Date
July 4, 2025, 11:10 a.m.
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 32.344448] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dcc/0x4858 [ 32.301091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x894/0x4858 [ 32.358835] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dbc/0x4858 [ 32.291995] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x760/0x4858
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 32.152005] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 32.102170] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0
Failure - log-parser-boot/internal-error-oops-oops-smp
[ 106.923402] Internal error: Oops: 0000000096000005 [#1] SMP [ 106.932524] Modules linked in: [ 106.933723] CPU: 0 UID: 0 PID: 565 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 106.935183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 106.935876] Hardware name: linux,dummy-virt (DT) [ 106.936603] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 106.937654] pc : kunit_test_null_dereference+0x70/0x170 [ 106.938471] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 106.938975] sp : ffff8000820e7d30 [ 106.939178] x29: ffff8000820e7d90 x28: 0000000000000000 x27: 0000000000000000 [ 106.939605] x26: 1ffe000018b5d1c1 x25: 0000000000000000 x24: 0000000000000004 [ 106.940205] x23: fff00000c5ae8e0c x22: ffffa0286b831358 x21: fff00000c0b1de88 [ 106.940872] x20: 1ffff0001041cfa6 x19: ffff800080087990 x18: 00000000f8afa851 [ 106.941554] x17: 0000000000000001 x16: fff00000da458ce8 x15: fff00000ff616b48 [ 106.942283] x14: 0000000000018fff x13: 1ffe00001b48b181 x12: fffd8000191648b4 [ 106.942721] x11: 1ffe0000191648b3 x10: fffd8000191648b3 x9 : ffffa0286b828ae8 [ 106.943198] x8 : ffff8000820e7c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 106.943691] x5 : ffff70001041cfa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 106.944197] x2 : dfff800000000000 x1 : fff00000c8b23cc0 x0 : ffff800080087990 [ 106.944740] Call trace: [ 106.945024] kunit_test_null_dereference+0x70/0x170 (P) [ 106.945386] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 106.945785] kthread+0x328/0x630 [ 106.946036] ret_from_fork+0x10/0x20 [ 106.946616] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 106.947286] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 34.754187] ================================================================== [ 34.754273] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 34.754273] [ 34.754331] Invalid free of 0x000000003a893bb6 (in kfence-#133): [ 34.754384] test_invalid_addr_free+0xec/0x238 [ 34.754433] kunit_try_run_case+0x170/0x3f0 [ 34.754477] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.754524] kthread+0x328/0x630 [ 34.754563] ret_from_fork+0x10/0x20 [ 34.754603] [ 34.754627] kfence-#133: 0x00000000080b3eeb-0x00000000cef0d908, size=32, cache=test [ 34.754627] [ 34.754678] allocated by task 342 on cpu 1 at 34.754075s (0.000600s ago): [ 34.754744] test_alloc+0x230/0x628 [ 34.754786] test_invalid_addr_free+0xd4/0x238 [ 34.754828] kunit_try_run_case+0x170/0x3f0 [ 34.754871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.755004] kthread+0x328/0x630 [ 34.755040] ret_from_fork+0x10/0x20 [ 34.755080] [ 34.755120] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.755198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.755228] Hardware name: linux,dummy-virt (DT) [ 34.755262] ================================================================== [ 34.650260] ================================================================== [ 34.650344] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 34.650344] [ 34.650404] Invalid free of 0x0000000025cdc203 (in kfence-#132): [ 34.650459] test_invalid_addr_free+0x1ac/0x238 [ 34.650509] kunit_try_run_case+0x170/0x3f0 [ 34.650556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.650603] kthread+0x328/0x630 [ 34.650669] ret_from_fork+0x10/0x20 [ 34.650712] [ 34.650750] kfence-#132: 0x00000000e61c803f-0x000000006fa45e98, size=32, cache=kmalloc-32 [ 34.650750] [ 34.650819] allocated by task 340 on cpu 1 at 34.650134s (0.000681s ago): [ 34.650895] test_alloc+0x29c/0x628 [ 34.650948] test_invalid_addr_free+0xd4/0x238 [ 34.651005] kunit_try_run_case+0x170/0x3f0 [ 34.651061] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.651105] kthread+0x328/0x630 [ 34.651155] ret_from_fork+0x10/0x20 [ 34.651208] [ 34.651250] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.651343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.651375] Hardware name: linux,dummy-virt (DT) [ 34.651409] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.459858] ================================================================== [ 63.459936] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 63.459936] [ 63.460017] Use-after-free read at 0x0000000038701685 (in kfence-#189): [ 63.460070] test_krealloc+0x51c/0x830 [ 63.460118] kunit_try_run_case+0x170/0x3f0 [ 63.460165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.460213] kthread+0x328/0x630 [ 63.460255] ret_from_fork+0x10/0x20 [ 63.460295] [ 63.460321] kfence-#189: 0x0000000038701685-0x000000004d261e7d, size=32, cache=kmalloc-32 [ 63.460321] [ 63.460376] allocated by task 370 on cpu 1 at 63.459217s (0.001155s ago): [ 63.460447] test_alloc+0x29c/0x628 [ 63.460490] test_krealloc+0xc0/0x830 [ 63.460531] kunit_try_run_case+0x170/0x3f0 [ 63.460573] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.460619] kthread+0x328/0x630 [ 63.460654] ret_from_fork+0x10/0x20 [ 63.460692] [ 63.460715] freed by task 370 on cpu 1 at 63.459471s (0.001241s ago): [ 63.460779] krealloc_noprof+0x148/0x360 [ 63.460824] test_krealloc+0x1dc/0x830 [ 63.460866] kunit_try_run_case+0x170/0x3f0 [ 63.460915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.460960] kthread+0x328/0x630 [ 63.460996] ret_from_fork+0x10/0x20 [ 63.461035] [ 63.461078] CPU: 1 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 63.461157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.461188] Hardware name: linux,dummy-virt (DT) [ 63.461222] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.370225] ================================================================== [ 63.370312] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.370312] [ 63.370411] Use-after-free read at 0x00000000b60794cd (in kfence-#188): [ 63.370466] test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.370517] kunit_try_run_case+0x170/0x3f0 [ 63.370564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.370613] kthread+0x328/0x630 [ 63.370652] ret_from_fork+0x10/0x20 [ 63.370698] [ 63.370723] kfence-#188: 0x00000000b60794cd-0x00000000995eef45, size=32, cache=test [ 63.370723] [ 63.370775] allocated by task 368 on cpu 0 at 63.358489s (0.012282s ago): [ 63.370849] test_alloc+0x230/0x628 [ 63.370891] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 63.370953] kunit_try_run_case+0x170/0x3f0 [ 63.370993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.371038] kthread+0x328/0x630 [ 63.371073] ret_from_fork+0x10/0x20 [ 63.371113] [ 63.371137] freed by task 368 on cpu 0 at 63.358598s (0.012535s ago): [ 63.371196] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 63.371240] kunit_try_run_case+0x170/0x3f0 [ 63.371279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.371324] kthread+0x328/0x630 [ 63.371359] ret_from_fork+0x10/0x20 [ 63.371400] [ 63.371449] CPU: 0 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 63.371530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.371560] Hardware name: linux,dummy-virt (DT) [ 63.371597] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 40.289834] ================================================================== [ 40.290011] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 40.290011] [ 40.290140] Invalid read at 0x00000000f4bdff02: [ 40.290210] test_invalid_access+0xdc/0x1f0 [ 40.290359] kunit_try_run_case+0x170/0x3f0 [ 40.291398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.291479] kthread+0x328/0x630 [ 40.291558] ret_from_fork+0x10/0x20 [ 40.291623] [ 40.291852] CPU: 1 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 40.291989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.292424] Hardware name: linux,dummy-virt (DT) [ 40.292841] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 40.058262] ================================================================== [ 40.058347] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.058347] [ 40.058410] Corrupted memory at 0x00000000fd523de0 [ ! . . . . . . . . . . . . . . . ] (in kfence-#184): [ 40.058722] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.058774] kunit_try_run_case+0x170/0x3f0 [ 40.058818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.058866] kthread+0x328/0x630 [ 40.058918] ret_from_fork+0x10/0x20 [ 40.058963] [ 40.058987] kfence-#184: 0x00000000e3961d6c-0x000000003b512f2d, size=73, cache=kmalloc-96 [ 40.058987] [ 40.059042] allocated by task 358 on cpu 1 at 40.058046s (0.000993s ago): [ 40.059106] test_alloc+0x29c/0x628 [ 40.059149] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 40.059194] kunit_try_run_case+0x170/0x3f0 [ 40.059236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.059282] kthread+0x328/0x630 [ 40.059320] ret_from_fork+0x10/0x20 [ 40.059360] [ 40.059384] freed by task 358 on cpu 1 at 40.058178s (0.001202s ago): [ 40.059451] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.059495] kunit_try_run_case+0x170/0x3f0 [ 40.059537] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.059581] kthread+0x328/0x630 [ 40.059618] ret_from_fork+0x10/0x20 [ 40.059658] [ 40.059699] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 40.059782] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.059812] Hardware name: linux,dummy-virt (DT) [ 40.059847] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 39.954961] ================================================================== [ 39.955050] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 39.955050] [ 39.955150] Out-of-bounds read at 0x0000000065584cfa (105B right of kfence-#183): [ 39.955213] test_kmalloc_aligned_oob_read+0x238/0x468 [ 39.955265] kunit_try_run_case+0x170/0x3f0 [ 39.955315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.955362] kthread+0x328/0x630 [ 39.955401] ret_from_fork+0x10/0x20 [ 39.955442] [ 39.955469] kfence-#183: 0x000000006c98b5a7-0x0000000034ded8dc, size=73, cache=kmalloc-96 [ 39.955469] [ 39.955521] allocated by task 356 on cpu 1 at 39.954709s (0.000809s ago): [ 39.955598] test_alloc+0x29c/0x628 [ 39.955641] test_kmalloc_aligned_oob_read+0x100/0x468 [ 39.955687] kunit_try_run_case+0x170/0x3f0 [ 39.955730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.955774] kthread+0x328/0x630 [ 39.955812] ret_from_fork+0x10/0x20 [ 39.955852] [ 39.955920] CPU: 1 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 39.956006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.956036] Hardware name: linux,dummy-virt (DT) [ 39.956076] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 35.586231] ================================================================== [ 35.586315] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 35.586315] [ 35.586377] Corrupted memory at 0x00000000543c792e [ ! . . . . . . . . . . . . . . . ] (in kfence-#141): [ 35.586686] test_corruption+0x120/0x378 [ 35.586734] kunit_try_run_case+0x170/0x3f0 [ 35.586781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.586827] kthread+0x328/0x630 [ 35.586864] ret_from_fork+0x10/0x20 [ 35.586920] [ 35.586944] kfence-#141: 0x0000000044385a8e-0x000000007d4510d8, size=32, cache=test [ 35.586944] [ 35.586996] allocated by task 346 on cpu 0 at 35.586090s (0.000903s ago): [ 35.587061] test_alloc+0x230/0x628 [ 35.587104] test_corruption+0xdc/0x378 [ 35.587144] kunit_try_run_case+0x170/0x3f0 [ 35.587185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.587228] kthread+0x328/0x630 [ 35.587265] ret_from_fork+0x10/0x20 [ 35.587304] [ 35.587327] freed by task 346 on cpu 0 at 35.586152s (0.001171s ago): [ 35.587389] test_corruption+0x120/0x378 [ 35.587429] kunit_try_run_case+0x170/0x3f0 [ 35.587471] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.587516] kthread+0x328/0x630 [ 35.587551] ret_from_fork+0x10/0x20 [ 35.587590] [ 35.587628] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 35.587706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.587734] Hardware name: linux,dummy-virt (DT) [ 35.587769] ================================================================== [ 35.482373] ================================================================== [ 35.482464] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 35.482464] [ 35.482526] Corrupted memory at 0x000000009ea75c5e [ ! ] (in kfence-#140): [ 35.482656] test_corruption+0x284/0x378 [ 35.482706] kunit_try_run_case+0x170/0x3f0 [ 35.482752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.482797] kthread+0x328/0x630 [ 35.482835] ret_from_fork+0x10/0x20 [ 35.482875] [ 35.482914] kfence-#140: 0x00000000d8b596ac-0x000000000eeb4840, size=32, cache=kmalloc-32 [ 35.482914] [ 35.482971] allocated by task 344 on cpu 0 at 35.482106s (0.000861s ago): [ 35.483035] test_alloc+0x29c/0x628 [ 35.483075] test_corruption+0x198/0x378 [ 35.483117] kunit_try_run_case+0x170/0x3f0 [ 35.483157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.483203] kthread+0x328/0x630 [ 35.483238] ret_from_fork+0x10/0x20 [ 35.483275] [ 35.483298] freed by task 344 on cpu 0 at 35.482204s (0.001090s ago): [ 35.483362] test_corruption+0x284/0x378 [ 35.483401] kunit_try_run_case+0x170/0x3f0 [ 35.483443] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.483489] kthread+0x328/0x630 [ 35.483525] ret_from_fork+0x10/0x20 [ 35.483565] [ 35.483609] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 35.483686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.483716] Hardware name: linux,dummy-virt (DT) [ 35.483754] ================================================================== [ 35.690187] ================================================================== [ 35.690270] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 35.690270] [ 35.690328] Corrupted memory at 0x0000000075e0161d [ ! ] (in kfence-#142): [ 35.690439] test_corruption+0x1d8/0x378 [ 35.690486] kunit_try_run_case+0x170/0x3f0 [ 35.690529] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.690576] kthread+0x328/0x630 [ 35.690613] ret_from_fork+0x10/0x20 [ 35.690652] [ 35.690675] kfence-#142: 0x000000006b2f88f4-0x0000000012e8e360, size=32, cache=test [ 35.690675] [ 35.690730] allocated by task 346 on cpu 0 at 35.690059s (0.000668s ago): [ 35.690793] test_alloc+0x230/0x628 [ 35.690836] test_corruption+0x198/0x378 [ 35.690878] kunit_try_run_case+0x170/0x3f0 [ 35.690934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.690979] kthread+0x328/0x630 [ 35.691014] ret_from_fork+0x10/0x20 [ 35.691053] [ 35.691078] freed by task 346 on cpu 0 at 35.690111s (0.000963s ago): [ 35.691140] test_corruption+0x1d8/0x378 [ 35.691184] kunit_try_run_case+0x170/0x3f0 [ 35.691225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.691270] kthread+0x328/0x630 [ 35.691307] ret_from_fork+0x10/0x20 [ 35.691347] [ 35.691386] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 35.691463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.691493] Hardware name: linux,dummy-virt (DT) [ 35.691529] ================================================================== [ 35.274426] ================================================================== [ 35.274545] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 35.274545] [ 35.274616] Corrupted memory at 0x00000000597199d4 [ ! . . . . . . . . . . . . . . . ] (in kfence-#138): [ 35.275753] test_corruption+0x278/0x378 [ 35.275811] kunit_try_run_case+0x170/0x3f0 [ 35.275859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.275922] kthread+0x328/0x630 [ 35.275964] ret_from_fork+0x10/0x20 [ 35.276008] [ 35.276032] kfence-#138: 0x00000000b99a0e8e-0x00000000a198c365, size=32, cache=kmalloc-32 [ 35.276032] [ 35.276091] allocated by task 344 on cpu 0 at 35.274117s (0.001970s ago): [ 35.276157] test_alloc+0x29c/0x628 [ 35.276198] test_corruption+0xdc/0x378 [ 35.276240] kunit_try_run_case+0x170/0x3f0 [ 35.276282] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.276327] kthread+0x328/0x630 [ 35.276362] ret_from_fork+0x10/0x20 [ 35.276400] [ 35.276426] freed by task 344 on cpu 0 at 35.274230s (0.002192s ago): [ 35.276486] test_corruption+0x278/0x378 [ 35.276526] kunit_try_run_case+0x170/0x3f0 [ 35.276568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.276612] kthread+0x328/0x630 [ 35.276648] ret_from_fork+0x10/0x20 [ 35.276688] [ 35.276738] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 35.276825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.276856] Hardware name: linux,dummy-virt (DT) [ 35.276892] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 34.550972] ================================================================== [ 34.551195] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 34.551195] [ 34.551374] Invalid free of 0x00000000ea6561c1 (in kfence-#131): [ 34.551463] test_double_free+0x100/0x238 [ 34.551527] kunit_try_run_case+0x170/0x3f0 [ 34.551573] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.551625] kthread+0x328/0x630 [ 34.551672] ret_from_fork+0x10/0x20 [ 34.551713] [ 34.551746] kfence-#131: 0x00000000ea6561c1-0x000000009eb9c262, size=32, cache=test [ 34.551746] [ 34.551804] allocated by task 338 on cpu 1 at 34.550487s (0.001314s ago): [ 34.551870] test_alloc+0x230/0x628 [ 34.551921] test_double_free+0xd4/0x238 [ 34.551963] kunit_try_run_case+0x170/0x3f0 [ 34.552014] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.552068] kthread+0x328/0x630 [ 34.552106] ret_from_fork+0x10/0x20 [ 34.552144] [ 34.552177] freed by task 338 on cpu 1 at 34.550612s (0.001560s ago): [ 34.552243] test_double_free+0xf0/0x238 [ 34.552284] kunit_try_run_case+0x170/0x3f0 [ 34.552324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.552370] kthread+0x328/0x630 [ 34.552411] ret_from_fork+0x10/0x20 [ 34.552449] [ 34.552487] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.552568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.552598] Hardware name: linux,dummy-virt (DT) [ 34.552642] ================================================================== [ 34.446806] ================================================================== [ 34.446916] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 34.446916] [ 34.446985] Invalid free of 0x000000007de98b24 (in kfence-#130): [ 34.447051] test_double_free+0x1bc/0x238 [ 34.447375] kunit_try_run_case+0x170/0x3f0 [ 34.447476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.447792] kthread+0x328/0x630 [ 34.447854] ret_from_fork+0x10/0x20 [ 34.447918] [ 34.447946] kfence-#130: 0x000000007de98b24-0x00000000b7a29141, size=32, cache=kmalloc-32 [ 34.447946] [ 34.448017] allocated by task 336 on cpu 1 at 34.445140s (0.002873s ago): [ 34.448085] test_alloc+0x29c/0x628 [ 34.448127] test_double_free+0xd4/0x238 [ 34.448169] kunit_try_run_case+0x170/0x3f0 [ 34.448212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.448265] kthread+0x328/0x630 [ 34.448304] ret_from_fork+0x10/0x20 [ 34.448344] [ 34.448367] freed by task 336 on cpu 1 at 34.445444s (0.002920s ago): [ 34.448441] test_double_free+0x1ac/0x238 [ 34.448482] kunit_try_run_case+0x170/0x3f0 [ 34.448531] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.448585] kthread+0x328/0x630 [ 34.448632] ret_from_fork+0x10/0x20 [ 34.448708] [ 34.448782] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.448868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.448907] Hardware name: linux,dummy-virt (DT) [ 34.449197] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 34.126940] ================================================================== [ 34.127019] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 34.127019] [ 34.127099] Use-after-free read at 0x00000000840a6eeb (in kfence-#127): [ 34.127199] test_use_after_free_read+0x114/0x248 [ 34.127276] kunit_try_run_case+0x170/0x3f0 [ 34.127325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.127420] kthread+0x328/0x630 [ 34.127478] ret_from_fork+0x10/0x20 [ 34.127558] [ 34.127584] kfence-#127: 0x00000000840a6eeb-0x000000003167a437, size=32, cache=test [ 34.127584] [ 34.127703] allocated by task 330 on cpu 1 at 34.126482s (0.001189s ago): [ 34.127774] test_alloc+0x230/0x628 [ 34.127851] test_use_after_free_read+0xd0/0x248 [ 34.127936] kunit_try_run_case+0x170/0x3f0 [ 34.127979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.128062] kthread+0x328/0x630 [ 34.128129] ret_from_fork+0x10/0x20 [ 34.128170] [ 34.128194] freed by task 330 on cpu 1 at 34.126542s (0.001649s ago): [ 34.128297] test_use_after_free_read+0xf0/0x248 [ 34.128342] kunit_try_run_case+0x170/0x3f0 [ 34.128384] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.128428] kthread+0x328/0x630 [ 34.128600] ret_from_fork+0x10/0x20 [ 34.128667] [ 34.128714] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.128800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.128858] Hardware name: linux,dummy-virt (DT) [ 34.128893] ================================================================== [ 34.022761] ================================================================== [ 34.022857] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 34.022857] [ 34.022966] Use-after-free read at 0x0000000010ca87c9 (in kfence-#126): [ 34.023018] test_use_after_free_read+0x114/0x248 [ 34.023069] kunit_try_run_case+0x170/0x3f0 [ 34.023118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.023260] kthread+0x328/0x630 [ 34.023325] ret_from_fork+0x10/0x20 [ 34.023369] [ 34.023394] kfence-#126: 0x0000000010ca87c9-0x00000000aa78842c, size=32, cache=kmalloc-32 [ 34.023394] [ 34.023510] allocated by task 328 on cpu 1 at 34.022454s (0.001045s ago): [ 34.023582] test_alloc+0x29c/0x628 [ 34.023625] test_use_after_free_read+0xd0/0x248 [ 34.023669] kunit_try_run_case+0x170/0x3f0 [ 34.023795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.023880] kthread+0x328/0x630 [ 34.023978] ret_from_fork+0x10/0x20 [ 34.024031] [ 34.024391] freed by task 328 on cpu 1 at 34.022526s (0.001580s ago): [ 34.024562] test_use_after_free_read+0x1c0/0x248 [ 34.024697] kunit_try_run_case+0x170/0x3f0 [ 34.024743] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024831] kthread+0x328/0x630 [ 34.024872] ret_from_fork+0x10/0x20 [ 34.025010] [ 34.025105] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 34.025217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.025305] Hardware name: linux,dummy-virt (DT) [ 34.025344] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 33.492560] ================================================================== [ 33.492626] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 33.492626] [ 33.493287] Out-of-bounds write at 0x000000005bd5ef20 (1B left of kfence-#121): [ 33.493499] test_out_of_bounds_write+0x100/0x240 [ 33.493623] kunit_try_run_case+0x170/0x3f0 [ 33.494085] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.494207] kthread+0x328/0x630 [ 33.494342] ret_from_fork+0x10/0x20 [ 33.494419] [ 33.494446] kfence-#121: 0x00000000f4887094-0x00000000f8211c2d, size=32, cache=kmalloc-32 [ 33.494446] [ 33.494879] allocated by task 324 on cpu 1 at 33.492416s (0.002457s ago): [ 33.495006] test_alloc+0x29c/0x628 [ 33.495106] test_out_of_bounds_write+0xc8/0x240 [ 33.495154] kunit_try_run_case+0x170/0x3f0 [ 33.495212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.495272] kthread+0x328/0x630 [ 33.495327] ret_from_fork+0x10/0x20 [ 33.495387] [ 33.495440] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 33.495549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.495596] Hardware name: linux,dummy-virt (DT) [ 33.495635] ================================================================== [ 33.918296] ================================================================== [ 33.918537] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 33.918537] [ 33.918632] Out-of-bounds write at 0x00000000d8c82d0b (1B left of kfence-#125): [ 33.918719] test_out_of_bounds_write+0x100/0x240 [ 33.918789] kunit_try_run_case+0x170/0x3f0 [ 33.918845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.918894] kthread+0x328/0x630 [ 33.918948] ret_from_fork+0x10/0x20 [ 33.918990] [ 33.919017] kfence-#125: 0x000000004fa0c41a-0x0000000003f90a58, size=32, cache=test [ 33.919017] [ 33.919187] allocated by task 326 on cpu 1 at 33.918205s (0.000971s ago): [ 33.919281] test_alloc+0x230/0x628 [ 33.919344] test_out_of_bounds_write+0xc8/0x240 [ 33.919388] kunit_try_run_case+0x170/0x3f0 [ 33.919467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.919549] kthread+0x328/0x630 [ 33.919605] ret_from_fork+0x10/0x20 [ 33.919648] [ 33.919691] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 33.919845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.919934] Hardware name: linux,dummy-virt (DT) [ 33.920000] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 32.964252] ================================================================== [ 32.964362] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 32.964362] [ 32.964494] Out-of-bounds read at 0x00000000b8f03441 (1B left of kfence-#116): [ 32.964714] test_out_of_bounds_read+0x114/0x3e0 [ 32.964776] kunit_try_run_case+0x170/0x3f0 [ 32.964831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.964879] kthread+0x328/0x630 [ 32.968251] ret_from_fork+0x10/0x20 [ 32.968322] [ 32.968519] kfence-#116: 0x00000000cd8ff812-0x00000000dcec5bf9, size=32, cache=kmalloc-32 [ 32.968519] [ 32.968697] allocated by task 320 on cpu 1 at 32.963332s (0.005309s ago): [ 32.969074] test_alloc+0x29c/0x628 [ 32.969139] test_out_of_bounds_read+0xdc/0x3e0 [ 32.969185] kunit_try_run_case+0x170/0x3f0 [ 32.969228] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.969275] kthread+0x328/0x630 [ 32.969312] ret_from_fork+0x10/0x20 [ 32.969394] [ 32.969468] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.969554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.969585] Hardware name: linux,dummy-virt (DT) [ 32.969627] ================================================================== [ 33.175389] ================================================================== [ 33.175471] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 33.175471] [ 33.175792] Out-of-bounds read at 0x00000000d097a2bf (1B left of kfence-#118): [ 33.175885] test_out_of_bounds_read+0x114/0x3e0 [ 33.175955] kunit_try_run_case+0x170/0x3f0 [ 33.176001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.176047] kthread+0x328/0x630 [ 33.176096] ret_from_fork+0x10/0x20 [ 33.176145] [ 33.176181] kfence-#118: 0x00000000595902e0-0x000000000b8af24e, size=32, cache=test [ 33.176181] [ 33.176236] allocated by task 322 on cpu 1 at 33.175035s (0.001197s ago): [ 33.176362] test_alloc+0x230/0x628 [ 33.176408] test_out_of_bounds_read+0xdc/0x3e0 [ 33.176450] kunit_try_run_case+0x170/0x3f0 [ 33.176490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.176535] kthread+0x328/0x630 [ 33.176572] ret_from_fork+0x10/0x20 [ 33.176614] [ 33.176670] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 33.176753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.176787] Hardware name: linux,dummy-virt (DT) [ 33.176833] ================================================================== [ 33.387440] ================================================================== [ 33.387553] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 33.387553] [ 33.387642] Out-of-bounds read at 0x0000000058b271a5 (32B right of kfence-#120): [ 33.388067] test_out_of_bounds_read+0x1c8/0x3e0 [ 33.388189] kunit_try_run_case+0x170/0x3f0 [ 33.388275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.388457] kthread+0x328/0x630 [ 33.388533] ret_from_fork+0x10/0x20 [ 33.388591] [ 33.388618] kfence-#120: 0x0000000087aa9d75-0x000000007a87270c, size=32, cache=test [ 33.388618] [ 33.388925] allocated by task 322 on cpu 1 at 33.387231s (0.001685s ago): [ 33.389016] test_alloc+0x230/0x628 [ 33.389110] test_out_of_bounds_read+0x198/0x3e0 [ 33.389205] kunit_try_run_case+0x170/0x3f0 [ 33.389252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.389819] kthread+0x328/0x630 [ 33.390002] ret_from_fork+0x10/0x20 [ 33.390087] [ 33.390242] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 33.390454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.390696] Hardware name: linux,dummy-virt (DT) [ 33.391027] ================================================================== [ 33.067600] ================================================================== [ 33.067712] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 33.067712] [ 33.067965] Out-of-bounds read at 0x0000000066b93cd6 (32B right of kfence-#117): [ 33.068036] test_out_of_bounds_read+0x1c8/0x3e0 [ 33.068450] kunit_try_run_case+0x170/0x3f0 [ 33.068527] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.068859] kthread+0x328/0x630 [ 33.069129] ret_from_fork+0x10/0x20 [ 33.069312] [ 33.069365] kfence-#117: 0x000000002793fc07-0x0000000092d3b27f, size=32, cache=kmalloc-32 [ 33.069365] [ 33.069578] allocated by task 320 on cpu 1 at 33.066712s (0.002789s ago): [ 33.069689] test_alloc+0x29c/0x628 [ 33.070029] test_out_of_bounds_read+0x198/0x3e0 [ 33.070227] kunit_try_run_case+0x170/0x3f0 [ 33.070341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.070419] kthread+0x328/0x630 [ 33.070458] ret_from_fork+0x10/0x20 [ 33.070641] [ 33.070874] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 33.071280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.071491] Hardware name: linux,dummy-virt (DT) [ 33.071644] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 32.763566] ================================================================== [ 32.763702] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 32.763771] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.763870] [ 32.764001] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.764132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.764173] Hardware name: linux,dummy-virt (DT) [ 32.764540] Call trace: [ 32.764775] show_stack+0x20/0x38 (C) [ 32.764840] dump_stack_lvl+0x8c/0xd0 [ 32.764892] print_report+0x118/0x608 [ 32.764965] kasan_report+0xdc/0x128 [ 32.765092] kasan_check_range+0x100/0x1a8 [ 32.765158] __kasan_check_write+0x20/0x30 [ 32.765381] strncpy_from_user+0x3c/0x2a0 [ 32.765624] copy_user_test_oob+0x5c0/0xec8 [ 32.765818] kunit_try_run_case+0x170/0x3f0 [ 32.765869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.765937] kthread+0x328/0x630 [ 32.766097] ret_from_fork+0x10/0x20 [ 32.766438] [ 32.766465] Allocated by task 318: [ 32.766500] kasan_save_stack+0x3c/0x68 [ 32.766763] kasan_save_track+0x20/0x40 [ 32.766914] kasan_save_alloc_info+0x40/0x58 [ 32.766990] __kasan_kmalloc+0xd4/0xd8 [ 32.767035] __kmalloc_noprof+0x198/0x4c8 [ 32.767357] kunit_kmalloc_array+0x34/0x88 [ 32.767502] copy_user_test_oob+0xac/0xec8 [ 32.767619] kunit_try_run_case+0x170/0x3f0 [ 32.767686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.767836] kthread+0x328/0x630 [ 32.767873] ret_from_fork+0x10/0x20 [ 32.767953] [ 32.768040] The buggy address belongs to the object at fff00000c5adb400 [ 32.768040] which belongs to the cache kmalloc-128 of size 128 [ 32.768135] The buggy address is located 0 bytes inside of [ 32.768135] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.768202] [ 32.768226] The buggy address belongs to the physical page: [ 32.768261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.768329] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.768383] page_type: f5(slab) [ 32.768777] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.768842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.769231] page dumped because: kasan: bad access detected [ 32.769277] [ 32.769298] Memory state around the buggy address: [ 32.769386] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.769738] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.769796] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.769907] ^ [ 32.770165] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.770219] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.770399] ================================================================== [ 32.771435] ================================================================== [ 32.771675] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 32.771860] Write of size 1 at addr fff00000c5adb478 by task kunit_try_catch/318 [ 32.771925] [ 32.771956] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.772053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.772185] Hardware name: linux,dummy-virt (DT) [ 32.772353] Call trace: [ 32.772380] show_stack+0x20/0x38 (C) [ 32.772430] dump_stack_lvl+0x8c/0xd0 [ 32.772478] print_report+0x118/0x608 [ 32.772527] kasan_report+0xdc/0x128 [ 32.772582] __asan_report_store1_noabort+0x20/0x30 [ 32.772735] strncpy_from_user+0x270/0x2a0 [ 32.772831] copy_user_test_oob+0x5c0/0xec8 [ 32.773275] kunit_try_run_case+0x170/0x3f0 [ 32.773351] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.773863] kthread+0x328/0x630 [ 32.773943] ret_from_fork+0x10/0x20 [ 32.774046] [ 32.774088] Allocated by task 318: [ 32.774248] kasan_save_stack+0x3c/0x68 [ 32.774335] kasan_save_track+0x20/0x40 [ 32.774396] kasan_save_alloc_info+0x40/0x58 [ 32.774439] __kasan_kmalloc+0xd4/0xd8 [ 32.774480] __kmalloc_noprof+0x198/0x4c8 [ 32.774522] kunit_kmalloc_array+0x34/0x88 [ 32.774564] copy_user_test_oob+0xac/0xec8 [ 32.774606] kunit_try_run_case+0x170/0x3f0 [ 32.774648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.774695] kthread+0x328/0x630 [ 32.774732] ret_from_fork+0x10/0x20 [ 32.774772] [ 32.774794] The buggy address belongs to the object at fff00000c5adb400 [ 32.774794] which belongs to the cache kmalloc-128 of size 128 [ 32.775473] The buggy address is located 0 bytes to the right of [ 32.775473] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.775858] [ 32.775883] The buggy address belongs to the physical page: [ 32.776097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.776180] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.776344] page_type: f5(slab) [ 32.776448] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.776539] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.776581] page dumped because: kasan: bad access detected [ 32.776668] [ 32.776713] Memory state around the buggy address: [ 32.776746] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.776801] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.776909] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.776951] ^ [ 32.777515] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.777781] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.777837] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 32.736550] ================================================================== [ 32.736605] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.736661] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.736714] [ 32.736929] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.737388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.737778] Hardware name: linux,dummy-virt (DT) [ 32.737990] Call trace: [ 32.738321] show_stack+0x20/0x38 (C) [ 32.738717] dump_stack_lvl+0x8c/0xd0 [ 32.738769] print_report+0x118/0x608 [ 32.738840] kasan_report+0xdc/0x128 [ 32.738890] kasan_check_range+0x100/0x1a8 [ 32.738948] __kasan_check_read+0x20/0x30 [ 32.738995] copy_user_test_oob+0x3c8/0xec8 [ 32.739416] kunit_try_run_case+0x170/0x3f0 [ 32.739686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.739744] kthread+0x328/0x630 [ 32.739786] ret_from_fork+0x10/0x20 [ 32.739847] [ 32.739883] Allocated by task 318: [ 32.739926] kasan_save_stack+0x3c/0x68 [ 32.739970] kasan_save_track+0x20/0x40 [ 32.740012] kasan_save_alloc_info+0x40/0x58 [ 32.740050] __kasan_kmalloc+0xd4/0xd8 [ 32.740092] __kmalloc_noprof+0x198/0x4c8 [ 32.740133] kunit_kmalloc_array+0x34/0x88 [ 32.740184] copy_user_test_oob+0xac/0xec8 [ 32.740223] kunit_try_run_case+0x170/0x3f0 [ 32.740635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.741083] kthread+0x328/0x630 [ 32.741263] ret_from_fork+0x10/0x20 [ 32.741379] [ 32.741456] The buggy address belongs to the object at fff00000c5adb400 [ 32.741456] which belongs to the cache kmalloc-128 of size 128 [ 32.741531] The buggy address is located 0 bytes inside of [ 32.741531] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.741657] [ 32.741761] The buggy address belongs to the physical page: [ 32.741796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.742514] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.742678] page_type: f5(slab) [ 32.742719] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.742772] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.742815] page dumped because: kasan: bad access detected [ 32.742849] [ 32.742871] Memory state around the buggy address: [ 32.742915] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.742963] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743009] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.743047] ^ [ 32.743779] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743845] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743888] ================================================================== [ 32.702039] ================================================================== [ 32.702131] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.702208] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.702430] [ 32.702524] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.702620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.703513] Hardware name: linux,dummy-virt (DT) [ 32.703569] Call trace: [ 32.703615] show_stack+0x20/0x38 (C) [ 32.703686] dump_stack_lvl+0x8c/0xd0 [ 32.703741] print_report+0x118/0x608 [ 32.703790] kasan_report+0xdc/0x128 [ 32.703847] kasan_check_range+0x100/0x1a8 [ 32.703894] __kasan_check_write+0x20/0x30 [ 32.703967] copy_user_test_oob+0x234/0xec8 [ 32.704019] kunit_try_run_case+0x170/0x3f0 [ 32.704070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.704126] kthread+0x328/0x630 [ 32.704180] ret_from_fork+0x10/0x20 [ 32.704232] [ 32.704255] Allocated by task 318: [ 32.704288] kasan_save_stack+0x3c/0x68 [ 32.704333] kasan_save_track+0x20/0x40 [ 32.704375] kasan_save_alloc_info+0x40/0x58 [ 32.704423] __kasan_kmalloc+0xd4/0xd8 [ 32.704464] __kmalloc_noprof+0x198/0x4c8 [ 32.704517] kunit_kmalloc_array+0x34/0x88 [ 32.704558] copy_user_test_oob+0xac/0xec8 [ 32.704597] kunit_try_run_case+0x170/0x3f0 [ 32.704649] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.704695] kthread+0x328/0x630 [ 32.704729] ret_from_fork+0x10/0x20 [ 32.704773] [ 32.704799] The buggy address belongs to the object at fff00000c5adb400 [ 32.704799] which belongs to the cache kmalloc-128 of size 128 [ 32.704873] The buggy address is located 0 bytes inside of [ 32.704873] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.704952] [ 32.704977] The buggy address belongs to the physical page: [ 32.705013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.705072] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.705125] page_type: f5(slab) [ 32.705167] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.705220] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.705264] page dumped because: kasan: bad access detected [ 32.705298] [ 32.705318] Memory state around the buggy address: [ 32.705354] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.705400] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705444] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.705485] ^ [ 32.705527] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705571] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705609] ================================================================== [ 32.713605] ================================================================== [ 32.713667] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.713892] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.714034] [ 32.714098] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.714210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.714415] Hardware name: linux,dummy-virt (DT) [ 32.714488] Call trace: [ 32.714516] show_stack+0x20/0x38 (C) [ 32.714569] dump_stack_lvl+0x8c/0xd0 [ 32.714617] print_report+0x118/0x608 [ 32.714689] kasan_report+0xdc/0x128 [ 32.714747] kasan_check_range+0x100/0x1a8 [ 32.714806] __kasan_check_read+0x20/0x30 [ 32.714860] copy_user_test_oob+0x728/0xec8 [ 