606570] ================================================================== [ 31.607320] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 31.607397] Read of size 8 at addr fff00000c9b4b600 by task kunit_try_catch/232 [ 31.607451] [ 31.607490] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.607582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.607609] Hardware name: linux,dummy-virt (DT) [ 31.608090] Call trace: [ 31.608717] show_stack+0x20/0x38 (C) [ 31.608782] dump_stack_lvl+0x8c/0xd0 [ 31.609043] print_report+0x118/0x608 [ 31.609096] kasan_report+0xdc/0x128 [ 31.609150] __asan_report_load8_noabort+0x20/0x30 [ 31.609503] workqueue_uaf+0x480/0x4a8 [ 31.609827] kunit_try_run_case+0x170/0x3f0 [ 31.610039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.610365] kthread+0x328/0x630 [ 31.610415] ret_from_fork+0x10/0x20 [ 31.610674] [ 31.610693] Allocated by task 232: [ 31.611013] kasan_save_stack+0x3c/0x68 [ 31.611072] kasan_save_track+0x20/0x40 [ 31.611334] kasan_save_alloc_info+0x40/0x58 [ 31.611394] __kasan_kmalloc+0xd4/0xd8 [ 31.611762] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.611818] workqueue_uaf+0x13c/0x4a8 [ 31.611865] kunit_try_run_case+0x170/0x3f0 [ 31.612156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.612213] kthread+0x328/0x630 [ 31.612457] ret_from_fork+0x10/0x20 [ 31.612556] [ 31.612755] Freed by task 9: [ 31.612786] kasan_save_stack+0x3c/0x68 [ 31.612827] kasan_save_track+0x20/0x40 [ 31.613079] kasan_save_free_info+0x4c/0x78 [ 31.613126] __kasan_slab_free+0x6c/0x98 [ 31.613403] kfree+0x214/0x3c8 [ 31.613440] workqueue_uaf_work+0x18/0x30 [ 31.613778] process_one_work+0x530/0xf98 [ 31.614247] worker_thread+0x618/0xf38 [ 31.614560] kthread+0x328/0x630 [ 31.614819] ret_from_fork+0x10/0x20 [ 31.614968] [ 31.614989] Last potentially related work creation: [ 31.615017] kasan_save_stack+0x3c/0x68 [ 31.615057] kasan_record_aux_stack+0xb4/0xc8 [ 31.615237] __queue_work+0x65c/0xfe0 [ 31.615788] queue_work_on+0xbc/0xf8 [ 31.615917] workqueue_uaf+0x210/0x4a8 [ 31.615958] kunit_try_run_case+0x170/0x3f0 [ 31.616132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.616219] kthread+0x328/0x630 [ 31.616428] ret_from_fork+0x10/0x20 [ 31.616588] [ 31.616611] The buggy address belongs to the object at fff00000c9b4b600 [ 31.616611] which belongs to the cache kmalloc-32 of size 32 [ 31.616750] The buggy address is located 0 bytes inside of [ 31.616750] freed 32-byte region [fff00000c9b4b600, fff00000c9b4b620) [ 31.617269] [ 31.617508] The buggy address belongs to the physical page: [ 31.617979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b4b [ 31.618049] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.618103] page_type: f5(slab) [ 31.618287] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.618557] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.618749] page dumped because: kasan: bad access detected [ 31.619030] [ 31.619059] Memory state around the buggy address: [ 31.619322] fff00000c9b4b500: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 31.619555] fff00000c9b4b580: 00 00 00 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 31.619689] >fff00000c9b4b600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.619780] ^ [ 31.620070] fff00000c9b4b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.620239] fff00000c9b4b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.620359] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 31.565875] ================================================================== [ 31.566020] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 31.566093] Read of size 4 at addr fff00000c9b4b440 by task swapper/0/0 [ 31.566140] [ 31.566180] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.566268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.566295] Hardware name: linux,dummy-virt (DT) [ 31.566330] Call trace: [ 31.566353] show_stack+0x20/0x38 (C) [ 31.566405] dump_stack_lvl+0x8c/0xd0 [ 31.566456] print_report+0x118/0x608 [ 31.566505] kasan_report+0xdc/0x128 [ 31.566551] __asan_report_load4_noabort+0x20/0x30 [ 31.566599] rcu_uaf_reclaim+0x64/0x70 [ 31.566644] rcu_core+0x9f4/0x1e20 [ 31.569183] rcu_core_si+0x18/0x30 [ 31.569268] handle_softirqs+0x374/0xb28 [ 31.569327] __do_softirq+0x1c/0x28 [ 31.569373] ____do_softirq+0x18/0x30 [ 31.569419] call_on_irq_stack+0x24/0x30 [ 31.569465] do_softirq_own_stack+0x24/0x38 [ 31.569513] __irq_exit_rcu+0x1fc/0x318 [ 31.569560] irq_exit_rcu+0x1c/0x80 [ 31.569605] el1_interrupt+0x38/0x58 [ 31.569653] el1h_64_irq_handler+0x18/0x28 [ 31.569700] el1h_64_irq+0x6c/0x70 [ 31.570402] arch_local_irq_enable+0x4/0x8 (P) [ 31.570489] do_idle+0x384/0x4e8 [ 31.570800] cpu_startup_entry+0x64/0x80 [ 31.570895] rest_init+0x160/0x188 [ 31.571330] start_kernel+0x30c/0x3d0 [ 31.571462] __primary_switched+0x8c/0xa0 [ 31.571879] [ 31.571916] Allocated by task 230: [ 31.571948] kasan_save_stack+0x3c/0x68 [ 31.572190] kasan_save_track+0x20/0x40 [ 31.572233] kasan_save_alloc_info+0x40/0x58 [ 31.572272] __kasan_kmalloc+0xd4/0xd8 [ 31.572607] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.573758] rcu_uaf+0xb0/0x2d8 [ 31.574108] kunit_try_run_case+0x170/0x3f0 [ 31.574163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.574765] kthread+0x328/0x630 [ 31.574817] ret_from_fork+0x10/0x20 [ 31.574894] [ 31.574914] Freed by task 0: [ 31.574943] kasan_save_stack+0x3c/0x68 [ 31.574985] kasan_save_track+0x20/0x40 [ 31.575172] kasan_save_free_info+0x4c/0x78 [ 31.575535] __kasan_slab_free+0x6c/0x98 [ 31.575622] kfree+0x214/0x3c8 [ 31.575658] rcu_uaf_reclaim+0x28/0x70 [ 31.575695] rcu_core+0x9f4/0x1e20 [ 31.575732] rcu_core_si+0x18/0x30 [ 31.575767] handle_softirqs+0x374/0xb28 [ 31.575805] __do_softirq+0x1c/0x28 [ 31.576482] [ 31.576542] Last potentially related work creation: [ 31.576591] kasan_save_stack+0x3c/0x68 [ 31.576729] kasan_record_aux_stack+0xb4/0xc8 [ 31.576771] __call_rcu_common.constprop.0+0x74/0x8c8 [ 31.577085] call_rcu+0x18/0x30 [ 31.577130] rcu_uaf+0x14c/0x2d8 [ 31.577562] kunit_try_run_case+0x170/0x3f0 [ 31.577627] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.577706] kthread+0x328/0x630 [ 31.577809] ret_from_fork+0x10/0x20 [ 31.577908] [ 31.577937] The buggy address belongs to the object at fff00000c9b4b440 [ 31.577937] which belongs to the cache kmalloc-32 of size 32 [ 31.578481] The buggy address is located 0 bytes inside of [ 31.578481] freed 32-byte region [fff00000c9b4b440, fff00000c9b4b460) [ 31.578551] [ 31.578865] The buggy address belongs to the physical page: [ 31.578910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b4b [ 31.578977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.579400] page_type: f5(slab) [ 31.579539] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.579647] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.579693] page dumped because: kasan: bad access detected [ 31.579790] [ 31.579808] Memory state around the buggy address: [ 31.579853] fff00000c9b4b300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.580150] fff00000c9b4b380: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 31.580346] >fff00000c9b4b400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.580533] ^ [ 31.580574] fff00000c9b4b480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.580655] fff00000c9b4b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.580718] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 31.334948] ================================================================== [ 31.335298] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 31.335382] Read of size 1 at addr fff00000c9ae3500 by task kunit_try_catch/228 [ 31.335482] [ 31.335517] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.335660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.335689] Hardware name: linux,dummy-virt (DT) [ 31.335913] Call trace: [ 31.335954] show_stack+0x20/0x38 (C) [ 31.336016] dump_stack_lvl+0x8c/0xd0 [ 31.336211] print_report+0x118/0x608 [ 31.336294] kasan_report+0xdc/0x128 [ 31.336588] __kasan_check_byte+0x54/0x70 [ 31.336750] ksize+0x30/0x88 [ 31.336796] ksize_uaf+0x168/0x5f8 [ 31.336849] kunit_try_run_case+0x170/0x3f0 [ 31.337299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.337464] kthread+0x328/0x630 [ 31.337644] ret_from_fork+0x10/0x20 [ 31.337736] [ 31.338017] Allocated by task 228: [ 31.338194] kasan_save_stack+0x3c/0x68 [ 31.338354] kasan_save_track+0x20/0x40 [ 31.338538] kasan_save_alloc_info+0x40/0x58 [ 31.338613] __kasan_kmalloc+0xd4/0xd8 [ 31.338651] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.338885] ksize_uaf+0xb8/0x5f8 [ 31.339048] kunit_try_run_case+0x170/0x3f0 [ 31.339821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.339989] kthread+0x328/0x630 [ 31.340055] ret_from_fork+0x10/0x20 [ 31.340110] [ 31.340266] Freed by task 228: [ 31.340384] kasan_save_stack+0x3c/0x68 [ 31.340750] kasan_save_track+0x20/0x40 [ 31.340829] kasan_save_free_info+0x4c/0x78 [ 31.341138] __kasan_slab_free+0x6c/0x98 [ 31.341454] kfree+0x214/0x3c8 [ 31.341689] ksize_uaf+0x11c/0x5f8 [ 31.341887] kunit_try_run_case+0x170/0x3f0 [ 31.342313] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.342666] kthread+0x328/0x630 [ 31.342727] ret_from_fork+0x10/0x20 [ 31.342767] [ 31.342790] The buggy address belongs to the object at fff00000c9ae3500 [ 31.342790] which belongs to the cache kmalloc-128 of size 128 [ 31.343014] The buggy address is located 0 bytes inside of [ 31.343014] freed 128-byte region [fff00000c9ae3500, fff00000c9ae3580) [ 31.343096] [ 31.343116] The buggy address belongs to the physical page: [ 31.343158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.343332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.343394] page_type: f5(slab) [ 31.343436] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.343509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.343552] page dumped because: kasan: bad access detected [ 31.343584] [ 31.343613] Memory state around the buggy address: [ 31.343656] fff00000c9ae3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.343699] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.343750] >fff00000c9ae3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.343787] ^ [ 31.343825] fff00000c9ae3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.344342] fff00000c9ae3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.344498] ================================================================== [ 31.359479] ================================================================== [ 31.359531] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 31.359579] Read of size 1 at addr fff00000c9ae3578 by task kunit_try_catch/228 [ 31.359653] [ 31.359692] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.359780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.359817] Hardware name: linux,dummy-virt (DT) [ 31.360302] Call trace: [ 31.360351] show_stack+0x20/0x38 (C) [ 31.360633] dump_stack_lvl+0x8c/0xd0 [ 31.361032] print_report+0x118/0x608 [ 31.361253] kasan_report+0xdc/0x128 [ 31.361341] __asan_report_load1_noabort+0x20/0x30 [ 31.361524] ksize_uaf+0x544/0x5f8 [ 31.361855] kunit_try_run_case+0x170/0x3f0 [ 31.361979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.362156] kthread+0x328/0x630 [ 31.362376] ret_from_fork+0x10/0x20 [ 31.362687] [ 31.362860] Allocated by task 228: [ 31.362936] kasan_save_stack+0x3c/0x68 [ 31.363111] kasan_save_track+0x20/0x40 [ 31.363303] kasan_save_alloc_info+0x40/0x58 [ 31.363378] __kasan_kmalloc+0xd4/0xd8 [ 31.363609] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.364037] ksize_uaf+0xb8/0x5f8 [ 31.364094] kunit_try_run_case+0x170/0x3f0 [ 31.364495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.364682] kthread+0x328/0x630 [ 31.364870] ret_from_fork+0x10/0x20 [ 31.364975] [ 31.365000] Freed by task 228: [ 31.365037] kasan_save_stack+0x3c/0x68 [ 31.365079] kasan_save_track+0x20/0x40 [ 31.365118] kasan_save_free_info+0x4c/0x78 [ 31.365435] __kasan_slab_free+0x6c/0x98 [ 31.365629] kfree+0x214/0x3c8 [ 31.365719] ksize_uaf+0x11c/0x5f8 [ 31.365986] kunit_try_run_case+0x170/0x3f0 [ 31.366051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.366314] kthread+0x328/0x630 [ 31.366569] ret_from_fork+0x10/0x20 [ 31.366675] [ 31.366867] The buggy address belongs to the object at fff00000c9ae3500 [ 31.366867] which belongs to the cache kmalloc-128 of size 128 [ 31.367130] The buggy address is located 120 bytes inside of [ 31.367130] freed 128-byte region [fff00000c9ae3500, fff00000c9ae3580) [ 31.367607] [ 31.367706] The buggy address belongs to the physical page: [ 31.367907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.367985] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.368222] page_type: f5(slab) [ 31.368431] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.368507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.368829] page dumped because: kasan: bad access detected [ 31.368881] [ 31.368925] Memory state around the buggy address: [ 31.369030] fff00000c9ae3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.369455] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.369708] >fff00000c9ae3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.369883] ^ [ 31.369983] fff00000c9ae3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.370186] fff00000c9ae3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.370414] ================================================================== [ 31.349133] ================================================================== [ 31.349192] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 31.349246] Read of size 1 at addr fff00000c9ae3500 by task kunit_try_catch/228 [ 31.349775] [ 31.349993] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.350239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.350632] Hardware name: linux,dummy-virt (DT) [ 31.350690] Call trace: [ 31.350715] show_stack+0x20/0x38 (C) [ 31.350880] dump_stack_lvl+0x8c/0xd0 [ 31.350937] print_report+0x118/0x608 [ 31.351155] kasan_report+0xdc/0x128 [ 31.351459] __asan_report_load1_noabort+0x20/0x30 [ 31.351565] ksize_uaf+0x598/0x5f8 [ 31.351617] kunit_try_run_case+0x170/0x3f0 [ 31.351738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.351961] kthread+0x328/0x630 [ 31.352070] ret_from_fork+0x10/0x20 [ 31.352220] [ 31.352246] Allocated by task 228: [ 31.352306] kasan_save_stack+0x3c/0x68 [ 31.352676] kasan_save_track+0x20/0x40 [ 31.352936] kasan_save_alloc_info+0x40/0x58 [ 31.353189] __kasan_kmalloc+0xd4/0xd8 [ 31.353314] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.353470] ksize_uaf+0xb8/0x5f8 [ 31.353574] kunit_try_run_case+0x170/0x3f0 [ 31.353733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.353868] kthread+0x328/0x630 [ 31.354305] ret_from_fork+0x10/0x20 [ 31.354377] [ 31.354616] Freed by task 228: [ 31.354830] kasan_save_stack+0x3c/0x68 [ 31.354918] kasan_save_track+0x20/0x40 [ 31.355135] kasan_save_free_info+0x4c/0x78 [ 31.355289] __kasan_slab_free+0x6c/0x98 [ 31.355386] kfree+0x214/0x3c8 [ 31.355786] ksize_uaf+0x11c/0x5f8 [ 31.355861] kunit_try_run_case+0x170/0x3f0 [ 31.356024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.356209] kthread+0x328/0x630 [ 31.356269] ret_from_fork+0x10/0x20 [ 31.356334] [ 31.356687] The buggy address belongs to the object at fff00000c9ae3500 [ 31.356687] which belongs to the cache kmalloc-128 of size 128 [ 31.356942] The buggy address is located 0 bytes inside of [ 31.356942] freed 128-byte region [fff00000c9ae3500, fff00000c9ae3580) [ 31.357130] [ 31.357231] The buggy address belongs to the physical page: [ 31.357597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.357903] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.358051] page_type: f5(slab) [ 31.358323] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.358395] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.358437] page dumped because: kasan: bad access detected [ 31.358467] [ 31.358485] Memory state around the buggy address: [ 31.358518] fff00000c9ae3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.358600] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.358653] >fff00000c9ae3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.358695] ^ [ 31.358750] fff00000c9ae3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.358792] fff00000c9ae3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.358831] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 31.316445] ================================================================== [ 31.316959] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 31.317046] Read of size 1 at addr fff00000c9ae347f by task kunit_try_catch/226 [ 31.317173] [ 31.317203] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.317492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.317634] Hardware name: linux,dummy-virt (DT) [ 31.317696] Call trace: [ 31.317797] show_stack+0x20/0x38 (C) [ 31.318056] dump_stack_lvl+0x8c/0xd0 [ 31.318314] print_report+0x118/0x608 [ 31.318416] kasan_report+0xdc/0x128 [ 31.318510] __asan_report_load1_noabort+0x20/0x30 [ 31.318751] ksize_unpoisons_memory+0x690/0x740 [ 31.318956] kunit_try_run_case+0x170/0x3f0 [ 31.319016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.319420] kthread+0x328/0x630 [ 31.319526] ret_from_fork+0x10/0x20 [ 31.319807] [ 31.319931] Allocated by task 226: [ 31.320050] kasan_save_stack+0x3c/0x68 [ 31.320363] kasan_save_track+0x20/0x40 [ 31.320793] kasan_save_alloc_info+0x40/0x58 [ 31.321030] __kasan_kmalloc+0xd4/0xd8 [ 31.321181] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.321296] ksize_unpoisons_memory+0xc0/0x740 [ 31.321338] kunit_try_run_case+0x170/0x3f0 [ 31.321670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.322000] kthread+0x328/0x630 [ 31.322143] ret_from_fork+0x10/0x20 [ 31.322277] [ 31.322299] The buggy address belongs to the object at fff00000c9ae3400 [ 31.322299] which belongs to the cache kmalloc-128 of size 128 [ 31.322535] The buggy address is located 12 bytes to the right of [ 31.322535] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.322771] [ 31.322826] The buggy address belongs to the physical page: [ 31.322947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.323095] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.323213] page_type: f5(slab) [ 31.323420] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.323531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.324039] page dumped because: kasan: bad access detected [ 31.324142] [ 31.324203] Memory state around the buggy address: [ 31.324296] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.324556] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.324880] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.325058] ^ [ 31.325136] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.325353] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.325517] ================================================================== [ 31.309542] ================================================================== [ 31.309597] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 31.309668] Read of size 1 at addr fff00000c9ae3478 by task kunit_try_catch/226 [ 31.309721] [ 31.309750] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.309848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.309876] Hardware name: linux,dummy-virt (DT) [ 31.309909] Call trace: [ 31.309930] show_stack+0x20/0x38 (C) [ 31.309989] dump_stack_lvl+0x8c/0xd0 [ 31.310046] print_report+0x118/0x608 [ 31.310105] kasan_report+0xdc/0x128 [ 31.310151] __asan_report_load1_noabort+0x20/0x30 [ 31.310202] ksize_unpoisons_memory+0x618/0x740 [ 31.310252] kunit_try_run_case+0x170/0x3f0 [ 31.310310] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.310365] kthread+0x328/0x630 [ 31.310408] ret_from_fork+0x10/0x20 [ 31.310454] [ 31.310474] Allocated by task 226: [ 31.310501] kasan_save_stack+0x3c/0x68 [ 31.310544] kasan_save_track+0x20/0x40 [ 31.310582] kasan_save_alloc_info+0x40/0x58 [ 31.310629] __kasan_kmalloc+0xd4/0xd8 [ 31.310667] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.310709] ksize_unpoisons_memory+0xc0/0x740 [ 31.310749] kunit_try_run_case+0x170/0x3f0 [ 31.310798] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.311152] kthread+0x328/0x630 [ 31.311201] ret_from_fork+0x10/0x20 [ 31.311673] [ 31.311916] The buggy address belongs to the object at fff00000c9ae3400 [ 31.311916] which belongs to the cache kmalloc-128 of size 128 [ 31.312019] The buggy address is located 5 bytes to the right of [ 31.312019] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.313015] [ 31.313073] The buggy address belongs to the physical page: [ 31.313405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.313465] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.313558] page_type: f5(slab) [ 31.313640] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.313717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.313936] page dumped because: kasan: bad access detected [ 31.314055] [ 31.314076] Memory state around the buggy address: [ 31.314342] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.314580] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.314933] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.315031] ^ [ 31.315233] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.315317] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.315513] ================================================================== [ 31.299595] ================================================================== [ 31.299666] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 31.300064] Read of size 1 at addr fff00000c9ae3473 by task kunit_try_catch/226 [ 31.300134] [ 31.300170] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.300500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.300625] Hardware name: linux,dummy-virt (DT) [ 31.300662] Call trace: [ 31.300697] show_stack+0x20/0x38 (C) [ 31.301044] dump_stack_lvl+0x8c/0xd0 [ 31.301197] print_report+0x118/0x608 [ 31.301387] kasan_report+0xdc/0x128 [ 31.301513] __asan_report_load1_noabort+0x20/0x30 [ 31.301648] ksize_unpoisons_memory+0x628/0x740 [ 31.301746] kunit_try_run_case+0x170/0x3f0 [ 31.302117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.302252] kthread+0x328/0x630 [ 31.302421] ret_from_fork+0x10/0x20 [ 31.302548] [ 31.302614] Allocated by task 226: [ 31.303095] kasan_save_stack+0x3c/0x68 [ 31.303276] kasan_save_track+0x20/0x40 [ 31.303347] kasan_save_alloc_info+0x40/0x58 [ 31.303410] __kasan_kmalloc+0xd4/0xd8 [ 31.303472] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.303964] ksize_unpoisons_memory+0xc0/0x740 [ 31.304118] kunit_try_run_case+0x170/0x3f0 [ 31.304190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.304591] kthread+0x328/0x630 [ 31.304823] ret_from_fork+0x10/0x20 [ 31.305110] [ 31.305155] The buggy address belongs to the object at fff00000c9ae3400 [ 31.305155] which belongs to the cache kmalloc-128 of size 128 [ 31.305235] The buggy address is located 0 bytes to the right of [ 31.305235] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.305580] [ 31.305656] The buggy address belongs to the physical page: [ 31.305892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.306034] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.306143] page_type: f5(slab) [ 31.306186] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.306455] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.306545] page dumped because: kasan: bad access detected [ 31.306784] [ 31.306985] Memory state around the buggy address: [ 31.307077] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.307150] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.307559] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.307626] ^ [ 31.307721] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.308065] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.308231] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 31.277718] ================================================================== [ 31.277963] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 31.278109] Free of addr fff00000c5a30cc0 by task kunit_try_catch/224 [ 31.278327] [ 31.278397] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.278793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.278845] Hardware name: linux,dummy-virt (DT) [ 31.278880] Call trace: [ 31.278991] show_stack+0x20/0x38 (C) [ 31.279054] dump_stack_lvl+0x8c/0xd0 [ 31.279211] print_report+0x118/0x608 [ 31.279263] kasan_report_invalid_free+0xc0/0xe8 [ 31.279373] check_slab_allocation+0xd4/0x108 [ 31.279425] __kasan_slab_pre_free+0x2c/0x48 [ 31.279689] kfree+0xe8/0x3c8 [ 31.279773] kfree_sensitive+0x3c/0xb0 [ 31.279967] kmalloc_double_kzfree+0x168/0x308 [ 31.280035] kunit_try_run_case+0x170/0x3f0 [ 31.280102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.280196] kthread+0x328/0x630 [ 31.280240] ret_from_fork+0x10/0x20 [ 31.280995] [ 31.281097] Allocated by task 224: [ 31.281223] kasan_save_stack+0x3c/0x68 [ 31.281292] kasan_save_track+0x20/0x40 [ 31.281350] kasan_save_alloc_info+0x40/0x58 [ 31.281391] __kasan_kmalloc+0xd4/0xd8 [ 31.281719] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.282054] kmalloc_double_kzfree+0xb8/0x308 [ 31.282235] kunit_try_run_case+0x170/0x3f0 [ 31.282656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.282759] kthread+0x328/0x630 [ 31.283024] ret_from_fork+0x10/0x20 [ 31.283081] [ 31.283150] Freed by task 224: [ 31.283214] kasan_save_stack+0x3c/0x68 [ 31.284065] kasan_save_track+0x20/0x40 [ 31.284165] kasan_save_free_info+0x4c/0x78 [ 31.284342] __kasan_slab_free+0x6c/0x98 [ 31.284497] kfree+0x214/0x3c8 [ 31.284560] kfree_sensitive+0x80/0xb0 [ 31.284606] kmalloc_double_kzfree+0x11c/0x308 [ 31.285024] kunit_try_run_case+0x170/0x3f0 [ 31.285091] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.285456] kthread+0x328/0x630 [ 31.285610] ret_from_fork+0x10/0x20 [ 31.285754] [ 31.285856] The buggy address belongs to the object at fff00000c5a30cc0 [ 31.285856] which belongs to the cache kmalloc-16 of size 16 [ 31.286007] The buggy address is located 0 bytes inside of [ 31.286007] 16-byte region [fff00000c5a30cc0, fff00000c5a30cd0) [ 31.286090] [ 31.286159] The buggy address belongs to the physical page: [ 31.286209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 31.286268] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.286332] page_type: f5(slab) [ 31.286387] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.286438] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 31.286479] page dumped because: kasan: bad access detected [ 31.286511] [ 31.286531] Memory state around the buggy address: [ 31.286562] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.286615] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.286673] >fff00000c5a30c80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 31.286724] ^ [ 31.286760] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.286829] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.286889] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 31.267898] ================================================================== [ 31.267965] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 31.268231] Read of size 1 at addr fff00000c5a30cc0 by task kunit_try_catch/224 [ 31.268375] [ 31.268441] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.268954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.269108] Hardware name: linux,dummy-virt (DT) [ 31.269235] Call trace: [ 31.269326] show_stack+0x20/0x38 (C) [ 31.269472] dump_stack_lvl+0x8c/0xd0 [ 31.269664] print_report+0x118/0x608 [ 31.269969] kasan_report+0xdc/0x128 [ 31.270028] __kasan_check_byte+0x54/0x70 [ 31.270100] kfree_sensitive+0x30/0xb0 [ 31.270150] kmalloc_double_kzfree+0x168/0x308 [ 31.270202] kunit_try_run_case+0x170/0x3f0 [ 31.270266] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.270321] kthread+0x328/0x630 [ 31.270375] ret_from_fork+0x10/0x20 [ 31.270448] [ 31.270467] Allocated by task 224: [ 31.270502] kasan_save_stack+0x3c/0x68 [ 31.270547] kasan_save_track+0x20/0x40 [ 31.270585] kasan_save_alloc_info+0x40/0x58 [ 31.270634] __kasan_kmalloc+0xd4/0xd8 [ 31.270672] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.270724] kmalloc_double_kzfree+0xb8/0x308 [ 31.270772] kunit_try_run_case+0x170/0x3f0 [ 31.270813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.270912] kthread+0x328/0x630 [ 31.270978] ret_from_fork+0x10/0x20 [ 31.271215] [ 31.271241] Freed by task 224: [ 31.271527] kasan_save_stack+0x3c/0x68 [ 31.271633] kasan_save_track+0x20/0x40 [ 31.271887] kasan_save_free_info+0x4c/0x78 [ 31.272068] __kasan_slab_free+0x6c/0x98 [ 31.272151] kfree+0x214/0x3c8 [ 31.272188] kfree_sensitive+0x80/0xb0 [ 31.272458] kmalloc_double_kzfree+0x11c/0x308 [ 31.272581] kunit_try_run_case+0x170/0x3f0 [ 31.272832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.273094] kthread+0x328/0x630 [ 31.273264] ret_from_fork+0x10/0x20 [ 31.273514] [ 31.273565] The buggy address belongs to the object at fff00000c5a30cc0 [ 31.273565] which belongs to the cache kmalloc-16 of size 16 [ 31.273765] The buggy address is located 0 bytes inside of [ 31.273765] freed 16-byte region [fff00000c5a30cc0, fff00000c5a30cd0) [ 31.274010] [ 31.274034] The buggy address belongs to the physical page: [ 31.274066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 31.274331] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.274643] page_type: f5(slab) [ 31.274717] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.274826] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 31.274883] page dumped because: kasan: bad access detected [ 31.275115] [ 31.275204] Memory state around the buggy address: [ 31.275321] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.275405] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.275749] >fff00000c5a30c80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 31.275795] ^ [ 31.276313] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.276467] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.276529] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 31.235474] ================================================================== [ 31.235740] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 31.235808] Read of size 1 at addr fff00000c9b4c328 by task kunit_try_catch/220 [ 31.235974] [ 31.236008] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.236432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.236545] Hardware name: linux,dummy-virt (DT) [ 31.236683] Call trace: [ 31.236715] show_stack+0x20/0x38 (C) [ 31.236770] dump_stack_lvl+0x8c/0xd0 [ 31.236827] print_report+0x118/0x608 [ 31.237190] kasan_report+0xdc/0x128 [ 31.237367] __asan_report_load1_noabort+0x20/0x30 [ 31.237640] kmalloc_uaf2+0x3f4/0x468 [ 31.237709] kunit_try_run_case+0x170/0x3f0 [ 31.237764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.238078] kthread+0x328/0x630 [ 31.238220] ret_from_fork+0x10/0x20 [ 31.238291] [ 31.238310] Allocated by task 220: [ 31.238340] kasan_save_stack+0x3c/0x68 [ 31.238385] kasan_save_track+0x20/0x40 [ 31.238440] kasan_save_alloc_info+0x40/0x58 [ 31.238495] __kasan_kmalloc+0xd4/0xd8 [ 31.238531] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.238574] kmalloc_uaf2+0xc4/0x468 [ 31.238617] kunit_try_run_case+0x170/0x3f0 [ 31.238658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.238705] kthread+0x328/0x630 [ 31.238739] ret_from_fork+0x10/0x20 [ 31.238783] [ 31.238802] Freed by task 220: [ 31.238829] kasan_save_stack+0x3c/0x68 [ 31.239269] kasan_save_track+0x20/0x40 [ 31.239501] kasan_save_free_info+0x4c/0x78 [ 31.239783] __kasan_slab_free+0x6c/0x98 [ 31.239979] kfree+0x214/0x3c8 [ 31.240149] kmalloc_uaf2+0x134/0x468 [ 31.240192] kunit_try_run_case+0x170/0x3f0 [ 31.240528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.240673] kthread+0x328/0x630 [ 31.240938] ret_from_fork+0x10/0x20 [ 31.241087] [ 31.241115] The buggy address belongs to the object at fff00000c9b4c300 [ 31.241115] which belongs to the cache kmalloc-64 of size 64 [ 31.241176] The buggy address is located 40 bytes inside of [ 31.241176] freed 64-byte region [fff00000c9b4c300, fff00000c9b4c340) [ 31.241663] [ 31.241797] The buggy address belongs to the physical page: [ 31.242016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b4c [ 31.242108] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.242233] page_type: f5(slab) [ 31.242466] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.242741] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.242952] page dumped because: kasan: bad access detected [ 31.243344] [ 31.243388] Memory state around the buggy address: [ 31.243925] fff00000c9b4c200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.243978] fff00000c9b4c280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.244387] >fff00000c9b4c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.244545] ^ [ 31.244596] fff00000c9b4c380: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 31.244901] fff00000c9b4c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.244947] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 31.217876] ================================================================== [ 31.218185] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 31.218483] Write of size 33 at addr fff00000c9b4c180 by task kunit_try_catch/218 [ 31.218810] [ 31.218886] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.219102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.219129] Hardware name: linux,dummy-virt (DT) [ 31.219382] Call trace: [ 31.219417] show_stack+0x20/0x38 (C) [ 31.219726] dump_stack_lvl+0x8c/0xd0 [ 31.219798] print_report+0x118/0x608 [ 31.220143] kasan_report+0xdc/0x128 [ 31.220216] kasan_check_range+0x100/0x1a8 [ 31.220330] __asan_memset+0x34/0x78 [ 31.220383] kmalloc_uaf_memset+0x170/0x310 [ 31.220569] kunit_try_run_case+0x170/0x3f0 [ 31.220638] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.220716] kthread+0x328/0x630 [ 31.221043] ret_from_fork+0x10/0x20 [ 31.221292] [ 31.221508] Allocated by task 218: [ 31.221702] kasan_save_stack+0x3c/0x68 [ 31.221782] kasan_save_track+0x20/0x40 [ 31.222183] kasan_save_alloc_info+0x40/0x58 [ 31.222340] __kasan_kmalloc+0xd4/0xd8 [ 31.222406] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.222457] kmalloc_uaf_memset+0xb8/0x310 [ 31.222611] kunit_try_run_case+0x170/0x3f0 [ 31.222922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.223097] kthread+0x328/0x630 [ 31.223136] ret_from_fork+0x10/0x20 [ 31.223370] [ 31.223398] Freed by task 218: [ 31.223429] kasan_save_stack+0x3c/0x68 [ 31.223474] kasan_save_track+0x20/0x40 [ 31.223516] kasan_save_free_info+0x4c/0x78 [ 31.223553] __kasan_slab_free+0x6c/0x98 [ 31.223653] kfree+0x214/0x3c8 [ 31.223689] kmalloc_uaf_memset+0x11c/0x310 [ 31.223728] kunit_try_run_case+0x170/0x3f0 [ 31.223768] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.223813] kthread+0x328/0x630 [ 31.223866] ret_from_fork+0x10/0x20 [ 31.223904] [ 31.223923] The buggy address belongs to the object at fff00000c9b4c180 [ 31.223923] which belongs to the cache kmalloc-64 of size 64 [ 31.223983] The buggy address is located 0 bytes inside of [ 31.223983] freed 64-byte region [fff00000c9b4c180, fff00000c9b4c1c0) [ 31.224046] [ 31.224074] The buggy address belongs to the physical page: [ 31.224122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b4c [ 31.224180] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.224230] page_type: f5(slab) [ 31.224273] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.224324] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.224625] page dumped because: kasan: bad access detected [ 31.225250] [ 31.225305] Memory state around the buggy address: [ 31.225385] fff00000c9b4c080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.225513] fff00000c9b4c100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.225642] >fff00000c9b4c180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.225709] ^ [ 31.226359] fff00000c9b4c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.226536] fff00000c9b4c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.226663] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 31.198652] ================================================================== [ 31.198724] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 31.198870] Read of size 1 at addr fff00000c5a30ca8 by task kunit_try_catch/216 [ 31.198927] [ 31.198984] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.199080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.199107] Hardware name: linux,dummy-virt (DT) [ 31.199307] Call trace: [ 31.199495] show_stack+0x20/0x38 (C) [ 31.199565] dump_stack_lvl+0x8c/0xd0 [ 31.199792] print_report+0x118/0x608 [ 31.200115] kasan_report+0xdc/0x128 [ 31.200186] __asan_report_load1_noabort+0x20/0x30 [ 31.200239] kmalloc_uaf+0x300/0x338 [ 31.200284] kunit_try_run_case+0x170/0x3f0 [ 31.200503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.200975] kthread+0x328/0x630 [ 31.201157] ret_from_fork+0x10/0x20 [ 31.201387] [ 31.201456] Allocated by task 216: [ 31.201494] kasan_save_stack+0x3c/0x68 [ 31.201744] kasan_save_track+0x20/0x40 [ 31.201981] kasan_save_alloc_info+0x40/0x58 [ 31.202045] __kasan_kmalloc+0xd4/0xd8 [ 31.202090] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.202148] kmalloc_uaf+0xb8/0x338 [ 31.202228] kunit_try_run_case+0x170/0x3f0 [ 31.202365] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.202421] kthread+0x328/0x630 [ 31.202463] ret_from_fork+0x10/0x20 [ 31.202499] [ 31.202613] Freed by task 216: [ 31.202693] kasan_save_stack+0x3c/0x68 [ 31.202906] kasan_save_track+0x20/0x40 [ 31.202970] kasan_save_free_info+0x4c/0x78 [ 31.203015] __kasan_slab_free+0x6c/0x98 [ 31.203065] kfree+0x214/0x3c8 [ 31.203099] kmalloc_uaf+0x11c/0x338 [ 31.203163] kunit_try_run_case+0x170/0x3f0 [ 31.203205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.203271] kthread+0x328/0x630 [ 31.203317] ret_from_fork+0x10/0x20 [ 31.203354] [ 31.203388] The buggy address belongs to the object at fff00000c5a30ca0 [ 31.203388] which belongs to the cache kmalloc-16 of size 16 [ 31.203492] The buggy address is located 8 bytes inside of [ 31.203492] freed 16-byte region [fff00000c5a30ca0, fff00000c5a30cb0) [ 31.203567] [ 31.203586] The buggy address belongs to the physical page: [ 31.203629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 31.203701] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.203768] page_type: f5(slab) [ 31.203818] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.203887] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 31.203953] page dumped because: kasan: bad access detected [ 31.203986] [ 31.204014] Memory state around the buggy address: [ 31.204046] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.204101] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.204144] >fff00000c5a30c80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 31.204202] ^ [ 31.204255] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.204858] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.204946] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 31.175165] ================================================================== [ 31.175236] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 31.175296] Read of size 64 at addr fff00000c5a6ae84 by task kunit_try_catch/214 [ 31.175730] [ 31.175781] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.176154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.176244] Hardware name: linux,dummy-virt (DT) [ 31.176301] Call trace: [ 31.176354] show_stack+0x20/0x38 (C) [ 31.176527] dump_stack_lvl+0x8c/0xd0 [ 31.176733] print_report+0x118/0x608 [ 31.176904] kasan_report+0xdc/0x128 [ 31.177026] kasan_check_range+0x100/0x1a8 [ 31.177204] __asan_memmove+0x3c/0x98 [ 31.177560] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 31.177688] kunit_try_run_case+0x170/0x3f0 [ 31.177990] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.178189] kthread+0x328/0x630 [ 31.178652] ret_from_fork+0x10/0x20 [ 31.179045] [ 31.179227] Allocated by task 214: [ 31.179352] kasan_save_stack+0x3c/0x68 [ 31.179605] kasan_save_track+0x20/0x40 [ 31.179830] kasan_save_alloc_info+0x40/0x58 [ 31.179920] __kasan_kmalloc+0xd4/0xd8 [ 31.180174] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.180364] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 31.180581] kunit_try_run_case+0x170/0x3f0 [ 31.180846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.180953] kthread+0x328/0x630 [ 31.181067] ret_from_fork+0x10/0x20 [ 31.181126] [ 31.181177] The buggy address belongs to the object at fff00000c5a6ae80 [ 31.181177] which belongs to the cache kmalloc-64 of size 64 [ 31.181517] The buggy address is located 4 bytes inside of [ 31.181517] allocated 64-byte region [fff00000c5a6ae80, fff00000c5a6aec0) [ 31.181916] [ 31.181961] The buggy address belongs to the physical page: [ 31.182135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a6a [ 31.182195] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.182812] page_type: f5(slab) [ 31.182875] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.183051] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.183397] page dumped because: kasan: bad access detected [ 31.183445] [ 31.183848] Memory state around the buggy address: [ 31.183910] fff00000c5a6ad80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 31.184082] fff00000c5a6ae00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.184336] >fff00000c5a6ae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.184466] ^ [ 31.184591] fff00000c5a6af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.184684] fff00000c5a6af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.184724] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 31.158097] ================================================================== [ 31.158169] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.158230] Read of size 18446744073709551614 at addr fff00000c5a6ac84 by task kunit_try_catch/212 [ 31.158311] [ 31.158346] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.158801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.158947] Hardware name: linux,dummy-virt (DT) [ 31.158989] Call trace: [ 31.159032] show_stack+0x20/0x38 (C) [ 31.159084] dump_stack_lvl+0x8c/0xd0 [ 31.159145] print_report+0x118/0x608 [ 31.159191] kasan_report+0xdc/0x128 [ 31.159236] kasan_check_range+0x100/0x1a8 [ 31.159600] __asan_memmove+0x3c/0x98 [ 31.159670] kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.159723] kunit_try_run_case+0x170/0x3f0 [ 31.159785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.159851] kthread+0x328/0x630 [ 31.159891] ret_from_fork+0x10/0x20 [ 31.160330] [ 31.160413] Allocated by task 212: [ 31.160473] kasan_save_stack+0x3c/0x68 [ 31.160608] kasan_save_track+0x20/0x40 [ 31.160652] kasan_save_alloc_info+0x40/0x58 [ 31.160696] __kasan_kmalloc+0xd4/0xd8 [ 31.161003] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.161209] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 31.161549] kunit_try_run_case+0x170/0x3f0 [ 31.161622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.161823] kthread+0x328/0x630 [ 31.162142] ret_from_fork+0x10/0x20 [ 31.162289] [ 31.162474] The buggy address belongs to the object at fff00000c5a6ac80 [ 31.162474] which belongs to the cache kmalloc-64 of size 64 [ 31.162669] The buggy address is located 4 bytes inside of [ 31.162669] 64-byte region [fff00000c5a6ac80, fff00000c5a6acc0) [ 31.162901] [ 31.163100] The buggy address belongs to the physical page: [ 31.163182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a6a [ 31.163431] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.163657] page_type: f5(slab) [ 31.163728] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.163866] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.164054] page dumped because: kasan: bad access detected [ 31.164114] [ 31.164218] Memory state around the buggy address: [ 31.164252] fff00000c5a6ab80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 31.164440] fff00000c5a6ac00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.164683] >fff00000c5a6ac80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.164830] ^ [ 31.164997] fff00000c5a6ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.165052] fff00000c5a6ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.165233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 31.135305] ================================================================== [ 31.135410] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 31.135469] Write of size 16 at addr fff00000c9ae3369 by task kunit_try_catch/210 [ 31.135519] [ 31.135563] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.135649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.135674] Hardware name: linux,dummy-virt (DT) [ 31.135705] Call trace: [ 31.135727] show_stack+0x20/0x38 (C) [ 31.135775] dump_stack_lvl+0x8c/0xd0 [ 31.135824] print_report+0x118/0x608 [ 31.135882] kasan_report+0xdc/0x128 [ 31.135936] kasan_check_range+0x100/0x1a8 [ 31.135984] __asan_memset+0x34/0x78 [ 31.136026] kmalloc_oob_memset_16+0x150/0x2f8 [ 31.136083] kunit_try_run_case+0x170/0x3f0 [ 31.136133] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.136186] kthread+0x328/0x630 [ 31.136226] ret_from_fork+0x10/0x20 [ 31.136273] [ 31.136291] Allocated by task 210: [ 31.136637] kasan_save_stack+0x3c/0x68 [ 31.136690] kasan_save_track+0x20/0x40 [ 31.136728] kasan_save_alloc_info+0x40/0x58 [ 31.136772] __kasan_kmalloc+0xd4/0xd8 [ 31.136810] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.136865] kmalloc_oob_memset_16+0xb0/0x2f8 [ 31.137240] kunit_try_run_case+0x170/0x3f0 [ 31.137590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.138104] kthread+0x328/0x630 [ 31.138406] ret_from_fork+0x10/0x20 [ 31.138516] [ 31.138622] The buggy address belongs to the object at fff00000c9ae3300 [ 31.138622] which belongs to the cache kmalloc-128 of size 128 [ 31.138988] The buggy address is located 105 bytes inside of [ 31.138988] allocated 120-byte region [fff00000c9ae3300, fff00000c9ae3378) [ 31.139166] [ 31.139186] The buggy address belongs to the physical page: [ 31.139355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.139581] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.139952] page_type: f5(slab) [ 31.140204] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.140296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.140520] page dumped because: kasan: bad access detected [ 31.140807] [ 31.141005] Memory state around the buggy address: [ 31.141070] fff00000c9ae3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.141130] fff00000c9ae3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.141615] >fff00000c9ae3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.141868] ^ [ 31.142054] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.142426] fff00000c9ae3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.142545] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 31.114949] ================================================================== [ 31.115061] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 31.115374] Write of size 8 at addr fff00000c9ae3271 by task kunit_try_catch/208 [ 31.115427] [ 31.115461] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.115639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.115697] Hardware name: linux,dummy-virt (DT) [ 31.115731] Call trace: [ 31.115884] show_stack+0x20/0x38 (C) [ 31.115942] dump_stack_lvl+0x8c/0xd0 [ 31.116314] print_report+0x118/0x608 [ 31.116376] kasan_report+0xdc/0x128 [ 31.116430] kasan_check_range+0x100/0x1a8 [ 31.116479] __asan_memset+0x34/0x78 [ 31.116523] kmalloc_oob_memset_8+0x150/0x2f8 [ 31.116569] kunit_try_run_case+0x170/0x3f0 [ 31.117088] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.117213] kthread+0x328/0x630 [ 31.117348] ret_from_fork+0x10/0x20 [ 31.117537] [ 31.117559] Allocated by task 208: [ 31.117587] kasan_save_stack+0x3c/0x68 [ 31.117809] kasan_save_track+0x20/0x40 [ 31.118017] kasan_save_alloc_info+0x40/0x58 [ 31.118162] __kasan_kmalloc+0xd4/0xd8 [ 31.118331] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.118633] kmalloc_oob_memset_8+0xb0/0x2f8 [ 31.118782] kunit_try_run_case+0x170/0x3f0 [ 31.118981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.119116] kthread+0x328/0x630 [ 31.119264] ret_from_fork+0x10/0x20 [ 31.119467] [ 31.119491] The buggy address belongs to the object at fff00000c9ae3200 [ 31.119491] which belongs to the cache kmalloc-128 of size 128 [ 31.119580] The buggy address is located 113 bytes inside of [ 31.119580] allocated 120-byte region [fff00000c9ae3200, fff00000c9ae3278) [ 31.119829] [ 31.119884] The buggy address belongs to the physical page: [ 31.120112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.120205] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.120360] page_type: f5(slab) [ 31.120428] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.120505] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.120721] page dumped because: kasan: bad access detected [ 31.120854] [ 31.121007] Memory state around the buggy address: [ 31.121183] fff00000c9ae3100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.121319] fff00000c9ae3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.121445] >fff00000c9ae3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.121712] ^ [ 31.122000] fff00000c9ae3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.122103] fff00000c9ae3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.122209] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 31.094543] ================================================================== [ 31.094621] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 31.094677] Write of size 4 at addr fff00000c9ae3175 by task kunit_try_catch/206 [ 31.094733] [ 31.094766] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.094865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.094894] Hardware name: linux,dummy-virt (DT) [ 31.094924] Call trace: [ 31.094954] show_stack+0x20/0x38 (C) [ 31.095002] dump_stack_lvl+0x8c/0xd0 [ 31.095052] print_report+0x118/0x608 [ 31.095101] kasan_report+0xdc/0x128 [ 31.095146] kasan_check_range+0x100/0x1a8 [ 31.095201] __asan_memset+0x34/0x78 [ 31.095244] kmalloc_oob_memset_4+0x150/0x300 [ 31.095300] kunit_try_run_case+0x170/0x3f0 [ 31.095357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.095411] kthread+0x328/0x630 [ 31.095459] ret_from_fork+0x10/0x20 [ 31.095506] [ 31.095525] Allocated by task 206: [ 31.095560] kasan_save_stack+0x3c/0x68 [ 31.095602] kasan_save_track+0x20/0x40 [ 31.095646] kasan_save_alloc_info+0x40/0x58 [ 31.095692] __kasan_kmalloc+0xd4/0xd8 [ 31.095739] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.095781] kmalloc_oob_memset_4+0xb0/0x300 [ 31.095827] kunit_try_run_case+0x170/0x3f0 [ 31.096021] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.096453] kthread+0x328/0x630 [ 31.096493] ret_from_fork+0x10/0x20 [ 31.096649] [ 31.096782] The buggy address belongs to the object at fff00000c9ae3100 [ 31.096782] which belongs to the cache kmalloc-128 of size 128 [ 31.096892] The buggy address is located 117 bytes inside of [ 31.096892] allocated 120-byte region [fff00000c9ae3100, fff00000c9ae3178) [ 31.097341] [ 31.097406] The buggy address belongs to the physical page: [ 31.097903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.098291] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.098360] page_type: f5(slab) [ 