32.714934] kunit_try_run_case+0x170/0x3f0 [ 32.714994] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.715067] kthread+0x328/0x630 [ 32.715117] ret_from_fork+0x10/0x20 [ 32.715176] [ 32.715207] Allocated by task 318: [ 32.715236] kasan_save_stack+0x3c/0x68 [ 32.715282] kasan_save_track+0x20/0x40 [ 32.715323] kasan_save_alloc_info+0x40/0x58 [ 32.715374] __kasan_kmalloc+0xd4/0xd8 [ 32.715422] __kmalloc_noprof+0x198/0x4c8 [ 32.715465] kunit_kmalloc_array+0x34/0x88 [ 32.715506] copy_user_test_oob+0xac/0xec8 [ 32.715548] kunit_try_run_case+0x170/0x3f0 [ 32.715588] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.715633] kthread+0x328/0x630 [ 32.715690] ret_from_fork+0x10/0x20 [ 32.715729] [ 32.715768] The buggy address belongs to the object at fff00000c5adb400 [ 32.715768] which belongs to the cache kmalloc-128 of size 128 [ 32.715836] The buggy address is located 0 bytes inside of [ 32.715836] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.716640] [ 32.716676] The buggy address belongs to the physical page: [ 32.716789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.716845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.716906] page_type: f5(slab) [ 32.716948] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.717002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.717358] page dumped because: kasan: bad access detected [ 32.717429] [ 32.717681] Memory state around the buggy address: [ 32.717866] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.717928] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.717973] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.718014] ^ [ 32.718057] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.718476] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.718755] ================================================================== [ 32.753030] ================================================================== [ 32.753300] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.753563] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.753676] [ 32.753760] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.753880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.753921] Hardware name: linux,dummy-virt (DT) [ 32.754313] Call trace: [ 32.754380] show_stack+0x20/0x38 (C) [ 32.754438] dump_stack_lvl+0x8c/0xd0 [ 32.754603] print_report+0x118/0x608 [ 32.754662] kasan_report+0xdc/0x128 [ 32.755032] kasan_check_range+0x100/0x1a8 [ 32.755087] __kasan_check_read+0x20/0x30 [ 32.755135] copy_user_test_oob+0x4a0/0xec8 [ 32.755547] kunit_try_run_case+0x170/0x3f0 [ 32.755688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.755748] kthread+0x328/0x630 [ 32.755794] ret_from_fork+0x10/0x20 [ 32.755844] [ 32.755866] Allocated by task 318: [ 32.755910] kasan_save_stack+0x3c/0x68 [ 32.755967] kasan_save_track+0x20/0x40 [ 32.756012] kasan_save_alloc_info+0x40/0x58 [ 32.756529] __kasan_kmalloc+0xd4/0xd8 [ 32.756839] __kmalloc_noprof+0x198/0x4c8 [ 32.756986] kunit_kmalloc_array+0x34/0x88 [ 32.757088] copy_user_test_oob+0xac/0xec8 [ 32.757139] kunit_try_run_case+0x170/0x3f0 [ 32.757184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.757237] kthread+0x328/0x630 [ 32.757276] ret_from_fork+0x10/0x20 [ 32.757317] [ 32.757926] The buggy address belongs to the object at fff00000c5adb400 [ 32.757926] which belongs to the cache kmalloc-128 of size 128 [ 32.758159] The buggy address is located 0 bytes inside of [ 32.758159] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.758261] [ 32.758286] The buggy address belongs to the physical page: [ 32.758322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.758402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.758778] page_type: f5(slab) [ 32.758913] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.759007] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.759052] page dumped because: kasan: bad access detected [ 32.759088] [ 32.759131] Memory state around the buggy address: [ 32.759320] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.759554] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.759706] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.759781] ^ [ 32.759829] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.760215] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.760620] ================================================================== [ 32.728433] ================================================================== [ 32.728668] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.728917] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.728972] [ 32.729007] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.729423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.729454] Hardware name: linux,dummy-virt (DT) [ 32.729488] Call trace: [ 32.729513] show_stack+0x20/0x38 (C) [ 32.730071] dump_stack_lvl+0x8c/0xd0 [ 32.730128] print_report+0x118/0x608 [ 32.730224] kasan_report+0xdc/0x128 [ 32.730322] kasan_check_range+0x100/0x1a8 [ 32.730370] __kasan_check_write+0x20/0x30 [ 32.730441] copy_user_test_oob+0x35c/0xec8 [ 32.730489] kunit_try_run_case+0x170/0x3f0 [ 32.730810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.730872] kthread+0x328/0x630 [ 32.730924] ret_from_fork+0x10/0x20 [ 32.730975] [ 32.731022] Allocated by task 318: [ 32.731099] kasan_save_stack+0x3c/0x68 [ 32.731145] kasan_save_track+0x20/0x40 [ 32.731242] kasan_save_alloc_info+0x40/0x58 [ 32.731344] __kasan_kmalloc+0xd4/0xd8 [ 32.731423] __kmalloc_noprof+0x198/0x4c8 [ 32.731466] kunit_kmalloc_array+0x34/0x88 [ 32.731509] copy_user_test_oob+0xac/0xec8 [ 32.731552] kunit_try_run_case+0x170/0x3f0 [ 32.731639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.731855] kthread+0x328/0x630 [ 32.731918] ret_from_fork+0x10/0x20 [ 32.731958] [ 32.732013] The buggy address belongs to the object at fff00000c5adb400 [ 32.732013] which belongs to the cache kmalloc-128 of size 128 [ 32.732145] The buggy address is located 0 bytes inside of [ 32.732145] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.732307] [ 32.732362] The buggy address belongs to the physical page: [ 32.732396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.732450] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.732501] page_type: f5(slab) [ 32.732548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.732815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.733243] page dumped because: kasan: bad access detected [ 32.733894] [ 32.734087] Memory state around the buggy address: [ 32.734130] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.734519] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.734604] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.734645] ^ [ 32.734689] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.734731] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.735181] ================================================================== [ 32.744962] ================================================================== [ 32.745108] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.745161] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.745321] [ 32.745462] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.745766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.745796] Hardware name: linux,dummy-virt (DT) [ 32.745830] Call trace: [ 32.745854] show_stack+0x20/0x38 (C) [ 32.746344] dump_stack_lvl+0x8c/0xd0 [ 32.746479] print_report+0x118/0x608 [ 32.746546] kasan_report+0xdc/0x128 [ 32.746596] kasan_check_range+0x100/0x1a8 [ 32.746643] __kasan_check_write+0x20/0x30 [ 32.746690] copy_user_test_oob+0x434/0xec8 [ 32.746740] kunit_try_run_case+0x170/0x3f0 [ 32.747356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.747766] kthread+0x328/0x630 [ 32.747814] ret_from_fork+0x10/0x20 [ 32.748282] [ 32.748357] Allocated by task 318: [ 32.748392] kasan_save_stack+0x3c/0x68 [ 32.748438] kasan_save_track+0x20/0x40 [ 32.748480] kasan_save_alloc_info+0x40/0x58 [ 32.748521] __kasan_kmalloc+0xd4/0xd8 [ 32.748608] __kmalloc_noprof+0x198/0x4c8 [ 32.748743] kunit_kmalloc_array+0x34/0x88 [ 32.748788] copy_user_test_oob+0xac/0xec8 [ 32.748913] kunit_try_run_case+0x170/0x3f0 [ 32.748956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.749004] kthread+0x328/0x630 [ 32.749177] ret_from_fork+0x10/0x20 [ 32.749740] [ 32.749770] The buggy address belongs to the object at fff00000c5adb400 [ 32.749770] which belongs to the cache kmalloc-128 of size 128 [ 32.749837] The buggy address is located 0 bytes inside of [ 32.749837] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.749912] [ 32.750111] The buggy address belongs to the physical page: [ 32.750173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.750246] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.750332] page_type: f5(slab) [ 32.750476] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.750530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.750574] page dumped because: kasan: bad access detected [ 32.750610] [ 32.750641] Memory state around the buggy address: [ 32.750677] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.750971] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751020] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.751424] ^ [ 32.751569] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751728] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751790] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 32.656489] ================================================================== [ 32.656559] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 32.656685] Read of size 8 at addr fff00000c5adb378 by task kunit_try_catch/314 [ 32.656746] [ 32.656825] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.657066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.657202] Hardware name: linux,dummy-virt (DT) [ 32.657520] Call trace: [ 32.657628] show_stack+0x20/0x38 (C) [ 32.657691] dump_stack_lvl+0x8c/0xd0 [ 32.657804] print_report+0x118/0x608 [ 32.658016] kasan_report+0xdc/0x128 [ 32.658176] __asan_report_load8_noabort+0x20/0x30 [ 32.658234] copy_to_kernel_nofault+0x204/0x250 [ 32.658286] copy_to_kernel_nofault_oob+0x158/0x418 [ 32.658613] kunit_try_run_case+0x170/0x3f0 [ 32.658710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.658876] kthread+0x328/0x630 [ 32.659026] ret_from_fork+0x10/0x20 [ 32.659155] [ 32.659278] Allocated by task 314: [ 32.659315] kasan_save_stack+0x3c/0x68 [ 32.659390] kasan_save_track+0x20/0x40 [ 32.659748] kasan_save_alloc_info+0x40/0x58 [ 32.659964] __kasan_kmalloc+0xd4/0xd8 [ 32.660564] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.660755] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.660886] kunit_try_run_case+0x170/0x3f0 [ 32.661051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.661101] kthread+0x328/0x630 [ 32.661489] ret_from_fork+0x10/0x20 [ 32.661559] [ 32.661596] The buggy address belongs to the object at fff00000c5adb300 [ 32.661596] which belongs to the cache kmalloc-128 of size 128 [ 32.661713] The buggy address is located 0 bytes to the right of [ 32.661713] allocated 120-byte region [fff00000c5adb300, fff00000c5adb378) [ 32.661950] [ 32.661980] The buggy address belongs to the physical page: [ 32.662151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.662303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.662398] page_type: f5(slab) [ 32.662581] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.662751] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.663177] page dumped because: kasan: bad access detected [ 32.663318] [ 32.663449] Memory state around the buggy address: [ 32.663601] fff00000c5adb200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.663659] fff00000c5adb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.663722] >fff00000c5adb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.663763] ^ [ 32.663857] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.663915] fff00000c5adb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.663956] ================================================================== [ 32.664416] ================================================================== [ 32.664468] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 32.664522] Write of size 8 at addr fff00000c5adb378 by task kunit_try_catch/314 [ 32.664575] [ 32.664607] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.664691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.664748] Hardware name: linux,dummy-virt (DT) [ 32.664782] Call trace: [ 32.664811] show_stack+0x20/0x38 (C) [ 32.664861] dump_stack_lvl+0x8c/0xd0 [ 32.664927] print_report+0x118/0x608 [ 32.664979] kasan_report+0xdc/0x128 [ 32.665028] kasan_check_range+0x100/0x1a8 [ 32.665076] __kasan_check_write+0x20/0x30 [ 32.665125] copy_to_kernel_nofault+0x8c/0x250 [ 32.665174] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 32.665226] kunit_try_run_case+0x170/0x3f0 [ 32.665279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.665334] kthread+0x328/0x630 [ 32.665377] ret_from_fork+0x10/0x20 [ 32.665437] [ 32.665458] Allocated by task 314: [ 32.665493] kasan_save_stack+0x3c/0x68 [ 32.665539] kasan_save_track+0x20/0x40 [ 32.665578] kasan_save_alloc_info+0x40/0x58 [ 32.665626] __kasan_kmalloc+0xd4/0xd8 [ 32.665674] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.666311] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.666369] kunit_try_run_case+0x170/0x3f0 [ 32.666413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.666460] kthread+0x328/0x630 [ 32.666548] ret_from_fork+0x10/0x20 [ 32.667583] [ 32.667627] The buggy address belongs to the object at fff00000c5adb300 [ 32.667627] which belongs to the cache kmalloc-128 of size 128 [ 32.667712] The buggy address is located 0 bytes to the right of [ 32.667712] allocated 120-byte region [fff00000c5adb300, fff00000c5adb378) [ 32.667815] [ 32.667871] The buggy address belongs to the physical page: [ 32.667930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.668165] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.668584] page_type: f5(slab) [ 32.668945] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.669094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.669273] page dumped because: kasan: bad access detected [ 32.669477] [ 32.669535] Memory state around the buggy address: [ 32.669684] fff00000c5adb200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.670130] fff00000c5adb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.670212] >fff00000c5adb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.670287] ^ [ 32.670423] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.670768] fff00000c5adb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.670851] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 32.606531] ================================================================== [ 32.606583] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 32.606633] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/302 [ 32.606685] [ 32.606715] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.606801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.606830] Hardware name: linux,dummy-virt (DT) [ 32.606863] Call trace: [ 32.606914] show_stack+0x20/0x38 (C) [ 32.606965] dump_stack_lvl+0x8c/0xd0 [ 32.607022] print_report+0x310/0x608 [ 32.607070] kasan_report+0xdc/0x128 [ 32.607118] __asan_report_load1_noabort+0x20/0x30 [ 32.607166] vmalloc_oob+0x51c/0x5d0 [ 32.607213] kunit_try_run_case+0x170/0x3f0 [ 32.607264] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.607317] kthread+0x328/0x630 [ 32.607361] ret_from_fork+0x10/0x20 [ 32.607409] [ 32.607436] The buggy address belongs to the virtual mapping at [ 32.607436] [ffff8000800fe000, ffff800080100000) created by: [ 32.607436] vmalloc_oob+0x98/0x5d0 [ 32.607509] [ 32.607555] The buggy address belongs to the physical page: [ 32.607587] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109afb [ 32.607649] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.607720] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 32.607780] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.607824] page dumped because: kasan: bad access detected [ 32.607859] [ 32.607880] Memory state around the buggy address: [ 32.607925] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.608961] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.609034] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 32.609076] ^ [ 32.609120] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.609166] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.609209] ================================================================== [ 32.600373] ================================================================== [ 32.600493] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 32.600580] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/302 [ 32.600678] [ 32.600731] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.600982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.601120] Hardware name: linux,dummy-virt (DT) [ 32.601198] Call trace: [ 32.601279] show_stack+0x20/0x38 (C) [ 32.601339] dump_stack_lvl+0x8c/0xd0 [ 32.601386] print_report+0x310/0x608 [ 32.601435] kasan_report+0xdc/0x128 [ 32.601486] __asan_report_load1_noabort+0x20/0x30 [ 32.601535] vmalloc_oob+0x578/0x5d0 [ 32.601582] kunit_try_run_case+0x170/0x3f0 [ 32.601633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.601690] kthread+0x328/0x630 [ 32.602101] ret_from_fork+0x10/0x20 [ 32.602168] [ 32.602503] The buggy address belongs to the virtual mapping at [ 32.602503] [ffff8000800fe000, ffff800080100000) created by: [ 32.602503] vmalloc_oob+0x98/0x5d0 [ 32.602655] [ 32.602703] The buggy address belongs to the physical page: [ 32.602760] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109afb [ 32.603052] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.603579] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 32.603643] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.603689] page dumped because: kasan: bad access detected [ 32.604039] [ 32.604102] Memory state around the buggy address: [ 32.604483] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.604580] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.604634] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 32.604969] ^ [ 32.605190] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.605303] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.605704] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 32.391234] ================================================================== [ 32.391444] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 32.391530] Write of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.391728] [ 32.391764] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.391939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.392002] Hardware name: linux,dummy-virt (DT) [ 32.392422] Call trace: [ 32.392469] show_stack+0x20/0x38 (C) [ 32.392524] dump_stack_lvl+0x8c/0xd0 [ 32.392580] print_report+0x118/0x608 [ 32.392629] kasan_report+0xdc/0x128 [ 32.392699] kasan_check_range+0x100/0x1a8 [ 32.392762] __kasan_check_write+0x20/0x30 [ 32.392816] kasan_atomics_helper+0xd3c/0x4858 [ 32.392866] kasan_atomics+0x198/0x2e0 [ 32.392925] kunit_try_run_case+0x170/0x3f0 [ 32.392979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.393051] kthread+0x328/0x630 [ 32.393096] ret_from_fork+0x10/0x20 [ 32.393155] [ 32.393176] Allocated by task 298: [ 32.393209] kasan_save_stack+0x3c/0x68 [ 32.393254] kasan_save_track+0x20/0x40 [ 32.393295] kasan_save_alloc_info+0x40/0x58 [ 32.393335] __kasan_kmalloc+0xd4/0xd8 [ 32.393376] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.393418] kasan_atomics+0xb8/0x2e0 [ 32.393458] kunit_try_run_case+0x170/0x3f0 [ 32.393500] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.393547] kthread+0x328/0x630 [ 32.393583] ret_from_fork+0x10/0x20 [ 32.393623] [ 32.393643] The buggy address belongs to the object at fff00000c5ae7400 [ 32.393643] which belongs to the cache kmalloc-64 of size 64 [ 32.393702] The buggy address is located 0 bytes to the right of [ 32.393702] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.394069] [ 32.394093] The buggy address belongs to the physical page: [ 32.394127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.394274] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.394693] page_type: f5(slab) [ 32.394775] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.395033] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.395096] page dumped because: kasan: bad access detected [ 32.395132] [ 32.395153] Memory state around the buggy address: [ 32.395228] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.395432] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.395509] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.395616] ^ [ 32.395674] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395741] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.395887] ================================================================== [ 32.528358] ================================================================== [ 32.528599] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 32.528659] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.528711] [ 32.528930] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.529094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.529124] Hardware name: linux,dummy-virt (DT) [ 32.529157] Call trace: [ 32.529189] show_stack+0x20/0x38 (C) [ 32.529241] dump_stack_lvl+0x8c/0xd0 [ 32.529287] print_report+0x118/0x608 [ 32.529588] kasan_report+0xdc/0x128 [ 32.529691] kasan_check_range+0x100/0x1a8 [ 32.529912] __kasan_check_write+0x20/0x30 [ 32.530008] kasan_atomics_helper+0x15b4/0x4858 [ 32.530073] kasan_atomics+0x198/0x2e0 [ 32.530121] kunit_try_run_case+0x170/0x3f0 [ 32.530190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.530245] kthread+0x328/0x630 [ 32.530288] ret_from_fork+0x10/0x20 [ 32.530337] [ 32.530360] Allocated by task 298: [ 32.530389] kasan_save_stack+0x3c/0x68 [ 32.530754] kasan_save_track+0x20/0x40 [ 32.530809] kasan_save_alloc_info+0x40/0x58 [ 32.530947] __kasan_kmalloc+0xd4/0xd8 [ 32.531340] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.531512] kasan_atomics+0xb8/0x2e0 [ 32.531583] kunit_try_run_case+0x170/0x3f0 [ 32.531625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.531673] kthread+0x328/0x630 [ 32.531709] ret_from_fork+0x10/0x20 [ 32.531759] [ 32.531792] The buggy address belongs to the object at fff00000c5ae7400 [ 32.531792] which belongs to the cache kmalloc-64 of size 64 [ 32.531856] The buggy address is located 0 bytes to the right of [ 32.531856] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.531932] [ 32.531966] The buggy address belongs to the physical page: [ 32.532012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.532065] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.532113] page_type: f5(slab) [ 32.532154] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.532204] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.532257] page dumped because: kasan: bad access detected [ 32.532307] [ 32.532328] Memory state around the buggy address: [ 32.532362] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.532408] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.532452] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.532491] ^ [ 32.532546] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.532615] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.532663] ================================================================== [ 32.408660] ================================================================== [ 32.408722] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 32.408775] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.408913] [ 32.408951] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.409037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.409259] Hardware name: linux,dummy-virt (DT) [ 32.409411] Call trace: [ 32.409440] show_stack+0x20/0x38 (C) [ 32.409495] dump_stack_lvl+0x8c/0xd0 [ 32.409784] print_report+0x118/0x608 [ 32.409931] kasan_report+0xdc/0x128 [ 32.410051] __asan_report_load8_noabort+0x20/0x30 [ 32.410232] kasan_atomics_helper+0x3f58/0x4858 [ 32.410293] kasan_atomics+0x198/0x2e0 [ 32.410343] kunit_try_run_case+0x170/0x3f0 [ 32.410394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.410794] kthread+0x328/0x630 [ 32.411218] ret_from_fork+0x10/0x20 [ 32.411492] [ 32.411557] Allocated by task 298: [ 32.411589] kasan_save_stack+0x3c/0x68 [ 32.411844] kasan_save_track+0x20/0x40 [ 32.412003] kasan_save_alloc_info+0x40/0x58 [ 32.412121] __kasan_kmalloc+0xd4/0xd8 [ 32.412208] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.412604] kasan_atomics+0xb8/0x2e0 [ 32.412651] kunit_try_run_case+0x170/0x3f0 [ 32.412694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.412987] kthread+0x328/0x630 [ 32.413368] ret_from_fork+0x10/0x20 [ 32.413460] [ 32.413538] The buggy address belongs to the object at fff00000c5ae7400 [ 32.413538] which belongs to the cache kmalloc-64 of size 64 [ 32.413729] The buggy address is located 0 bytes to the right of [ 32.413729] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.414214] [ 32.414417] The buggy address belongs to the physical page: [ 32.414486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.414660] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.414911] page_type: f5(slab) [ 32.415002] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.415125] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.415500] page dumped because: kasan: bad access detected [ 32.415656] [ 32.415804] Memory state around the buggy address: [ 32.415997] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.416150] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.416200] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.416241] ^ [ 32.416293] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.416734] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.417075] ================================================================== [ 32.445437] ================================================================== [ 32.445487] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 32.445538] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.445662] [ 32.445695] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.446183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.446216] Hardware name: linux,dummy-virt (DT) [ 32.446252] Call trace: [ 32.446277] show_stack+0x20/0x38 (C) [ 32.446330] dump_stack_lvl+0x8c/0xd0 [ 32.446379] print_report+0x118/0x608 [ 32.446427] kasan_report+0xdc/0x128 [ 32.446474] kasan_check_range+0x100/0x1a8 [ 32.446522] __kasan_check_write+0x20/0x30 [ 32.446570] kasan_atomics_helper+0xf88/0x4858 [ 32.446620] kasan_atomics+0x198/0x2e0 [ 32.446668] kunit_try_run_case+0x170/0x3f0 [ 32.446718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.446774] kthread+0x328/0x630 [ 32.446817] ret_from_fork+0x10/0x20 [ 32.446864] [ 32.446887] Allocated by task 298: [ 