31.098702] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.098824] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.099043] page dumped because: kasan: bad access detected [ 31.099219] [ 31.099399] Memory state around the buggy address: [ 31.099539] fff00000c9ae3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.099605] fff00000c9ae3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.099809] >fff00000c9ae3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.100070] ^ [ 31.100175] fff00000c9ae3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.100235] fff00000c9ae3200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.100584] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 31.079003] ================================================================== [ 31.079064] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 31.079120] Write of size 2 at addr fff00000c9ae3077 by task kunit_try_catch/204 [ 31.079242] [ 31.079288] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.079778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.079964] Hardware name: linux,dummy-virt (DT) [ 31.080052] Call trace: [ 31.080077] show_stack+0x20/0x38 (C) [ 31.080130] dump_stack_lvl+0x8c/0xd0 [ 31.080240] print_report+0x118/0x608 [ 31.080330] kasan_report+0xdc/0x128 [ 31.080412] kasan_check_range+0x100/0x1a8 [ 31.080762] __asan_memset+0x34/0x78 [ 31.080973] kmalloc_oob_memset_2+0x150/0x2f8 [ 31.081127] kunit_try_run_case+0x170/0x3f0 [ 31.081262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.081321] kthread+0x328/0x630 [ 31.081890] ret_from_fork+0x10/0x20 [ 31.082117] [ 31.082294] Allocated by task 204: [ 31.082399] kasan_save_stack+0x3c/0x68 [ 31.082621] kasan_save_track+0x20/0x40 [ 31.082916] kasan_save_alloc_info+0x40/0x58 [ 31.083064] __kasan_kmalloc+0xd4/0xd8 [ 31.083255] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.083398] kmalloc_oob_memset_2+0xb0/0x2f8 [ 31.083449] kunit_try_run_case+0x170/0x3f0 [ 31.083488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.083533] kthread+0x328/0x630 [ 31.083566] ret_from_fork+0x10/0x20 [ 31.083603] [ 31.083633] The buggy address belongs to the object at fff00000c9ae3000 [ 31.083633] which belongs to the cache kmalloc-128 of size 128 [ 31.083692] The buggy address is located 119 bytes inside of [ 31.083692] allocated 120-byte region [fff00000c9ae3000, fff00000c9ae3078) [ 31.083761] [ 31.083781] The buggy address belongs to the physical page: [ 31.083811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.083877] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.083940] page_type: f5(slab) [ 31.083989] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.084038] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.084092] page dumped because: kasan: bad access detected [ 31.084136] [ 31.084154] Memory state around the buggy address: [ 31.084190] fff00000c9ae2f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.084247] fff00000c9ae2f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.084288] >fff00000c9ae3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.084351] ^ [ 31.084944] fff00000c9ae3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.085027] fff00000c9ae3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.085093] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 31.060204] ================================================================== [ 31.060317] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 31.060425] Write of size 128 at addr fff00000c58aff00 by task kunit_try_catch/202 [ 31.060779] [ 31.060974] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.061140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.061496] Hardware name: linux,dummy-virt (DT) [ 31.061711] Call trace: [ 31.061809] show_stack+0x20/0x38 (C) [ 31.061875] dump_stack_lvl+0x8c/0xd0 [ 31.062404] print_report+0x118/0x608 [ 31.062594] kasan_report+0xdc/0x128 [ 31.062799] kasan_check_range+0x100/0x1a8 [ 31.062945] __asan_memset+0x34/0x78 [ 31.063000] kmalloc_oob_in_memset+0x144/0x2d0 [ 31.063343] kunit_try_run_case+0x170/0x3f0 [ 31.063510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.063655] kthread+0x328/0x630 [ 31.063700] ret_from_fork+0x10/0x20 [ 31.063948] [ 31.064015] Allocated by task 202: [ 31.064165] kasan_save_stack+0x3c/0x68 [ 31.064400] kasan_save_track+0x20/0x40 [ 31.064636] kasan_save_alloc_info+0x40/0x58 [ 31.064813] __kasan_kmalloc+0xd4/0xd8 [ 31.065004] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.065441] kmalloc_oob_in_memset+0xb0/0x2d0 [ 31.065502] kunit_try_run_case+0x170/0x3f0 [ 31.065668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.065867] kthread+0x328/0x630 [ 31.066008] ret_from_fork+0x10/0x20 [ 31.066388] [ 31.066432] The buggy address belongs to the object at fff00000c58aff00 [ 31.066432] which belongs to the cache kmalloc-128 of size 128 [ 31.066494] The buggy address is located 0 bytes inside of [ 31.066494] allocated 120-byte region [fff00000c58aff00, fff00000c58aff78) [ 31.066602] [ 31.066629] The buggy address belongs to the physical page: [ 31.066663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 31.066725] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.066774] page_type: f5(slab) [ 31.066814] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.066874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.066924] page dumped because: kasan: bad access detected [ 31.066954] [ 31.066973] Memory state around the buggy address: [ 31.067011] fff00000c58afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.067057] fff00000c58afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.067097] >fff00000c58aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.067134] ^ [ 31.067183] fff00000c58aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.067226] fff00000c58b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 31.067263] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 31.037971] ================================================================== [ 31.038325] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 31.039003] Read of size 16 at addr fff00000c5a30c80 by task kunit_try_catch/200 [ 31.039307] [ 31.039415] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.039588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.039633] Hardware name: linux,dummy-virt (DT) [ 31.039723] Call trace: [ 31.039773] show_stack+0x20/0x38 (C) [ 31.039896] dump_stack_lvl+0x8c/0xd0 [ 31.039946] print_report+0x118/0x608 [ 31.039993] kasan_report+0xdc/0x128 [ 31.040039] __asan_report_load16_noabort+0x20/0x30 [ 31.040358] kmalloc_uaf_16+0x3bc/0x438 [ 31.040561] kunit_try_run_case+0x170/0x3f0 [ 31.040674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.040848] kthread+0x328/0x630 [ 31.040895] ret_from_fork+0x10/0x20 [ 31.040956] [ 31.040974] Allocated by task 200: [ 31.041002] kasan_save_stack+0x3c/0x68 [ 31.041045] kasan_save_track+0x20/0x40 [ 31.041083] kasan_save_alloc_info+0x40/0x58 [ 31.041492] __kasan_kmalloc+0xd4/0xd8 [ 31.041666] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.041805] kmalloc_uaf_16+0x140/0x438 [ 31.041981] kunit_try_run_case+0x170/0x3f0 [ 31.042155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.042357] kthread+0x328/0x630 [ 31.042489] ret_from_fork+0x10/0x20 [ 31.042584] [ 31.042762] Freed by task 200: [ 31.042879] kasan_save_stack+0x3c/0x68 [ 31.043051] kasan_save_track+0x20/0x40 [ 31.043088] kasan_save_free_info+0x4c/0x78 [ 31.043158] __kasan_slab_free+0x6c/0x98 [ 31.043531] kfree+0x214/0x3c8 [ 31.043739] kmalloc_uaf_16+0x190/0x438 [ 31.043844] kunit_try_run_case+0x170/0x3f0 [ 31.043914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.044098] kthread+0x328/0x630 [ 31.044332] ret_from_fork+0x10/0x20 [ 31.044554] [ 31.044716] The buggy address belongs to the object at fff00000c5a30c80 [ 31.044716] which belongs to the cache kmalloc-16 of size 16 [ 31.044885] The buggy address is located 0 bytes inside of [ 31.044885] freed 16-byte region [fff00000c5a30c80, fff00000c5a30c90) [ 31.045059] [ 31.045108] The buggy address belongs to the physical page: [ 31.045141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 31.045204] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.045253] page_type: f5(slab) [ 31.045680] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.045861] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 31.046196] page dumped because: kasan: bad access detected [ 31.046248] [ 31.046268] Memory state around the buggy address: [ 31.046614] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.046738] fff00000c5a30c00: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.046889] >fff00000c5a30c80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.046935] ^ [ 31.047298] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.047391] fff00000c5a30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.047583] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 31.022599] ================================================================== [ 31.022672] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 31.022887] Write of size 16 at addr fff00000c5a30c40 by task kunit_try_catch/198 [ 31.022938] [ 31.022968] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.023051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.023094] Hardware name: linux,dummy-virt (DT) [ 31.023127] Call trace: [ 31.023149] show_stack+0x20/0x38 (C) [ 31.023197] dump_stack_lvl+0x8c/0xd0 [ 31.023246] print_report+0x118/0x608 [ 31.023292] kasan_report+0xdc/0x128 [ 31.023337] __asan_report_store16_noabort+0x20/0x30 [ 31.023386] kmalloc_oob_16+0x3a0/0x3f8 [ 31.023449] kunit_try_run_case+0x170/0x3f0 [ 31.023501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.023556] kthread+0x328/0x630 [ 31.023608] ret_from_fork+0x10/0x20 [ 31.023665] [ 31.023684] Allocated by task 198: [ 31.023711] kasan_save_stack+0x3c/0x68 [ 31.023754] kasan_save_track+0x20/0x40 [ 31.023795] kasan_save_alloc_info+0x40/0x58 [ 31.023832] __kasan_kmalloc+0xd4/0xd8 [ 31.024448] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.024533] kmalloc_oob_16+0xb4/0x3f8 [ 31.024749] kunit_try_run_case+0x170/0x3f0 [ 31.025206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.025570] kthread+0x328/0x630 [ 31.025665] ret_from_fork+0x10/0x20 [ 31.025705] [ 31.025752] The buggy address belongs to the object at fff00000c5a30c40 [ 31.025752] which belongs to the cache kmalloc-16 of size 16 [ 31.025944] The buggy address is located 0 bytes inside of [ 31.025944] allocated 13-byte region [fff00000c5a30c40, fff00000c5a30c4d) [ 31.026167] [ 31.026483] The buggy address belongs to the physical page: [ 31.026604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 31.026688] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.026737] page_type: f5(slab) [ 31.027087] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 31.027154] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 31.027250] page dumped because: kasan: bad access detected [ 31.027319] [ 31.027338] Memory state around the buggy address: [ 31.027611] fff00000c5a30b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.027824] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.027896] >fff00000c5a30c00: 00 04 fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 31.028011] ^ [ 31.028066] fff00000c5a30c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.028428] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.028621] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 31.001399] ================================================================== [ 31.001463] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 31.001520] Read of size 1 at addr fff00000c872c800 by task kunit_try_catch/196 [ 31.001869] [ 31.001981] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.002328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.002445] Hardware name: linux,dummy-virt (DT) [ 31.002489] Call trace: [ 31.002553] show_stack+0x20/0x38 (C) [ 31.002655] dump_stack_lvl+0x8c/0xd0 [ 31.002708] print_report+0x118/0x608 [ 31.002755] kasan_report+0xdc/0x128 [ 31.002898] __asan_report_load1_noabort+0x20/0x30 [ 31.002955] krealloc_uaf+0x4c8/0x520 [ 31.003135] kunit_try_run_case+0x170/0x3f0 [ 31.003201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.003405] kthread+0x328/0x630 [ 31.003499] ret_from_fork+0x10/0x20 [ 31.003565] [ 31.003584] Allocated by task 196: [ 31.003611] kasan_save_stack+0x3c/0x68 [ 31.003827] kasan_save_track+0x20/0x40 [ 31.004076] kasan_save_alloc_info+0x40/0x58 [ 31.004170] __kasan_kmalloc+0xd4/0xd8 [ 31.004531] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.004720] krealloc_uaf+0xc8/0x520 [ 31.004919] kunit_try_run_case+0x170/0x3f0 [ 31.005016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.005132] kthread+0x328/0x630 [ 31.005189] ret_from_fork+0x10/0x20 [ 31.005250] [ 31.005269] Freed by task 196: [ 31.005295] kasan_save_stack+0x3c/0x68 [ 31.005333] kasan_save_track+0x20/0x40 [ 31.005370] kasan_save_free_info+0x4c/0x78 [ 31.005666] __kasan_slab_free+0x6c/0x98 [ 31.005811] kfree+0x214/0x3c8 [ 31.005940] krealloc_uaf+0x12c/0x520 [ 31.006082] kunit_try_run_case+0x170/0x3f0 [ 31.006268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.006366] kthread+0x328/0x630 [ 31.006405] ret_from_fork+0x10/0x20 [ 31.006764] [ 31.006814] The buggy address belongs to the object at fff00000c872c800 [ 31.006814] which belongs to the cache kmalloc-256 of size 256 [ 31.007060] The buggy address is located 0 bytes inside of [ 31.007060] freed 256-byte region [fff00000c872c800, fff00000c872c900) [ 31.007408] [ 31.007463] The buggy address belongs to the physical page: [ 31.007675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 31.007859] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.008032] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.008151] page_type: f5(slab) [ 31.008525] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 31.008585] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.008680] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 31.008731] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.008898] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 31.009136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 31.009272] page dumped because: kasan: bad access detected [ 31.009430] [ 31.009502] Memory state around the buggy address: [ 31.009654] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.009728] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.009769] >fff00000c872c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.009847] ^ [ 31.010183] fff00000c872c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.010349] fff00000c872c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.010513] ================================================================== [ 30.987935] ================================================================== [ 30.988119] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 30.988179] Read of size 1 at addr fff00000c872c800 by task kunit_try_catch/196 [ 30.988612] [ 30.988681] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.988902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.989036] Hardware name: linux,dummy-virt (DT) [ 30.989119] Call trace: [ 30.989142] show_stack+0x20/0x38 (C) [ 30.989201] dump_stack_lvl+0x8c/0xd0 [ 30.989397] print_report+0x118/0x608 [ 30.989635] kasan_report+0xdc/0x128 [ 30.989790] __kasan_check_byte+0x54/0x70 [ 30.990078] krealloc_noprof+0x44/0x360 [ 30.990688] krealloc_uaf+0x180/0x520 [ 30.990987] kunit_try_run_case+0x170/0x3f0 [ 30.991249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.991582] kthread+0x328/0x630 [ 30.991752] ret_from_fork+0x10/0x20 [ 30.991889] [ 30.991910] Allocated by task 196: [ 30.992112] kasan_save_stack+0x3c/0x68 [ 30.992295] kasan_save_track+0x20/0x40 [ 30.992380] kasan_save_alloc_info+0x40/0x58 [ 30.992555] __kasan_kmalloc+0xd4/0xd8 [ 30.992868] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.992996] krealloc_uaf+0xc8/0x520 [ 30.993142] kunit_try_run_case+0x170/0x3f0 [ 30.993281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.993436] kthread+0x328/0x630 [ 30.993517] ret_from_fork+0x10/0x20 [ 30.993555] [ 30.993598] Freed by task 196: [ 30.993638] kasan_save_stack+0x3c/0x68 [ 30.993829] kasan_save_track+0x20/0x40 [ 30.994155] kasan_save_free_info+0x4c/0x78 [ 30.994238] __kasan_slab_free+0x6c/0x98 [ 30.994443] kfree+0x214/0x3c8 [ 30.994729] krealloc_uaf+0x12c/0x520 [ 30.994852] kunit_try_run_case+0x170/0x3f0 [ 30.994896] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.995419] kthread+0x328/0x630 [ 30.995545] ret_from_fork+0x10/0x20 [ 30.995777] [ 30.996023] The buggy address belongs to the object at fff00000c872c800 [ 30.996023] which belongs to the cache kmalloc-256 of size 256 [ 30.996562] The buggy address is located 0 bytes inside of [ 30.996562] freed 256-byte region [fff00000c872c800, fff00000c872c900) [ 30.996757] [ 30.996824] The buggy address belongs to the physical page: [ 30.996988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.997194] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.997320] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.997427] page_type: f5(slab) [ 