32.448127] kasan_save_stack+0x3c/0x68 [ 32.448184] kasan_save_track+0x20/0x40 [ 32.448533] kasan_save_alloc_info+0x40/0x58 [ 32.448723] __kasan_kmalloc+0xd4/0xd8 [ 32.448772] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.448822] kasan_atomics+0xb8/0x2e0 [ 32.448870] kunit_try_run_case+0x170/0x3f0 [ 32.448933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.448981] kthread+0x328/0x630 [ 32.449017] ret_from_fork+0x10/0x20 [ 32.449055] [ 32.449078] The buggy address belongs to the object at fff00000c5ae7400 [ 32.449078] which belongs to the cache kmalloc-64 of size 64 [ 32.449140] The buggy address is located 0 bytes to the right of [ 32.449140] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.449205] [ 32.449230] The buggy address belongs to the physical page: [ 32.449263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.449313] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.449362] page_type: f5(slab) [ 32.449400] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.449454] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.449497] page dumped because: kasan: bad access detected [ 32.449530] [ 32.449551] Memory state around the buggy address: [ 32.449586] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.449628] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.449672] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.451010] ^ [ 32.451070] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.451149] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.451318] ================================================================== [ 32.396061] ================================================================== [ 32.396106] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 32.396387] Read of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.396578] [ 32.396618] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.396706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.396835] Hardware name: linux,dummy-virt (DT) [ 32.396892] Call trace: [ 32.396996] show_stack+0x20/0x38 (C) [ 32.397071] dump_stack_lvl+0x8c/0xd0 [ 32.397152] print_report+0x118/0x608 [ 32.397205] kasan_report+0xdc/0x128 [ 32.397292] __asan_report_load4_noabort+0x20/0x30 [ 32.397401] kasan_atomics_helper+0x3e04/0x4858 [ 32.397454] kasan_atomics+0x198/0x2e0 [ 32.397717] kunit_try_run_case+0x170/0x3f0 [ 32.398028] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.398344] kthread+0x328/0x630 [ 32.398518] ret_from_fork+0x10/0x20 [ 32.398728] [ 32.398946] Allocated by task 298: [ 32.399067] kasan_save_stack+0x3c/0x68 [ 32.399116] kasan_save_track+0x20/0x40 [ 32.399303] kasan_save_alloc_info+0x40/0x58 [ 32.399526] __kasan_kmalloc+0xd4/0xd8 [ 32.399634] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.399934] kasan_atomics+0xb8/0x2e0 [ 32.400065] kunit_try_run_case+0x170/0x3f0 [ 32.400251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.400328] kthread+0x328/0x630 [ 32.400468] ret_from_fork+0x10/0x20 [ 32.400703] [ 32.400769] The buggy address belongs to the object at fff00000c5ae7400 [ 32.400769] which belongs to the cache kmalloc-64 of size 64 [ 32.401088] The buggy address is located 0 bytes to the right of [ 32.401088] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.401182] [ 32.401274] The buggy address belongs to the physical page: [ 32.401372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.401496] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.401558] page_type: f5(slab) [ 32.401599] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.401790] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.401989] page dumped because: kasan: bad access detected [ 32.402176] [ 32.402324] Memory state around the buggy address: [ 32.402398] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.402555] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.402608] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.402773] ^ [ 32.402939] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.403008] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.403166] ================================================================== [ 32.513948] ================================================================== [ 32.513999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 32.514051] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.514103] [ 32.514134] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.514630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.514688] Hardware name: linux,dummy-virt (DT) [ 32.514723] Call trace: [ 32.514747] show_stack+0x20/0x38 (C) [ 32.514802] dump_stack_lvl+0x8c/0xd0 [ 32.514868] print_report+0x118/0x608 [ 32.514929] kasan_report+0xdc/0x128 [ 32.514980] kasan_check_range+0x100/0x1a8 [ 32.515026] __kasan_check_write+0x20/0x30 [ 32.515072] kasan_atomics_helper+0x147c/0x4858 [ 32.515123] kasan_atomics+0x198/0x2e0 [ 32.515324] kunit_try_run_case+0x170/0x3f0 [ 32.515439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.515532] kthread+0x328/0x630 [ 32.515607] ret_from_fork+0x10/0x20 [ 32.515833] [ 32.516101] Allocated by task 298: [ 32.516178] kasan_save_stack+0x3c/0x68 [ 32.516227] kasan_save_track+0x20/0x40 [ 32.516269] kasan_save_alloc_info+0x40/0x58 [ 32.516338] __kasan_kmalloc+0xd4/0xd8 [ 32.516425] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.516518] kasan_atomics+0xb8/0x2e0 [ 32.516564] kunit_try_run_case+0x170/0x3f0 [ 32.516607] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.516691] kthread+0x328/0x630 [ 32.516747] ret_from_fork+0x10/0x20 [ 32.516838] [ 32.516886] The buggy address belongs to the object at fff00000c5ae7400 [ 32.516886] which belongs to the cache kmalloc-64 of size 64 [ 32.516985] The buggy address is located 0 bytes to the right of [ 32.516985] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.517058] [ 32.517165] The buggy address belongs to the physical page: [ 32.517199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.517253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.517336] page_type: f5(slab) [ 32.517377] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.517427] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.517471] page dumped because: kasan: bad access detected [ 32.517650] [ 32.517838] Memory state around the buggy address: [ 32.518058] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.518109] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.518153] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.518192] ^ [ 32.518228] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.518273] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.518313] ================================================================== [ 32.524382] ================================================================== [ 32.524433] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 32.524485] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.524536] [ 32.524566] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.524652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.524679] Hardware name: linux,dummy-virt (DT) [ 32.524712] Call trace: [ 32.524735] show_stack+0x20/0x38 (C) [ 32.524793] dump_stack_lvl+0x8c/0xd0 [ 32.524839] print_report+0x118/0x608 [ 32.524888] kasan_report+0xdc/0x128 [ 32.524952] kasan_check_range+0x100/0x1a8 [ 32.524998] __kasan_check_write+0x20/0x30 [ 32.525043] kasan_atomics_helper+0x154c/0x4858 [ 32.525094] kasan_atomics+0x198/0x2e0 [ 32.525141] kunit_try_run_case+0x170/0x3f0 [ 32.525192] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.525247] kthread+0x328/0x630 [ 32.525290] ret_from_fork+0x10/0x20 [ 32.525338] [ 32.525360] Allocated by task 298: [ 32.525388] kasan_save_stack+0x3c/0x68 [ 32.525431] kasan_save_track+0x20/0x40 [ 32.525472] kasan_save_alloc_info+0x40/0x58 [ 32.525512] __kasan_kmalloc+0xd4/0xd8 [ 32.525553] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.525595] kasan_atomics+0xb8/0x2e0 [ 32.525634] kunit_try_run_case+0x170/0x3f0 [ 32.525675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.525723] kthread+0x328/0x630 [ 32.525758] ret_from_fork+0x10/0x20 [ 32.525797] [ 32.525818] The buggy address belongs to the object at fff00000c5ae7400 [ 32.525818] which belongs to the cache kmalloc-64 of size 64 [ 32.525878] The buggy address is located 0 bytes to the right of [ 32.525878] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.525996] [ 32.526019] The buggy address belongs to the physical page: [ 32.526053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.526124] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.526171] page_type: f5(slab) [ 32.526211] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.526261] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.526305] page dumped because: kasan: bad access detected [ 32.526339] [ 32.526360] Memory state around the buggy address: [ 32.526950] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.527123] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.527209] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.527523] ^ [ 32.527654] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.527759] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.527956] ================================================================== [ 32.477283] ================================================================== [ 32.477331] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 32.477381] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.477433] [ 32.477464] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.477549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.477576] Hardware name: linux,dummy-virt (DT) [ 32.477609] Call trace: [ 32.477632] show_stack+0x20/0x38 (C) [ 32.477680] dump_stack_lvl+0x8c/0xd0 [ 32.477741] print_report+0x118/0x608 [ 32.477791] kasan_report+0xdc/0x128 [ 32.477837] kasan_check_range+0x100/0x1a8 [ 32.477884] __kasan_check_write+0x20/0x30 [ 32.477992] kasan_atomics_helper+0x1190/0x4858 [ 32.478165] kasan_atomics+0x198/0x2e0 [ 32.478240] kunit_try_run_case+0x170/0x3f0 [ 32.478291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.478347] kthread+0x328/0x630 [ 32.478391] ret_from_fork+0x10/0x20 [ 32.478464] [ 32.478489] Allocated by task 298: [ 32.478520] kasan_save_stack+0x3c/0x68 [ 32.478776] kasan_save_track+0x20/0x40 [ 32.478885] kasan_save_alloc_info+0x40/0x58 [ 32.479040] __kasan_kmalloc+0xd4/0xd8 [ 32.479161] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.479501] kasan_atomics+0xb8/0x2e0 [ 32.479605] kunit_try_run_case+0x170/0x3f0 [ 32.479728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.479844] kthread+0x328/0x630 [ 32.479918] ret_from_fork+0x10/0x20 [ 32.479959] [ 32.479981] The buggy address belongs to the object at fff00000c5ae7400 [ 32.479981] which belongs to the cache kmalloc-64 of size 64 [ 32.480254] The buggy address is located 0 bytes to the right of [ 32.480254] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.480432] [ 32.480507] The buggy address belongs to the physical page: [ 32.480549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.480610] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.480669] page_type: f5(slab) [ 32.480707] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.480760] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.480807] page dumped because: kasan: bad access detected [ 32.480848] [ 32.480878] Memory state around the buggy address: [ 32.480919] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.480967] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.481010] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.481050] ^ [ 32.481085] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481314] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.481414] ================================================================== [ 32.314337] ================================================================== [ 32.314463] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 32.314518] Write of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.314739] [ 32.314776] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.314873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.314912] Hardware name: linux,dummy-virt (DT) [ 32.314945] Call trace: [ 32.314969] show_stack+0x20/0x38 (C) [ 32.315021] dump_stack_lvl+0x8c/0xd0 [ 32.315165] print_report+0x118/0x608 [ 32.315289] kasan_report+0xdc/0x128 [ 32.315419] kasan_check_range+0x100/0x1a8 [ 32.315492] __kasan_check_write+0x20/0x30 [ 32.315813] kasan_atomics_helper+0x99c/0x4858 [ 32.315998] kasan_atomics+0x198/0x2e0 [ 32.316115] kunit_try_run_case+0x170/0x3f0 [ 32.316175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316285] kthread+0x328/0x630 [ 32.316352] ret_from_fork+0x10/0x20 [ 32.316645] [ 32.316738] Allocated by task 298: [ 32.316774] kasan_save_stack+0x3c/0x68 [ 32.316978] kasan_save_track+0x20/0x40 [ 32.317064] kasan_save_alloc_info+0x40/0x58 [ 32.317108] __kasan_kmalloc+0xd4/0xd8 [ 32.317148] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.317303] kasan_atomics+0xb8/0x2e0 [ 32.317394] kunit_try_run_case+0x170/0x3f0 [ 32.317441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.317507] kthread+0x328/0x630 [ 32.317610] ret_from_fork+0x10/0x20 [ 32.317655] [ 32.317677] The buggy address belongs to the object at fff00000c5ae7400 [ 32.317677] which belongs to the cache kmalloc-64 of size 64 [ 32.317760] The buggy address is located 0 bytes to the right of [ 32.317760] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.317827] [ 32.317850] The buggy address belongs to the physical page: [ 32.317883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.317948] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.318340] page_type: f5(slab) [ 32.318435] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.318578] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.318657] page dumped because: kasan: bad access detected [ 32.318718] [ 32.318952] Memory state around the buggy address: [ 32.319144] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.319258] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.319338] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.319397] ^ [ 32.319786] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319881] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319972] ================================================================== [ 32.431246] ================================================================== [ 32.431300] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 32.431353] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.431414] [ 32.431445] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.431531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.431782] Hardware name: linux,dummy-virt (DT) [ 32.431852] Call trace: [ 32.431942] show_stack+0x20/0x38 (C) [ 32.431998] dump_stack_lvl+0x8c/0xd0 [ 32.432044] print_report+0x118/0x608 [ 32.432091] kasan_report+0xdc/0x128 [ 32.432142] kasan_check_range+0x100/0x1a8 [ 32.432189] __kasan_check_write+0x20/0x30 [ 32.432236] kasan_atomics_helper+0xeb8/0x4858 [ 32.432288] kasan_atomics+0x198/0x2e0 [ 32.432335] kunit_try_run_case+0x170/0x3f0 [ 32.432385] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.432441] kthread+0x328/0x630 [ 32.432485] ret_from_fork+0x10/0x20 [ 32.432532] [ 32.432552] Allocated by task 298: [ 32.432582] kasan_save_stack+0x3c/0x68 [ 32.432626] kasan_save_track+0x20/0x40 [ 32.432667] kasan_save_alloc_info+0x40/0x58 [ 32.432707] __kasan_kmalloc+0xd4/0xd8 [ 32.433068] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.433498] kasan_atomics+0xb8/0x2e0 [ 32.433667] kunit_try_run_case+0x170/0x3f0 [ 32.433807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.434053] kthread+0x328/0x630 [ 32.434159] ret_from_fork+0x10/0x20 [ 32.434300] [ 32.434382] The buggy address belongs to the object at fff00000c5ae7400 [ 32.434382] which belongs to the cache kmalloc-64 of size 64 [ 32.434584] The buggy address is located 0 bytes to the right of [ 32.434584] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.434667] [ 32.434693] The buggy address belongs to the physical page: [ 32.434725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.434778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.434951] page_type: f5(slab) [ 32.435116] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.435218] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.435411] page dumped because: kasan: bad access detected [ 32.435448] [ 32.435470] Memory state around the buggy address: [ 32.435661] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.435824] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.436001] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.436276] ^ [ 32.436365] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.436422] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.436574] ================================================================== [ 32.492202] ================================================================== [ 32.492251] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 32.492330] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.492384] [ 32.492415] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.492501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.492531] Hardware name: linux,dummy-virt (DT) [ 32.492571] Call trace: [ 32.492606] show_stack+0x20/0x38 (C) [ 32.492666] dump_stack_lvl+0x8c/0xd0 [ 32.492721] print_report+0x118/0x608 [ 32.492769] kasan_report+0xdc/0x128 [ 32.492822] kasan_check_range+0x100/0x1a8 [ 32.492870] __kasan_check_write+0x20/0x30 [ 32.492928] kasan_atomics_helper+0x12d8/0x4858 [ 32.492979] kasan_atomics+0x198/0x2e0 [ 32.493025] kunit_try_run_case+0x170/0x3f0 [ 32.493075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.493364] kthread+0x328/0x630 [ 32.493434] ret_from_fork+0x10/0x20 [ 32.493486] [ 32.493590] Allocated by task 298: [ 32.493628] kasan_save_stack+0x3c/0x68 [ 32.493674] kasan_save_track+0x20/0x40 [ 32.494106] kasan_save_alloc_info+0x40/0x58 [ 32.494159] __kasan_kmalloc+0xd4/0xd8 [ 32.494200] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.494243] kasan_atomics+0xb8/0x2e0 [ 32.494283] kunit_try_run_case+0x170/0x3f0 [ 32.494325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.494372] kthread+0x328/0x630 [ 32.494409] ret_from_fork+0x10/0x20 [ 32.494448] [ 32.494470] The buggy address belongs to the object at fff00000c5ae7400 [ 32.494470] which belongs to the cache kmalloc-64 of size 64 [ 32.494531] The buggy address is located 0 bytes to the right of [ 32.494531] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.494597] [ 32.494620] The buggy address belongs to the physical page: [ 32.494653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.494707] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.494754] page_type: f5(slab) [ 32.494792] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.494844] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.494889] page dumped because: kasan: bad access detected [ 32.495015] [ 32.495177] Memory state around the buggy address: [ 32.495257] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.495351] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.495734] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.495796] ^ [ 32.495840] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.495886] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.495963] ================================================================== [ 32.540223] ================================================================== [ 32.540275] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 32.540327] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.540427] [ 32.540604] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.540863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.540916] Hardware name: linux,dummy-virt (DT) [ 32.540967] Call trace: [ 32.541153] show_stack+0x20/0x38 (C) [ 32.541206] dump_stack_lvl+0x8c/0xd0 [ 32.541360] print_report+0x118/0x608 [ 32.541416] kasan_report+0xdc/0x128 [ 32.541660] kasan_check_range+0x100/0x1a8 [ 32.541779] __kasan_check_write+0x20/0x30 [ 32.542054] kasan_atomics_helper+0x1644/0x4858 [ 32.542126] kasan_atomics+0x198/0x2e0 [ 32.542173] kunit_try_run_case+0x170/0x3f0 [ 32.542223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.542640] kthread+0x328/0x630 [ 32.542758] ret_from_fork+0x10/0x20 [ 32.542973] [ 32.543100] Allocated by task 298: [ 32.543408] kasan_save_stack+0x3c/0x68 [ 32.543679] kasan_save_track+0x20/0x40 [ 32.543770] kasan_save_alloc_info+0x40/0x58 [ 32.543979] __kasan_kmalloc+0xd4/0xd8 [ 32.544025] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.544068] kasan_atomics+0xb8/0x2e0 [ 32.544108] kunit_try_run_case+0x170/0x3f0 [ 32.544150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.544197] kthread+0x328/0x630 [ 32.544234] ret_from_fork+0x10/0x20 [ 32.544273] [ 32.544295] The buggy address belongs to the object at fff00000c5ae7400 [ 32.544295] which belongs to the cache kmalloc-64 of size 64 [ 32.544357] The buggy address is located 0 bytes to the right of [ 32.544357] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.544423] [ 32.544446] The buggy address belongs to the physical page: [ 32.544479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.544545] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.544592] page_type: f5(slab) [ 32.544668] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.544731] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.544774] page dumped because: kasan: bad access detected [ 32.544925] [ 32.544960] Memory state around the buggy address: [ 32.545001] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.545058] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.545112] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.545152] ^ [ 32.545190] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.545236] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.545286] ================================================================== [ 32.468827] ================================================================== [ 32.468877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 32.469042] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.469098] [ 32.469235] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.469329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.469359] Hardware name: linux,dummy-virt (DT) [ 32.469404] Call trace: [ 32.469432] show_stack+0x20/0x38 (C) [ 32.469483] dump_stack_lvl+0x8c/0xd0 [ 32.469638] print_report+0x118/0x608 [ 32.469742] kasan_report+0xdc/0x128 [ 32.470036] kasan_check_range+0x100/0x1a8 [ 32.470151] __kasan_check_write+0x20/0x30 [ 32.470319] kasan_atomics_helper+0x1128/0x4858 [ 32.470495] kasan_atomics+0x198/0x2e0 [ 32.470573] kunit_try_run_case+0x170/0x3f0 [ 32.470624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.470680] kthread+0x328/0x630 [ 32.471287] ret_from_fork+0x10/0x20 [ 32.471658] [ 32.471762] Allocated by task 298: [ 32.471797] kasan_save_stack+0x3c/0x68 [ 32.472137] kasan_save_track+0x20/0x40 [ 32.472323] kasan_save_alloc_info+0x40/0x58 [ 32.472434] __kasan_kmalloc+0xd4/0xd8 [ 32.472767] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.472947] kasan_atomics+0xb8/0x2e0 [ 32.473015] kunit_try_run_case+0x170/0x3f0 [ 32.473057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.473279] kthread+0x328/0x630 [ 32.473442] ret_from_fork+0x10/0x20 [ 32.473548] [ 32.473746] The buggy address belongs to the object at fff00000c5ae7400 [ 32.473746] which belongs to the cache kmalloc-64 of size 64 [ 32.473906] The buggy address is located 0 bytes to the right of [ 32.473906] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.474094] [ 32.474142] The buggy address belongs to the physical page: [ 32.474175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.474229] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.474280] page_type: f5(slab) [ 32.474318] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.474738] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.475265] page dumped because: kasan: bad access detected [ 32.475447] [ 32.475610] Memory state around the buggy address: [ 32.475739] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.475881] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.476914] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.476956] ^ [ 32.476992] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.477037] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.477078] ================================================================== [ 32.423800] ================================================================== [ 32.423846] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 32.423911] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.423964] [ 32.424263] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.424413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.424446] Hardware name: linux,dummy-virt (DT) [ 32.424479] Call trace: [ 32.424503] show_stack+0x20/0x38 (C) [ 32.424554] dump_stack_lvl+0x8c/0xd0 [ 32.424602] print_report+0x118/0x608 [ 32.424662] kasan_report+0xdc/0x128 [ 32.424712] __asan_report_store8_noabort+0x20/0x30 [ 32.424764] kasan_atomics_helper+0x3e5c/0x4858 [ 32.424819] kasan_atomics+0x198/0x2e0 [ 32.424873] kunit_try_run_case+0x170/0x3f0 [ 32.425261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.425356] kthread+0x328/0x630 [ 32.425535] ret_from_fork+0x10/0x20 [ 32.425602] [ 32.425640] Allocated by task 298: [ 32.425714] kasan_save_stack+0x3c/0x68 [ 32.425796] kasan_save_track+0x20/0x40 [ 32.426142] kasan_save_alloc_info+0x40/0x58 [ 32.426201] __kasan_kmalloc+0xd4/0xd8 [ 32.426243] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.426388] kasan_atomics+0xb8/0x2e0 [ 32.426549] kunit_try_run_case+0x170/0x3f0 [ 32.426706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.426762] kthread+0x328/0x630 [ 32.426869] ret_from_fork+0x10/0x20 [ 32.426937] [ 32.426959] The buggy address belongs to the object at fff00000c5ae7400 [ 32.426959] which belongs to the cache kmalloc-64 of size 64 [ 32.427390] The buggy address is located 0 bytes to the right of [ 32.427390] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.427489] [ 32.427753] The buggy address belongs to the physical page: [ 32.427890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.428178] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.428376] page_type: f5(slab) [ 32.428544] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.428676] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.429021] page dumped because: kasan: bad access detected [ 32.429201] [ 32.429592] Memory state around the buggy address: [ 32.429766] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.429871] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.429925] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.429967] ^ [ 32.430151] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.430387] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.430500] ================================================================== [ 