30.997636] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.998005] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.998080] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.998243] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.998305] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.998545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.998604] page dumped because: kasan: bad access detected [ 30.998635] [ 30.998918] Memory state around the buggy address: [ 30.999097] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.999169] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.999317] >fff00000c872c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.999507] ^ [ 30.999576] fff00000c872c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.999772] fff00000c872c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.000219] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 30.958434] ================================================================== [ 30.958888] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.958959] Write of size 1 at addr fff00000c9bc60da by task kunit_try_catch/194 [ 30.959095] [ 30.959213] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.959352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.959378] Hardware name: linux,dummy-virt (DT) [ 30.959446] Call trace: [ 30.959716] show_stack+0x20/0x38 (C) [ 30.960229] dump_stack_lvl+0x8c/0xd0 [ 30.960615] print_report+0x118/0x608 [ 30.960738] kasan_report+0xdc/0x128 [ 30.960788] __asan_report_store1_noabort+0x20/0x30 [ 30.960852] krealloc_less_oob_helper+0xa80/0xc50 [ 30.961103] krealloc_large_less_oob+0x20/0x38 [ 30.961244] kunit_try_run_case+0x170/0x3f0 [ 30.961655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.962206] kthread+0x328/0x630 [ 30.962400] ret_from_fork+0x10/0x20 [ 30.963229] [ 30.963511] The buggy address belongs to the physical page: [ 30.963641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.963814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.963942] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.964091] page_type: f8(unknown) [ 30.964147] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.964215] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.964566] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.964645] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.964949] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.965140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.965225] page dumped because: kasan: bad access detected [ 30.965359] [ 30.965378] Memory state around the buggy address: [ 30.965410] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.965613] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.965739] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.966016] ^ [ 30.966227] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.966276] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.966472] ================================================================== [ 30.950379] ================================================================== [ 30.950425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.950478] Write of size 1 at addr fff00000c9bc60d0 by task kunit_try_catch/194 [ 30.950864] [ 30.950979] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.951208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.951236] Hardware name: linux,dummy-virt (DT) [ 30.951270] Call trace: [ 30.951297] show_stack+0x20/0x38 (C) [ 30.951585] dump_stack_lvl+0x8c/0xd0 [ 30.951910] print_report+0x118/0x608 [ 30.951968] kasan_report+0xdc/0x128 [ 30.952176] __asan_report_store1_noabort+0x20/0x30 [ 30.952256] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.952583] krealloc_large_less_oob+0x20/0x38 [ 30.952746] kunit_try_run_case+0x170/0x3f0 [ 30.952923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.953051] kthread+0x328/0x630 [ 30.953124] ret_from_fork+0x10/0x20 [ 30.953511] [ 30.953630] The buggy address belongs to the physical page: [ 30.953707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.953852] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.954139] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.954379] page_type: f8(unknown) [ 30.954580] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.954745] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.954853] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.954974] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.955311] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.955506] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.955616] page dumped because: kasan: bad access detected [ 30.955763] [ 30.955881] Memory state around the buggy address: [ 30.955916] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.956194] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.956423] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.956482] ^ [ 30.956879] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.957104] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.957215] ================================================================== [ 30.973750] ================================================================== [ 30.973797] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.973860] Write of size 1 at addr fff00000c9bc60eb by task kunit_try_catch/194 [ 30.974028] [ 30.974106] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.974474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.974530] Hardware name: linux,dummy-virt (DT) [ 30.974566] Call trace: [ 30.974615] show_stack+0x20/0x38 (C) [ 30.974796] dump_stack_lvl+0x8c/0xd0 [ 30.974874] print_report+0x118/0x608 [ 30.975000] kasan_report+0xdc/0x128 [ 30.975086] __asan_report_store1_noabort+0x20/0x30 [ 30.975141] krealloc_less_oob_helper+0xa58/0xc50 [ 30.975198] krealloc_large_less_oob+0x20/0x38 [ 30.975515] kunit_try_run_case+0x170/0x3f0 [ 30.975645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.975732] kthread+0x328/0x630 [ 30.975777] ret_from_fork+0x10/0x20 [ 30.975975] [ 30.976155] The buggy address belongs to the physical page: [ 30.976205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.976315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.976412] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.976568] page_type: f8(unknown) [ 30.976625] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.976677] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.976737] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.977106] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.977270] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.977423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.977519] page dumped because: kasan: bad access detected [ 30.977615] [ 30.977756] Memory state around the buggy address: [ 30.977887] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.977971] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.978301] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.978371] ^ [ 30.978474] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.978568] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.978734] ================================================================== [ 30.898401] ================================================================== [ 30.898444] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 30.898509] Write of size 1 at addr fff00000c872c6eb by task kunit_try_catch/190 [ 30.898559] [ 30.898594] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.898675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.898700] Hardware name: linux,dummy-virt (DT) [ 30.898752] Call trace: [ 30.898781] show_stack+0x20/0x38 (C) [ 30.899670] dump_stack_lvl+0x8c/0xd0 [ 30.899742] print_report+0x118/0x608 [ 30.899814] kasan_report+0xdc/0x128 [ 30.900047] __asan_report_store1_noabort+0x20/0x30 [ 30.900122] krealloc_less_oob_helper+0xa58/0xc50 [ 30.900345] krealloc_less_oob+0x20/0x38 [ 30.900579] kunit_try_run_case+0x170/0x3f0 [ 30.900856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.901125] kthread+0x328/0x630 [ 30.901234] ret_from_fork+0x10/0x20 [ 30.901660] [ 30.901785] Allocated by task 190: [ 30.901977] kasan_save_stack+0x3c/0x68 [ 30.902106] kasan_save_track+0x20/0x40 [ 30.902295] kasan_save_alloc_info+0x40/0x58 [ 30.902335] __kasan_krealloc+0x118/0x178 [ 30.902573] krealloc_noprof+0x128/0x360 [ 30.902880] krealloc_less_oob_helper+0x168/0xc50 [ 30.903137] krealloc_less_oob+0x20/0x38 [ 30.903323] kunit_try_run_case+0x170/0x3f0 [ 30.903385] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.903497] kthread+0x328/0x630 [ 30.903600] ret_from_fork+0x10/0x20 [ 30.903945] [ 30.904250] The buggy address belongs to the object at fff00000c872c600 [ 30.904250] which belongs to the cache kmalloc-256 of size 256 [ 30.904381] The buggy address is located 34 bytes to the right of [ 30.904381] allocated 201-byte region [fff00000c872c600, fff00000c872c6c9) [ 30.904513] [ 30.904545] The buggy address belongs to the physical page: [ 30.904633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.904691] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.904983] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.905226] page_type: f5(slab) [ 30.905396] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.905501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.905633] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.905701] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.905825] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.906188] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.906258] page dumped because: kasan: bad access detected [ 30.906289] [ 30.907053] Memory state around the buggy address: [ 30.907116] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.907170] fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.907237] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.907312] ^ [ 30.907888] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.908187] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.908234] ================================================================== [ 30.872366] ================================================================== [ 30.872540] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 30.872696] Write of size 1 at addr fff00000c872c6d0 by task kunit_try_catch/190 [ 30.872945] [ 30.872983] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.873320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.873425] Hardware name: linux,dummy-virt (DT) [ 30.873564] Call trace: [ 30.873623] show_stack+0x20/0x38 (C) [ 30.873977] dump_stack_lvl+0x8c/0xd0 [ 30.874111] print_report+0x118/0x608 [ 30.874344] kasan_report+0xdc/0x128 [ 30.874561] __asan_report_store1_noabort+0x20/0x30 [ 30.874628] krealloc_less_oob_helper+0xb9c/0xc50 [ 30.874797] krealloc_less_oob+0x20/0x38 [ 30.875001] kunit_try_run_case+0x170/0x3f0 [ 30.875219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.875482] kthread+0x328/0x630 [ 30.875576] ret_from_fork+0x10/0x20 [ 30.876108] [ 30.876143] Allocated by task 190: [ 30.876316] kasan_save_stack+0x3c/0x68 [ 30.876627] kasan_save_track+0x20/0x40 [ 30.876679] kasan_save_alloc_info+0x40/0x58 [ 30.877018] __kasan_krealloc+0x118/0x178 [ 30.877090] krealloc_noprof+0x128/0x360 [ 30.877285] krealloc_less_oob_helper+0x168/0xc50 [ 30.877511] krealloc_less_oob+0x20/0x38 [ 30.877699] kunit_try_run_case+0x170/0x3f0 [ 30.877784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.877988] kthread+0x328/0x630 [ 30.878071] ret_from_fork+0x10/0x20 [ 30.878488] [ 30.878534] The buggy address belongs to the object at fff00000c872c600 [ 30.878534] which belongs to the cache kmalloc-256 of size 256 [ 30.878615] The buggy address is located 7 bytes to the right of [ 30.878615] allocated 201-byte region [fff00000c872c600, fff00000c872c6c9) [ 30.878998] [ 30.879051] The buggy address belongs to the physical page: [ 30.879156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.879249] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.879343] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.879463] page_type: f5(slab) [ 30.880127] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.880282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.880337] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.880573] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.880629] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.880678] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.880861] page dumped because: kasan: bad access detected [ 30.881005] [ 30.881104] Memory state around the buggy address: [ 30.881529] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881617] fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.881735] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.882019] ^ [ 30.882196] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.882249] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.882287] ================================================================== [ 30.863635] ================================================================== [ 30.863699] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.863760] Write of size 1 at addr fff00000c872c6c9 by task kunit_try_catch/190 [ 30.864057] [ 30.864239] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.864345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.864419] Hardware name: linux,dummy-virt (DT) [ 30.864591] Call trace: [ 30.864615] show_stack+0x20/0x38 (C) [ 30.864804] dump_stack_lvl+0x8c/0xd0 [ 30.865094] print_report+0x118/0x608 [ 30.865302] kasan_report+0xdc/0x128 [ 30.865465] __asan_report_store1_noabort+0x20/0x30 [ 30.865631] krealloc_less_oob_helper+0xa48/0xc50 [ 30.865905] krealloc_less_oob+0x20/0x38 [ 30.866092] kunit_try_run_case+0x170/0x3f0 [ 30.866220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.866306] kthread+0x328/0x630 [ 30.866365] ret_from_fork+0x10/0x20 [ 30.866414] [ 30.866432] Allocated by task 190: [ 30.866469] kasan_save_stack+0x3c/0x68 [ 30.866514] kasan_save_track+0x20/0x40 [ 30.866573] kasan_save_alloc_info+0x40/0x58 [ 30.866611] __kasan_krealloc+0x118/0x178 [ 30.866659] krealloc_noprof+0x128/0x360 [ 30.866713] krealloc_less_oob_helper+0x168/0xc50 [ 30.866762] krealloc_less_oob+0x20/0x38 [ 30.866799] kunit_try_run_case+0x170/0x3f0 [ 30.866856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.866908] kthread+0x328/0x630 [ 30.866941] ret_from_fork+0x10/0x20 [ 30.866998] [ 30.867018] The buggy address belongs to the object at fff00000c872c600 [ 30.867018] which belongs to the cache kmalloc-256 of size 256 [ 30.867080] The buggy address is located 0 bytes to the right of [ 30.867080] allocated 201-byte region [fff00000c872c600, fff00000c872c6c9) [ 30.867148] [ 30.867168] The buggy address belongs to the physical page: [ 30.867200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.867251] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.867307] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.867367] page_type: f5(slab) [ 30.867407] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.867458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.867514] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.867570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.867629] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.867685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.867733] page dumped because: kasan: bad access detected [ 30.867770] [ 30.867787] Memory state around the buggy address: [ 30.867827] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.868143] fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.868402] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.868448] ^ [ 30.868847] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.869422] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.869722] ================================================================== [ 30.893295] ================================================================== [ 30.893441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.893499] Write of size 1 at addr fff00000c872c6ea by task kunit_try_catch/190 [ 30.893654] [ 30.893854] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.893943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.894129] Hardware name: linux,dummy-virt (DT) [ 30.894419] Call trace: [ 30.894454] show_stack+0x20/0x38 (C) [ 30.894516] dump_stack_lvl+0x8c/0xd0 [ 30.894649] print_report+0x118/0x608 [ 30.894735] kasan_report+0xdc/0x128 [ 30.895054] __asan_report_store1_noabort+0x20/0x30 [ 30.895253] krealloc_less_oob_helper+0xae4/0xc50 [ 30.895365] krealloc_less_oob+0x20/0x38 [ 30.895432] kunit_try_run_case+0x170/0x3f0 [ 30.895551] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.895665] kthread+0x328/0x630 [ 30.895774] ret_from_fork+0x10/0x20 [ 30.895825] [ 30.895980] Allocated by task 190: [ 30.896175] kasan_save_stack+0x3c/0x68 [ 30.896287] kasan_save_track+0x20/0x40 [ 30.896423] kasan_save_alloc_info+0x40/0x58 [ 30.896477] __kasan_krealloc+0x118/0x178 [ 30.896638] krealloc_noprof+0x128/0x360 [ 30.896691] krealloc_less_oob_helper+0x168/0xc50 [ 30.896732] krealloc_less_oob+0x20/0x38 [ 30.896769] kunit_try_run_case+0x170/0x3f0 [ 30.896807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.896912] kthread+0x328/0x630 [ 30.896961] ret_from_fork+0x10/0x20 [ 30.897012] [ 30.897031] The buggy address belongs to the object at fff00000c872c600 [ 30.897031] which belongs to the cache kmalloc-256 of size 256 [ 30.897098] The buggy address is located 33 bytes to the right of [ 30.897098] allocated 201-byte region [fff00000c872c600, fff00000c872c6c9) [ 30.897163] [ 30.897181] The buggy address belongs to the physical page: [ 30.897219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.897280] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.897334] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.897392] page_type: f5(slab) [ 30.897430] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.897493] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.897544] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.897615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.897672] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.897730] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.897774] page dumped because: kasan: bad access detected [ 30.897803] [ 30.897821] Memory state around the buggy address: [ 30.897866] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.897916] fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.897982] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.898033] ^ [ 30.898069] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.898111] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.898163] ================================================================== [ 30.967160] ================================================================== [ 30.967217] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 30.967270] Write of size 1 at addr fff00000c9bc60ea by task kunit_try_catch/194 [ 30.967318] [ 30.967348] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.967430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.967468] Hardware name: linux,dummy-virt (DT) [ 30.967500] Call trace: [ 30.967521] show_stack+0x20/0x38 (C) [ 30.967569] dump_stack_lvl+0x8c/0xd0 [ 30.967628] print_report+0x118/0x608 [ 30.967675] kasan_report+0xdc/0x128 [ 30.967720] __asan_report_store1_noabort+0x20/0x30 [ 30.967778] krealloc_less_oob_helper+0xae4/0xc50 [ 30.967828] krealloc_large_less_oob+0x20/0x38 [ 30.967888] kunit_try_run_case+0x170/0x3f0 [ 30.967937] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.968012] kthread+0x328/0x630 [ 30.968055] ret_from_fork+0x10/0x20 [ 30.968101] [ 30.968120] The buggy address belongs to the physical page: [ 30.968150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.968201] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.968246] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.968296] page_type: f8(unknown) [ 30.969105] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.969171] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.969646] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.969844] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.969916] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.970310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.970370] page dumped because: kasan: bad access detected [ 30.970474] [ 30.970493] Memory state around the buggy address: [ 30.970544] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.970883] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.970983] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.971387] ^ [ 30.971453] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.971817] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.971991] ================================================================== [ 30.884683] ================================================================== [ 30.884741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 30.884960] Write of size 1 at addr fff00000c872c6da by task kunit_try_catch/190 [ 30.885083] [ 30.885245] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.885345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.885491] Hardware name: linux,dummy-virt (DT) [ 30.885635] Call trace: [ 30.885767] show_stack+0x20/0x38 (C) [ 30.885825] dump_stack_lvl+0x8c/0xd0 [ 30.885885] print_report+0x118/0x608 [ 30.885932] kasan_report+0xdc/0x128 [ 30.885985] __asan_report_store1_noabort+0x20/0x30 [ 30.886046] krealloc_less_oob_helper+0xa80/0xc50 [ 30.886104] krealloc_less_oob+0x20/0x38 [ 30.886152] kunit_try_run_case+0x170/0x3f0 [ 30.886201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.886264] kthread+0x328/0x630 [ 30.886306] ret_from_fork+0x10/0x20 [ 30.886353] [ 30.886371] Allocated by task 190: [ 30.886399] kasan_save_stack+0x3c/0x68 [ 30.886441] kasan_save_track+0x20/0x40 [ 30.886488] kasan_save_alloc_info+0x40/0x58 [ 30.886526] __kasan_krealloc+0x118/0x178 [ 30.886574] krealloc_noprof+0x128/0x360 [ 30.886611] krealloc_less_oob_helper+0x168/0xc50 [ 30.886657] krealloc_less_oob+0x20/0x38 [ 30.886709] kunit_try_run_case+0x170/0x3f0 [ 30.886747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.886806] kthread+0x328/0x630 [ 30.887517] ret_from_fork+0x10/0x20 [ 30.887569] [ 30.887589] The buggy address belongs to the object at fff00000c872c600 [ 30.887589] which belongs to the cache kmalloc-256 of size 256 [ 30.887678] The buggy address is located 17 bytes to the right of [ 30.887678] allocated 201-byte region [fff00000c872c600, fff00000c872c6c9) [ 30.887937] [ 30.888272] The buggy address belongs to the physical page: [ 30.888361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.888579] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.888750] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.888962] page_type: f5(slab) [ 30.889093] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.889357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.889611] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.889666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.889829] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.890084] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.890236] page dumped because: kasan: bad access detected [ 30.890670] [ 30.890852] Memory state around the buggy address: [ 30.891051] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.891148] fff00000c872c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.891250] >fff00000c872c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.891379] ^ [ 30.891417] fff00000c872c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.891894] fff00000c872c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.892036] ================================================================== [ 30.946120] ================================================================== [ 30.946183] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 30.946246] Write of size 1 at addr fff00000c9bc60c9 by task kunit_try_catch/194 [ 30.946593] [ 30.946732] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.946826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.946864] Hardware name: linux,dummy-virt (DT) [ 30.946899] Call trace: [ 30.946921] show_stack+0x20/0x38 (C) [ 30.946972] dump_stack_lvl+0x8c/0xd0 [ 30.947021] print_report+0x118/0x608 [ 30.947069] kasan_report+0xdc/0x128 [ 30.947136] __asan_report_store1_noabort+0x20/0x30 [ 30.947186] krealloc_less_oob_helper+0xa48/0xc50 [ 30.947235] krealloc_large_less_oob+0x20/0x38 [ 30.947284] kunit_try_run_case+0x170/0x3f0 [ 30.947333] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.947387] kthread+0x328/0x630 [ 30.947428] ret_from_fork+0x10/0x20 [ 30.947475] [ 30.947495] The buggy address belongs to the physical page: [ 30.947528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.947580] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.947627] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.947679] page_type: f8(unknown) [ 30.947744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.947796] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.947858] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.947910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.947959] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.948017] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.948064] page dumped because: kasan: bad access detected [ 30.948103] [ 30.948121] Memory state around the buggy address: [ 30.948161] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.948203] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.948244] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.948281] ^ [ 30.949085] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.949228] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.949313] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 30.843253] ================================================================== [ 30.843304] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.843356] Write of size 1 at addr fff00000c872c4f0 by task kunit_try_catch/188 [ 30.843686] [ 30.843733] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.844128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.844237] Hardware name: linux,dummy-virt (DT) [ 30.844271] Call trace: [ 30.844373] show_stack+0x20/0x38 (C) [ 30.844426] dump_stack_lvl+0x8c/0xd0 [ 30.844483] print_report+0x118/0x608 [ 30.844529] kasan_report+0xdc/0x128 [ 30.844870] __asan_report_store1_noabort+0x20/0x30 [ 30.844934] krealloc_more_oob_helper+0x5c0/0x678 [ 30.844986] krealloc_more_oob+0x20/0x38 [ 30.845067] kunit_try_run_case+0x170/0x3f0 [ 30.845132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.845187] kthread+0x328/0x630 [ 30.845228] ret_from_fork+0x10/0x20 [ 30.845286] [ 30.845306] Allocated by task 188: [ 30.845345] kasan_save_stack+0x3c/0x68 [ 30.845390] kasan_save_track+0x20/0x40 [ 30.845428] kasan_save_alloc_info+0x40/0x58 [ 30.845465] __kasan_krealloc+0x118/0x178 [ 30.845504] krealloc_noprof+0x128/0x360 [ 30.845548] krealloc_more_oob_helper+0x168/0x678 [ 30.845595] krealloc_more_oob+0x20/0x38 [ 30.845632] kunit_try_run_case+0x170/0x3f0 [ 30.845680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.845725] kthread+0x328/0x630 [ 30.845766] ret_from_fork+0x10/0x20 [ 30.845810] [ 30.845829] The buggy address belongs to the object at fff00000c872c400 [ 30.845829] which belongs to the cache kmalloc-256 of size 256 [ 30.845906] The buggy address is located 5 bytes to the right of [ 30.845906] allocated 235-byte region [fff00000c872c400, fff00000c872c4eb) [ 30.845976] [ 30.845995] The buggy address belongs to the physical page: [ 30.846030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.846086] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.846131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.846181] page_type: f5(slab) [ 30.846219] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.846279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.846336] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.846385] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.846444] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.846520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.846568] page dumped because: kasan: bad access detected [ 30.846598] [ 30.846615] Memory state around the buggy address: [ 30.846655] fff00000c872c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.846697] fff00000c872c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.846738] >fff00000c872c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.846774] ^ [ 30.846823] fff00000c872c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847375] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.847420] ================================================================== [ 30.831912] ================================================================== [ 30.832036] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.832144] Write of size 1 at addr fff00000c872c4eb by task kunit_try_catch/188 [ 30.832370] [ 30.832406] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.832882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.832959] Hardware name: linux,dummy-virt (DT) [ 30.833052] Call trace: [ 30.833152] show_stack+0x20/0x38 (C) [ 30.833290] dump_stack_lvl+0x8c/0xd0 [ 30.833453] print_report+0x118/0x608 [ 30.833504] kasan_report+0xdc/0x128 [ 30.833817] __asan_report_store1_noabort+0x20/0x30 [ 30.833935] krealloc_more_oob_helper+0x60c/0x678 [ 30.834150] krealloc_more_oob+0x20/0x38 [ 30.834327] kunit_try_run_case+0x170/0x3f0 [ 30.834459] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.834808] kthread+0x328/0x630 [ 30.834985] ret_from_fork+0x10/0x20 [ 30.835206] [ 30.835319] Allocated by task 188: [ 30.835370] kasan_save_stack+0x3c/0x68 [ 30.835771] kasan_save_track+0x20/0x40 [ 30.836289] kasan_save_alloc_info+0x40/0x58 [ 30.836416] __kasan_krealloc+0x118/0x178 [ 30.836619] krealloc_noprof+0x128/0x360 [ 30.836852] krealloc_more_oob_helper+0x168/0x678 [ 30.836990] krealloc_more_oob+0x20/0x38 [ 30.837100] kunit_try_run_case+0x170/0x3f0 [ 30.837269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.837323] kthread+0x328/0x630 [ 30.837499] ret_from_fork+0x10/0x20 [ 30.837630] [ 30.837802] The buggy address belongs to the object at fff00000c872c400 [ 30.837802] which belongs to the cache kmalloc-256 of size 256 [ 30.837907] The buggy address is located 0 bytes to the right of [ 30.837907] allocated 235-byte region [fff00000c872c400, fff00000c872c4eb) [ 30.838337] [ 30.838392] The buggy address belongs to the physical page: [ 30.838428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10872c [ 30.838493] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.839060] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.839151] page_type: f5(slab) [ 30.839258] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.839470] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.839582] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 30.839752] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.839962] head: 0bfffe0000000001 ffffc1ffc321cb01 00000000ffffffff 00000000ffffffff [ 30.840148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.840355] page dumped because: kasan: bad access detected [ 30.840490] [ 30.840582] Memory state around the buggy address: [ 30.840618] fff00000c872c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.840665] fff00000c872c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.840713] >fff00000c872c480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.841027] ^ [ 30.841210] fff00000c872c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.841355] fff00000c872c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.841396] ================================================================== [ 30.928211] ================================================================== [ 30.928372] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 30.928521] Write of size 1 at addr fff00000c9bc60f0 by task kunit_try_catch/192 [ 30.928681] [ 30.928712] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.928795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.928827] Hardware name: linux,dummy-virt (DT) [ 30.928868] Call trace: [ 30.929038] show_stack+0x20/0x38 (C) [ 30.929260] dump_stack_lvl+0x8c/0xd0 [ 30.929334] print_report+0x118/0x608 [ 30.929382] kasan_report+0xdc/0x128 [ 30.929445] __asan_report_store1_noabort+0x20/0x30 [ 30.929506] krealloc_more_oob_helper+0x5c0/0x678 [ 30.929566] krealloc_large_more_oob+0x20/0x38 [ 30.929617] kunit_try_run_case+0x170/0x3f0 [ 30.929681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.929736] kthread+0x328/0x630 [ 30.929778] ret_from_fork+0x10/0x20 [ 30.929826] [ 30.930097] The buggy address belongs to the physical page: [ 30.930507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.930742] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.930792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.930948] page_type: f8(unknown) [ 30.931334] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.931584] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.931761] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.932178] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.932322] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.932394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.932605] page dumped because: kasan: bad access detected [ 30.932704] [ 30.932728] Memory state around the buggy address: [ 30.932761] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.932803] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.932854] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.932892] ^ [ 30.932930] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.932971] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.933008] ================================================================== [ 30.921521] ================================================================== [ 30.921616] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 30.921823] Write of size 1 at addr fff00000c9bc60eb by task kunit_try_catch/192 [ 30.921890] [ 30.921926] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.922021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.922233] Hardware name: linux,dummy-virt (DT) [ 30.922582] Call trace: [ 30.922624] show_stack+0x20/0x38 (C) [ 30.922771] dump_stack_lvl+0x8c/0xd0 [ 30.923086] print_report+0x118/0x608 [ 30.923193] kasan_report+0xdc/0x128 [ 30.923280] __asan_report_store1_noabort+0x20/0x30 [ 30.923389] krealloc_more_oob_helper+0x60c/0x678 [ 30.923445] krealloc_large_more_oob+0x20/0x38 [ 30.923607] kunit_try_run_case+0x170/0x3f0 [ 30.923700] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.923763] kthread+0x328/0x630 [ 30.923805] ret_from_fork+0x10/0x20 [ 30.923862] [ 30.924245] The buggy address belongs to the physical page: [ 30.924298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc4 [ 30.924442] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.924496] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.924623] page_type: f8(unknown) [ 30.924675] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.924727] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.924919] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.925219] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.925317] head: 0bfffe0000000002 ffffc1ffc326f101 00000000ffffffff 00000000ffffffff [ 30.925439] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.925531] page dumped because: kasan: bad access detected [ 30.925667] [ 30.925776] Memory state around the buggy address: [ 30.925830] fff00000c9bc5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.926096] fff00000c9bc6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.926275] >fff00000c9bc6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.926527] ^ [ 30.926594] fff00000c9bc6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.926663] fff00000c9bc6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.926703] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 30.815514] ================================================================== [ 30.815588] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 30.815657] Read of size 1 at addr fff00000c9be0000 by task kunit_try_catch/186 [ 30.815706] [ 30.815994] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.816099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.816125] Hardware name: linux,dummy-virt (DT) [ 30.816159] Call trace: [ 30.816528] show_stack+0x20/0x38 (C) [ 30.816720] dump_stack_lvl+0x8c/0xd0 [ 30.816918] print_report+0x118/0x608 [ 30.817137] kasan_report+0xdc/0x128 [ 30.817184] __asan_report_load1_noabort+0x20/0x30 [ 30.817454] page_alloc_uaf+0x328/0x350 [ 30.817615] kunit_try_run_case+0x170/0x3f0 [ 30.817765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.817841] kthread+0x328/0x630 [ 30.818203] ret_from_fork+0x10/0x20 [ 30.818269] [ 30.818290] The buggy address belongs to the physical page: [ 30.818323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109be0 [ 30.818396] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.818447] page_type: f0(buddy) [ 30.818511] raw: 0bfffe0000000000 fff00000ff616148 fff00000ff616148 0000000000000000 [ 30.818563] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 30.818617] page dumped because: kasan: bad access detected [ 30.818647] [ 30.818665] Memory state around the buggy address: [ 30.818699] fff00000c9bdff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.818742] fff00000c9bdff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.818784] >fff00000c9be0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.818821] ^ [ 30.819379] fff00000c9be0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.819454] fff00000c9be0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.819534] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 30.789541] ================================================================== [ 30.789633] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 30.789702] Free of addr fff00000c9bc0001 by task kunit_try_catch/182 [ 30.789748] [ 30.790125] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.790334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.790375] Hardware name: linux,dummy-virt (DT) [ 30.790471] Call trace: [ 30.790496] show_stack+0x20/0x38 (C) [ 30.790817] dump_stack_lvl+0x8c/0xd0 [ 30.791061] print_report+0x118/0x608 [ 30.791194] kasan_report_invalid_free+0xc0/0xe8 [ 30.791297] __kasan_kfree_large+0x5c/0xa8 [ 30.791414] free_large_kmalloc+0x68/0x150 [ 30.791538] kfree+0x270/0x3c8 [ 30.791587] kmalloc_large_invalid_free+0x108/0x270 [ 30.791643] kunit_try_run_case+0x170/0x3f0 [ 30.791855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.792163] kthread+0x328/0x630 [ 30.792225] ret_from_fork+0x10/0x20 [ 30.792361] [ 30.792391] The buggy address belongs to the physical page: [ 30.792451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc0 [ 30.792689] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.792766] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.793030] page_type: f8(unknown) [ 30.793293] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.793431] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.793559] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.793691] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.793740] head: 0bfffe0000000002 ffffc1ffc326f001 00000000ffffffff 00000000ffffffff [ 30.794063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.794339] page dumped because: kasan: bad access detected [ 30.794484] [ 30.794520] Memory state around the buggy address: [ 30.794623] fff00000c9bbff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.794704] fff00000c9bbff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.794814] >fff00000c9bc0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.795010] ^ [ 30.795183] fff00000c9bc0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.795253] fff00000c9bc0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.795322] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 30.771586] ================================================================== [ 30.771649] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 30.772213] Read of size 1 at addr fff00000c9bc0000 by task kunit_try_catch/180 [ 30.772285] [ 30.772479] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.772613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.772639] Hardware name: linux,dummy-virt (DT) [ 30.772995] Call trace: [ 30.773086] show_stack+0x20/0x38 (C) [ 30.773221] dump_stack_lvl+0x8c/0xd0 [ 30.773315] print_report+0x118/0x608 [ 30.773367] kasan_report+0xdc/0x128 [ 30.773425] __asan_report_load1_noabort+0x20/0x30 [ 30.773632] kmalloc_large_uaf+0x2cc/0x2f8 [ 30.773853] kunit_try_run_case+0x170/0x3f0 [ 30.773916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.774370] kthread+0x328/0x630 [ 30.774554] ret_from_fork+0x10/0x20 [ 30.774645] [ 30.774666] The buggy address belongs to the physical page: [ 30.775036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc0 [ 30.775105] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.775171] raw: 0bfffe0000000000 ffffc1ffc326f108 fff00000da462c40 0000000000000000 [ 30.775525] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.775740] page dumped because: kasan: bad access detected [ 30.775888] [ 30.776231] Memory state around the buggy address: [ 30.776409] fff00000c9bbff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.776476] fff00000c9bbff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.776525] >fff00000c9bc0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.776892] ^ [ 30.777028] fff00000c9bc0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.777073] fff00000c9bc0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.777143] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 30.757249] ================================================================== [ 30.757417] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 30.757481] Write of size 1 at addr fff00000c9bc200a by task kunit_try_catch/178 [ 30.757530] [ 30.757817] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.757927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.758054] Hardware name: linux,dummy-virt (DT) [ 30.758132] Call trace: [ 30.758157] show_stack+0x20/0x38 (C) [ 30.758515] dump_stack_lvl+0x8c/0xd0 [ 30.758599] print_report+0x118/0x608 [ 30.758935] kasan_report+0xdc/0x128 [ 30.759195] __asan_report_store1_noabort+0x20/0x30 [ 30.759280] kmalloc_large_oob_right+0x278/0x2b8 [ 30.759334] kunit_try_run_case+0x170/0x3f0 [ 30.759538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.759607] kthread+0x328/0x630 [ 30.759761] ret_from_fork+0x10/0x20 [ 30.759815] [ 30.759910] The buggy address belongs to the physical page: [ 30.759963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc0 [ 30.760038] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.760084] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.760319] page_type: f8(unknown) [ 30.760538] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.760676] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.760796] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 30.760860] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 30.760910] head: 0bfffe0000000002 ffffc1ffc326f001 00000000ffffffff 00000000ffffffff [ 30.761405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 30.761467] page dumped because: kasan: bad access detected [ 30.761584] [ 30.761684] Memory state around the buggy address: [ 30.761742] fff00000c9bc1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.761792] fff00000c9bc1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.761888] >fff00000c9bc2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.761929] ^ [ 30.761974] fff00000c9bc2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.762025] fff00000c9bc2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.762063] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 30.740130] ================================================================== [ 30.740192] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.740248] Write of size 1 at addr fff00000c65bdf00 by task kunit_try_catch/176 [ 30.740718] [ 30.740771] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.741163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.741240] Hardware name: linux,dummy-virt (DT) [ 30.741284] Call trace: [ 30.741309] show_stack+0x20/0x38 (C) [ 30.741379] dump_stack_lvl+0x8c/0xd0 [ 30.741465] print_report+0x118/0x608 [ 30.741524] kasan_report+0xdc/0x128 [ 30.741569] __asan_report_store1_noabort+0x20/0x30 [ 30.741617] kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.741673] kunit_try_run_case+0x170/0x3f0 [ 30.741730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.741792] kthread+0x328/0x630 [ 30.741843] ret_from_fork+0x10/0x20 [ 30.741890] [ 30.741918] Allocated by task 176: [ 30.741945] kasan_save_stack+0x3c/0x68 [ 30.742011] kasan_save_track+0x20/0x40 [ 30.742051] kasan_save_alloc_info+0x40/0x58 [ 30.742104] __kasan_kmalloc+0xd4/0xd8 [ 30.742141] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.742192] kmalloc_big_oob_right+0xb8/0x2f0 [ 30.742246] kunit_try_run_case+0x170/0x3f0 [ 30.742290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.742347] kthread+0x328/0x630 [ 30.742390] ret_from_fork+0x10/0x20 [ 30.742427] [ 30.742456] The buggy address belongs to the object at fff00000c65bc000 [ 30.742456] which belongs to the cache kmalloc-8k of size 8192 [ 30.742513] The buggy address is located 0 bytes to the right of [ 30.742513] allocated 7936-byte region [fff00000c65bc000, fff00000c65bdf00) [ 30.742575] [ 30.742595] The buggy address belongs to the physical page: [ 30.742637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8 [ 30.742688] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.742741] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.742793] page_type: f5(slab) [ 30.742831] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.743349] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.743474] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.744435] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.744551] head: 0bfffe0000000003 ffffc1ffc3196e01 00000000ffffffff 00000000ffffffff [ 30.744632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 30.744674] page dumped because: kasan: bad access detected [ 30.744708] [ 30.744727] Memory state around the buggy address: [ 30.745194] fff00000c65bde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.745259] fff00000c65bde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.745574] >fff00000c65bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.745705] ^ [ 30.745743] fff00000c65bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.745791] fff00000c65be000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.746197] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 30.711447] ================================================================== [ 30.711749] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.711848] Write of size 1 at addr fff00000c58afd78 by task kunit_try_catch/174 [ 30.712131] [ 30.712214] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.712538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.712569] Hardware name: linux,dummy-virt (DT) [ 30.712604] Call trace: [ 30.712625] show_stack+0x20/0x38 (C) [ 30.712819] dump_stack_lvl+0x8c/0xd0 [ 30.713161] print_report+0x118/0x608 [ 30.713212] kasan_report+0xdc/0x128 [ 30.713424] __asan_report_store1_noabort+0x20/0x30 [ 30.713602] kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.713862] kunit_try_run_case+0x170/0x3f0 [ 30.714059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.714250] kthread+0x328/0x630 [ 30.714398] ret_from_fork+0x10/0x20 [ 30.714705] [ 30.714751] Allocated by task 174: [ 30.714910] kasan_save_stack+0x3c/0x68 [ 30.714979] kasan_save_track+0x20/0x40 [ 30.715172] kasan_save_alloc_info+0x40/0x58 [ 30.715397] __kasan_kmalloc+0xd4/0xd8 [ 30.715458] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.715656] kmalloc_track_caller_oob_right+0xa8/0x488 [ 30.716139] kunit_try_run_case+0x170/0x3f0 [ 30.716203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.716266] kthread+0x328/0x630 [ 30.716308] ret_from_fork+0x10/0x20 [ 30.716448] [ 30.716521] The buggy address belongs to the object at fff00000c58afd00 [ 30.716521] which belongs to the cache kmalloc-128 of size 128 [ 30.716771] The buggy address is located 0 bytes to the right of [ 30.716771] allocated 120-byte region [fff00000c58afd00, fff00000c58afd78) [ 30.716972] [ 30.717083] The buggy address belongs to the physical page: [ 30.717144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.717213] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.717528] page_type: f5(slab) [ 30.717637] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.717792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.717995] page dumped because: kasan: bad access detected [ 30.718030] [ 30.718048] Memory state around the buggy address: [ 30.718124] fff00000c58afc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.718175] fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.718227] >fff00000c58afd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.718264] ^ [ 30.718304] fff00000c58afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.718346] fff00000c58afe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.718384] ================================================================== [ 30.719734] ================================================================== [ 30.719783] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 30.719853] Write of size 1 at addr fff00000c58afe78 by task kunit_try_catch/174 [ 30.720240] [ 30.720623] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.720750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.720795] Hardware name: linux,dummy-virt (DT) [ 30.721194] Call trace: [ 30.721268] show_stack+0x20/0x38 (C) [ 30.721325] dump_stack_lvl+0x8c/0xd0 [ 30.721382] print_report+0x118/0x608 [ 30.721429] kasan_report+0xdc/0x128 [ 30.721775] __asan_report_store1_noabort+0x20/0x30 [ 30.721986] kmalloc_track_caller_oob_right+0x418/0x488 [ 30.722183] kunit_try_run_case+0x170/0x3f0 [ 30.722332] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.722387] kthread+0x328/0x630 [ 30.722570] ret_from_fork+0x10/0x20 [ 30.722823] [ 30.722880] Allocated by task 174: [ 30.722969] kasan_save_stack+0x3c/0x68 [ 30.723107] kasan_save_track+0x20/0x40 [ 30.723165] kasan_save_alloc_info+0x40/0x58 [ 30.723367] __kasan_kmalloc+0xd4/0xd8 [ 30.723529] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.723618] kmalloc_track_caller_oob_right+0x184/0x488 [ 30.723943] kunit_try_run_case+0x170/0x3f0 [ 30.724208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.724401] kthread+0x328/0x630 [ 30.724564] ret_from_fork+0x10/0x20 [ 30.724765] [ 30.724857] The buggy address belongs to the object at fff00000c58afe00 [ 30.724857] which belongs to the cache kmalloc-128 of size 128 [ 30.725031] The buggy address is located 0 bytes to the right of [ 30.725031] allocated 120-byte region [fff00000c58afe00, fff00000c58afe78) [ 30.725122] [ 30.725141] The buggy address belongs to the physical page: [ 30.725178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.725615] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.725767] page_type: f5(slab) [ 30.725998] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.726098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.726141] page dumped because: kasan: bad access detected [ 30.726589] [ 30.726744] Memory state around the buggy address: [ 30.726925] fff00000c58afd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.726999] fff00000c58afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727047] >fff00000c58afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.727346] ^ [ 30.727483] fff00000c58afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727764] fff00000c58aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727867] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 30.693283] ================================================================== [ 30.693396] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 30.693565] Read of size 1 at addr fff00000c9b69000 by task kunit_try_catch/172 [ 30.693700] [ 30.693737] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.694049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.694097] Hardware name: linux,dummy-virt (DT) [ 30.694131] Call trace: [ 30.694245] show_stack+0x20/0x38 (C) [ 30.694307] dump_stack_lvl+0x8c/0xd0 [ 30.694490] print_report+0x118/0x608 [ 30.694566] kasan_report+0xdc/0x128 [ 30.694624] __asan_report_load1_noabort+0x20/0x30 [ 30.694675] kmalloc_node_oob_right+0x2f4/0x330 [ 30.695034] kunit_try_run_case+0x170/0x3f0 [ 30.695104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.695159] kthread+0x328/0x630 [ 30.695202] ret_from_fork+0x10/0x20 [ 30.695315] [ 30.695451] Allocated by task 172: [ 30.695827] kasan_save_stack+0x3c/0x68 [ 30.695946] kasan_save_track+0x20/0x40 [ 30.696031] kasan_save_alloc_info+0x40/0x58 [ 30.696130] __kasan_kmalloc+0xd4/0xd8 [ 30.696226] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 30.696293] kmalloc_node_oob_right+0xbc/0x330 [ 30.696434] kunit_try_run_case+0x170/0x3f0 [ 30.696478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.696544] kthread+0x328/0x630 [ 30.696896] ret_from_fork+0x10/0x20 [ 30.696953] [ 30.696984] The buggy address belongs to the object at fff00000c9b68000 [ 30.696984] which belongs to the cache kmalloc-4k of size 4096 [ 30.697099] The buggy address is located 0 bytes to the right of [ 30.697099] allocated 4096-byte region [fff00000c9b68000, fff00000c9b69000) [ 30.697170] [ 30.697189] The buggy address belongs to the physical page: [ 30.697673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b68 [ 30.698477] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.698539] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.699203] page_type: f5(slab) [ 30.699277] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 30.699347] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 30.699529] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 30.700259] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 30.700631] head: 0bfffe0000000003 ffffc1ffc326da01 00000000ffffffff 00000000ffffffff [ 30.700733] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 30.700867] page dumped because: kasan: bad access detected [ 30.700901] [ 30.700919] Memory state around the buggy address: [ 30.700965] fff00000c9b68f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.701009] fff00000c9b68f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.701061] >fff00000c9b69000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.701098] ^ [ 30.701126] fff00000c9b69080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.701167] fff00000c9b69100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.701205] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 30.674029] ================================================================== [ 30.674092] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 30.674492] Read of size 1 at addr fff00000c5a30c1f by task kunit_try_catch/170 [ 30.674562] [ 30.674598] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.674685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.674946] Hardware name: linux,dummy-virt (DT) [ 30.675189] Call trace: [ 30.675302] show_stack+0x20/0x38 (C) [ 30.675368] dump_stack_lvl+0x8c/0xd0 [ 30.675580] print_report+0x118/0x608 [ 30.675750] kasan_report+0xdc/0x128 [ 30.675805] __asan_report_load1_noabort+0x20/0x30 [ 30.675866] kmalloc_oob_left+0x2ec/0x320 [ 30.675912] kunit_try_run_case+0x170/0x3f0 [ 30.675962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.676016] kthread+0x328/0x630 [ 30.676296] ret_from_fork+0x10/0x20 [ 30.676645] [ 30.676892] Allocated by task 10: [ 30.676956] kasan_save_stack+0x3c/0x68 [ 30.677066] kasan_save_track+0x20/0x40 [ 30.677189] kasan_save_alloc_info+0x40/0x58 [ 30.677231] __kasan_kmalloc+0xd4/0xd8 [ 30.677548] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.677624] kvasprintf+0xe0/0x180 [ 30.677708] __kthread_create_on_node+0x16c/0x350 [ 30.677751] kthread_create_on_node+0xe4/0x130 [ 30.677970] create_worker+0x380/0x6b8 [ 30.678171] worker_thread+0x808/0xf38 [ 30.678236] kthread+0x328/0x630 [ 30.678599] ret_from_fork+0x10/0x20 [ 30.678775] [ 30.678900] The buggy address belongs to the object at fff00000c5a30c00 [ 30.678900] which belongs to the cache kmalloc-16 of size 16 [ 30.678977] The buggy address is located 19 bytes to the right of [ 30.678977] allocated 12-byte region [fff00000c5a30c00, fff00000c5a30c0c) [ 30.679209] [ 30.679416] The buggy address belongs to the physical page: [ 30.679476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c5a30be0 pfn:0x105a30 [ 30.679891] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.679973] page_type: f5(slab) [ 30.680173] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.680398] raw: fff00000c5a30be0 000000008080007f 00000000f5000000 0000000000000000 [ 30.680559] page dumped because: kasan: bad access detected [ 30.680674] [ 30.680812] Memory state around the buggy address: [ 30.681017] fff00000c5a30b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.681120] fff00000c5a30b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.681238] >fff00000c5a30c00: 00 04 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 30.681568] ^ [ 30.681639] fff00000c5a30c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.681848] fff00000c5a30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.682015] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 30.637186] ================================================================== [ 30.637293] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.637391] Write of size 1 at addr fff00000c58afc78 by task kunit_try_catch/168 [ 30.637442] [ 30.637470] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.637611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.637638] Hardware name: linux,dummy-virt (DT) [ 30.637726] Call trace: [ 30.637748] show_stack+0x20/0x38 (C) [ 30.637796] dump_stack_lvl+0x8c/0xd0 [ 30.638281] print_report+0x118/0x608 [ 30.638346] kasan_report+0xdc/0x128 [ 30.638410] __asan_report_store1_noabort+0x20/0x30 [ 30.638464] kmalloc_oob_right+0x538/0x660 [ 30.638512] kunit_try_run_case+0x170/0x3f0 [ 30.639370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.639453] kthread+0x328/0x630 [ 30.639496] ret_from_fork+0x10/0x20 [ 30.639562] [ 30.639582] Allocated by task 168: [ 30.639609] kasan_save_stack+0x3c/0x68 [ 30.639653] kasan_save_track+0x20/0x40 [ 30.639691] kasan_save_alloc_info+0x40/0x58 [ 30.639727] __kasan_kmalloc+0xd4/0xd8 [ 30.639763] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.639802] kmalloc_oob_right+0xb0/0x660 [ 30.640148] kunit_try_run_case+0x170/0x3f0 [ 30.640206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.640370] kthread+0x328/0x630 [ 30.640609] ret_from_fork+0x10/0x20 [ 30.640656] [ 30.640950] The buggy address belongs to the object at fff00000c58afc00 [ 30.640950] which belongs to the cache kmalloc-128 of size 128 [ 30.641051] The buggy address is located 5 bytes to the right of [ 30.641051] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.641526] [ 30.641667] The buggy address belongs to the physical page: [ 30.641746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.642139] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.642323] page_type: f5(slab) [ 30.642549] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.642690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.642732] page dumped because: kasan: bad access detected [ 30.642763] [ 30.642781] Memory state around the buggy address: [ 30.643053] fff00000c58afb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.643330] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.643515] >fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.643858] ^ [ 30.644012] fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.644148] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.644252] ================================================================== [ 30.629928] ================================================================== [ 30.630271] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.631112] Write of size 1 at addr fff00000c58afc73 by task kunit_try_catch/168 [ 30.631218] [ 30.631988] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.632140] Tainted: [N]=TEST [ 30.632172] Hardware name: linux,dummy-virt (DT) [ 30.632498] Call trace: [ 30.632684] show_stack+0x20/0x38 (C) [ 30.632818] dump_stack_lvl+0x8c/0xd0 [ 30.632893] print_report+0x118/0x608 [ 30.632941] kasan_report+0xdc/0x128 [ 30.632988] __asan_report_store1_noabort+0x20/0x30 [ 30.633037] kmalloc_oob_right+0x5a4/0x660 [ 30.633084] kunit_try_run_case+0x170/0x3f0 [ 30.633135] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.633190] kthread+0x328/0x630 [ 30.633233] ret_from_fork+0x10/0x20 [ 30.633388] [ 30.633425] Allocated by task 168: [ 30.633535] kasan_save_stack+0x3c/0x68 [ 30.633600] kasan_save_track+0x20/0x40 [ 30.633639] kasan_save_alloc_info+0x40/0x58 [ 30.633676] __kasan_kmalloc+0xd4/0xd8 [ 30.633713] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.633755] kmalloc_oob_right+0xb0/0x660 [ 30.633792] kunit_try_run_case+0x170/0x3f0 [ 30.633831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.633887] kthread+0x328/0x630 [ 30.633919] ret_from_fork+0x10/0x20 [ 30.633978] [ 30.634036] The buggy address belongs to the object at fff00000c58afc00 [ 30.634036] which belongs to the cache kmalloc-128 of size 128 [ 30.634130] The buggy address is located 0 bytes to the right of [ 30.634130] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.634197] [ 30.634276] The buggy address belongs to the physical page: [ 30.634476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.634745] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.635158] page_type: f5(slab) [ 30.635451] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.635515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.635624] page dumped because: kasan: bad access detected [ 30.635664] [ 30.635692] Memory state around the buggy address: [ 30.635919] fff00000c58afb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.635988] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636044] >fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.636097] ^ [ 30.636182] fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636223] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636283] ================================================================== [ 30.645781] ================================================================== [ 30.647121] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.647759] Read of size 1 at addr fff00000c58afc80 by task kunit_try_catch/168 [ 30.647818] [ 30.647858] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.647940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.647966] Hardware name: linux,dummy-virt (DT) [ 30.647999] Call trace: [ 30.648891] show_stack+0x20/0x38 (C) [ 30.649565] dump_stack_lvl+0x8c/0xd0 [ 30.650078] print_report+0x118/0x608 [ 30.650374] kasan_report+0xdc/0x128 [ 30.650745] __asan_report_load1_noabort+0x20/0x30 [ 30.651166] kmalloc_oob_right+0x5d0/0x660 [ 30.651980] kunit_try_run_case+0x170/0x3f0 [ 30.652430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.652895] kthread+0x328/0x630 [ 30.653062] ret_from_fork+0x10/0x20 [ 30.653111] [ 30.653129] Allocated by task 168: [ 30.653156] kasan_save_stack+0x3c/0x68 [ 30.653580] kasan_save_track+0x20/0x40 [ 30.653740] kasan_save_alloc_info+0x40/0x58 [ 30.653779] __kasan_kmalloc+0xd4/0xd8 [ 30.654457] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.654740] kmalloc_oob_right+0xb0/0x660 [ 30.655585] kunit_try_run_case+0x170/0x3f0 [ 30.655736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.655785] kthread+0x328/0x630 [ 30.655818] ret_from_fork+0x10/0x20 [ 30.655864] [ 30.655884] The buggy address belongs to the object at fff00000c58afc00 [ 30.655884] which belongs to the cache kmalloc-128 of size 128 [ 30.657357] The buggy address is located 13 bytes to the right of [ 30.657357] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.657435] [ 30.657792] The buggy address belongs to the physical page: [ 30.658226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.658471] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.659554] page_type: f5(slab) [ 30.659622] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.659693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.659761] page dumped because: kasan: bad access detected [ 30.659818] [ 30.659862] Memory state around the buggy address: [ 30.659958] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660096] fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.660265] >fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660303] ^ [ 30.660330] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660709] fff00000c58afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660771] ==================================================================
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 113.917480] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#1: kunit_try_catch/690 [ 113.919720] Modules linked in: [ 113.920505] CPU: 1 UID: 0 PID: 690 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 113.921110] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 113.921348] Hardware name: linux,dummy-virt (DT) [ 113.921552] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 113.921830] pc : intlog10+0x38/0x48 [ 113.922065] lr : intlog10_test+0xe4/0x200 [ 113.922268] sp : ffff800082337c10 [ 113.922645] x29: ffff800082337c90 x28: 0000000000000000 x27: 0000000000000000 [ 113.923487] x26: 1ffe0000187e3e41 x25: 0000000000000000 x24: ffff800082337ce0 [ 113.924169] x23: ffff800082337d00 x22: 0000000000000000 x21: 1ffff00010466f82 [ 113.925166] x20: ffffa652781fd1c0 x19: ffff800080087990 x18: 00000000e3bcb73e [ 113.926011] x17: 00000000973a3ce9 x16: fff00000c6299c3c x15: 00000000a17619b5 [ 113.926527] x14: 0000000084c0a469 x13: 1ffe00001b48bdc5 x12: ffff74ca4f816781 [ 113.927505] x11: 1ffff4ca4f816780 x10: ffff74ca4f816780 x9 : ffffa6527583d1ec [ 113.928041] x8 : ffffa6527c0b3c03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 113.928645] x5 : ffff700010466f82 x4 : 1ffff00010010f3b x3 : 1ffff4ca4f03fa38 [ 113.929595] x2 : 1ffff4ca4f03fa38 x1 : 0000000000000003 x0 : 0000000000000000 [ 113.930622] Call trace: [ 113.930877] intlog10+0x38/0x48 (P) [ 113.931114] kunit_try_run_case+0x170/0x3f0 [ 113.931613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 113.932197] kthread+0x328/0x630 [ 113.932659] ret_from_fork+0x10/0x20 [ 113.932914] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 113.863661] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#1: kunit_try_catch/672 [ 113.868864] Modules linked in: [ 113.869387] CPU: 1 UID: 0 PID: 672 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 113.870722] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 113.871262] Hardware name: linux,dummy-virt (DT) [ 113.871710] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 113.872276] pc : intlog2+0xd8/0xf8 [ 113.872823] lr : intlog2_test+0xe4/0x200 [ 113.873381] sp : ffff800082297c10 [ 113.873854] x29: ffff800082297c90 x28: 0000000000000000 x27: 0000000000000000 [ 113.874487] x26: 1ffe0000182a1dc1 x25: 0000000000000000 x24: ffff800082297ce0 [ 113.874844] x23: ffff800082297d00 x22: 0000000000000000 x21: 1ffff00010452f82 [ 113.875181] x20: ffffa652781fd0c0 x19: ffff800080087990 x18: 00000000417f6622 [ 113.875516] x17: 00000000eccc1030 x16: fff00000c6299c3c x15: fff00000ff616b48 [ 113.875865] x14: 0000000000018fff x13: 1ffe00001b48bdc5 x12: ffff74ca4f816781 [ 113.876934] x11: 1ffff4ca4f816780 x10: ffff74ca4f816780 x9 : ffffa6527583d3ec [ 113.877794] x8 : ffffa6527c0b3c03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 113.878558] x5 : ffff700010452f82 x4 : 1ffff00010010f3b x3 : 1ffff4ca4f03fa18 [ 113.879342] x2 : 1ffff4ca4f03fa18 x1 : 0000000000000003 x0 : 0000000000000000 [ 113.880122] Call trace: [ 113.880536] intlog2+0xd8/0xf8 (P) [ 113.881107] kunit_try_run_case+0x170/0x3f0 [ 113.881583] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 113.882169] kthread+0x328/0x630 [ 113.882552] ret_from_fork+0x10/0x20 [ 113.883003] ---[ end trace 0000000000000000 ]---