32.561601] ================================================================== [ 32.561646] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 32.561697] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.561750] [ 32.561780] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.561864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.561891] Hardware name: linux,dummy-virt (DT) [ 32.561941] Call trace: [ 32.561964] show_stack+0x20/0x38 (C) [ 32.562014] dump_stack_lvl+0x8c/0xd0 [ 32.562060] print_report+0x118/0x608 [ 32.562110] kasan_report+0xdc/0x128 [ 32.562157] __asan_report_load8_noabort+0x20/0x30 [ 32.562209] kasan_atomics_helper+0x3e10/0x4858 [ 32.562258] kasan_atomics+0x198/0x2e0 [ 32.562305] kunit_try_run_case+0x170/0x3f0 [ 32.562355] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.562410] kthread+0x328/0x630 [ 32.562454] ret_from_fork+0x10/0x20 [ 32.562503] [ 32.562525] Allocated by task 298: [ 32.562555] kasan_save_stack+0x3c/0x68 [ 32.562597] kasan_save_track+0x20/0x40 [ 32.562638] kasan_save_alloc_info+0x40/0x58 [ 32.562678] __kasan_kmalloc+0xd4/0xd8 [ 32.562716] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.562759] kasan_atomics+0xb8/0x2e0 [ 32.562798] kunit_try_run_case+0x170/0x3f0 [ 32.562838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.562885] kthread+0x328/0x630 [ 32.563128] ret_from_fork+0x10/0x20 [ 32.563339] [ 32.563369] The buggy address belongs to the object at fff00000c5ae7400 [ 32.563369] which belongs to the cache kmalloc-64 of size 64 [ 32.563432] The buggy address is located 0 bytes to the right of [ 32.563432] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.563506] [ 32.563530] The buggy address belongs to the physical page: [ 32.563562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.563617] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.563668] page_type: f5(slab) [ 32.563708] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.564110] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.564376] page dumped because: kasan: bad access detected [ 32.564590] [ 32.564661] Memory state around the buggy address: [ 32.564746] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.564811] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.565035] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.565085] ^ [ 32.565146] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.565192] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.565235] ================================================================== [ 32.566319] ================================================================== [ 32.566581] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 32.566667] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.566729] [ 32.566771] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.566861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.567027] Hardware name: linux,dummy-virt (DT) [ 32.567064] Call trace: [ 32.567177] show_stack+0x20/0x38 (C) [ 32.567454] dump_stack_lvl+0x8c/0xd0 [ 32.567538] print_report+0x118/0x608 [ 32.567605] kasan_report+0xdc/0x128 [ 32.567657] kasan_check_range+0x100/0x1a8 [ 32.567884] __kasan_check_write+0x20/0x30 [ 32.568010] kasan_atomics_helper+0x175c/0x4858 [ 32.568083] kasan_atomics+0x198/0x2e0 [ 32.568141] kunit_try_run_case+0x170/0x3f0 [ 32.568193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.568249] kthread+0x328/0x630 [ 32.568293] ret_from_fork+0x10/0x20 [ 32.568500] [ 32.568526] Allocated by task 298: [ 32.568596] kasan_save_stack+0x3c/0x68 [ 32.569130] kasan_save_track+0x20/0x40 [ 32.569191] kasan_save_alloc_info+0x40/0x58 [ 32.569243] __kasan_kmalloc+0xd4/0xd8 [ 32.569299] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.569345] kasan_atomics+0xb8/0x2e0 [ 32.569386] kunit_try_run_case+0x170/0x3f0 [ 32.569428] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.569475] kthread+0x328/0x630 [ 32.569512] ret_from_fork+0x10/0x20 [ 32.569551] [ 32.569575] The buggy address belongs to the object at fff00000c5ae7400 [ 32.569575] which belongs to the cache kmalloc-64 of size 64 [ 32.569655] The buggy address is located 0 bytes to the right of [ 32.569655] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.569723] [ 32.569748] The buggy address belongs to the physical page: [ 32.569781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.569940] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.569995] page_type: f5(slab) [ 32.570035] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.570086] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.570129] page dumped because: kasan: bad access detected [ 32.570162] [ 32.570195] Memory state around the buggy address: [ 32.570237] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.570280] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.570325] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.570364] ^ [ 32.570400] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.570450] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.570491] ================================================================== [ 32.578379] ================================================================== [ 32.578757] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 32.578852] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.578929] [ 32.578977] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.579064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.579091] Hardware name: linux,dummy-virt (DT) [ 32.579125] Call trace: [ 32.579254] show_stack+0x20/0x38 (C) [ 32.579326] dump_stack_lvl+0x8c/0xd0 [ 32.579374] print_report+0x118/0x608 [ 32.579673] kasan_report+0xdc/0x128 [ 32.579728] kasan_check_range+0x100/0x1a8 [ 32.579994] __kasan_check_write+0x20/0x30 [ 32.580059] kasan_atomics_helper+0x17ec/0x4858 [ 32.580289] kasan_atomics+0x198/0x2e0 [ 32.580344] kunit_try_run_case+0x170/0x3f0 [ 32.580395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.580451] kthread+0x328/0x630 [ 32.580495] ret_from_fork+0x10/0x20 [ 32.580587] [ 32.580668] Allocated by task 298: [ 32.580988] kasan_save_stack+0x3c/0x68 [ 32.581052] kasan_save_track+0x20/0x40 [ 32.581133] kasan_save_alloc_info+0x40/0x58 [ 32.581271] __kasan_kmalloc+0xd4/0xd8 [ 32.581355] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.581400] kasan_atomics+0xb8/0x2e0 [ 32.581445] kunit_try_run_case+0x170/0x3f0 [ 32.581488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.581823] kthread+0x328/0x630 [ 32.581891] ret_from_fork+0x10/0x20 [ 32.581943] [ 32.581981] The buggy address belongs to the object at fff00000c5ae7400 [ 32.581981] which belongs to the cache kmalloc-64 of size 64 [ 32.582052] The buggy address is located 0 bytes to the right of [ 32.582052] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.582470] [ 32.582510] The buggy address belongs to the physical page: [ 32.582836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.582946] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.583024] page_type: f5(slab) [ 32.583361] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.583444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.583520] page dumped because: kasan: bad access detected [ 32.583584] [ 32.583780] Memory state around the buggy address: [ 32.583821] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.583867] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.583950] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.584017] ^ [ 32.584166] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.584271] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.584515] ================================================================== [ 32.486840] ================================================================== [ 32.487062] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 32.487138] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.487190] [ 32.487231] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.487324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.487361] Hardware name: linux,dummy-virt (DT) [ 32.487419] Call trace: [ 32.487495] show_stack+0x20/0x38 (C) [ 32.487580] dump_stack_lvl+0x8c/0xd0 [ 32.487702] print_report+0x118/0x608 [ 32.487778] kasan_report+0xdc/0x128 [ 32.487914] kasan_check_range+0x100/0x1a8 [ 32.487964] __kasan_check_write+0x20/0x30 [ 32.488010] kasan_atomics_helper+0x126c/0x4858 [ 32.488097] kasan_atomics+0x198/0x2e0 [ 32.488239] kunit_try_run_case+0x170/0x3f0 [ 32.488432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.488533] kthread+0x328/0x630 [ 32.488711] ret_from_fork+0x10/0x20 [ 32.488874] [ 32.488954] Allocated by task 298: [ 32.488990] kasan_save_stack+0x3c/0x68 [ 32.489096] kasan_save_track+0x20/0x40 [ 32.489140] kasan_save_alloc_info+0x40/0x58 [ 32.489187] __kasan_kmalloc+0xd4/0xd8 [ 32.489228] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.489271] kasan_atomics+0xb8/0x2e0 [ 32.489502] kunit_try_run_case+0x170/0x3f0 [ 32.489565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.489613] kthread+0x328/0x630 [ 32.489649] ret_from_fork+0x10/0x20 [ 32.489719] [ 32.490092] The buggy address belongs to the object at fff00000c5ae7400 [ 32.490092] which belongs to the cache kmalloc-64 of size 64 [ 32.490266] The buggy address is located 0 bytes to the right of [ 32.490266] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.490413] [ 32.490465] The buggy address belongs to the physical page: [ 32.490595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.490720] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.490769] page_type: f5(slab) [ 32.490830] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.490884] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.490940] page dumped because: kasan: bad access detected [ 32.491133] [ 32.491224] Memory state around the buggy address: [ 32.491279] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.491347] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.491463] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.491739] ^ [ 32.491782] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.491828] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.491964] ================================================================== [ 32.418038] ================================================================== [ 32.418173] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 32.418233] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.418348] [ 32.418434] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.418531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.418751] Hardware name: linux,dummy-virt (DT) [ 32.418844] Call trace: [ 32.418975] show_stack+0x20/0x38 (C) [ 32.419048] dump_stack_lvl+0x8c/0xd0 [ 32.419175] print_report+0x118/0x608 [ 32.419325] kasan_report+0xdc/0x128 [ 32.419378] kasan_check_range+0x100/0x1a8 [ 32.419455] __kasan_check_write+0x20/0x30 [ 32.419652] kasan_atomics_helper+0xe44/0x4858 [ 32.419801] kasan_atomics+0x198/0x2e0 [ 32.419854] kunit_try_run_case+0x170/0x3f0 [ 32.419996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.420057] kthread+0x328/0x630 [ 32.420115] ret_from_fork+0x10/0x20 [ 32.420287] [ 32.420319] Allocated by task 298: [ 32.420354] kasan_save_stack+0x3c/0x68 [ 32.420402] kasan_save_track+0x20/0x40 [ 32.420443] kasan_save_alloc_info+0x40/0x58 [ 32.420484] __kasan_kmalloc+0xd4/0xd8 [ 32.420681] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.420847] kasan_atomics+0xb8/0x2e0 [ 32.420926] kunit_try_run_case+0x170/0x3f0 [ 32.421156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.421253] kthread+0x328/0x630 [ 32.421298] ret_from_fork+0x10/0x20 [ 32.421387] [ 32.421412] The buggy address belongs to the object at fff00000c5ae7400 [ 32.421412] which belongs to the cache kmalloc-64 of size 64 [ 32.421475] The buggy address is located 0 bytes to the right of [ 32.421475] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.421586] [ 32.421610] The buggy address belongs to the physical page: [ 32.421643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.421694] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.421745] page_type: f5(slab) [ 32.422047] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.422187] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.422274] page dumped because: kasan: bad access detected [ 32.422496] [ 32.422656] Memory state around the buggy address: [ 32.422774] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.423176] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.423289] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.423441] ^ [ 32.423509] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.423598] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.423641] ================================================================== [ 32.570569] ================================================================== [ 32.570611] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 32.570658] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.570726] [ 32.570757] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.570841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.570870] Hardware name: linux,dummy-virt (DT) [ 32.571236] Call trace: [ 32.571270] show_stack+0x20/0x38 (C) [ 32.571322] dump_stack_lvl+0x8c/0xd0 [ 32.571379] print_report+0x118/0x608 [ 32.571428] kasan_report+0xdc/0x128 [ 32.571478] __asan_report_load8_noabort+0x20/0x30 [ 32.571569] kasan_atomics_helper+0x3e20/0x4858 [ 32.571641] kasan_atomics+0x198/0x2e0 [ 32.571825] kunit_try_run_case+0x170/0x3f0 [ 32.571908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.572013] kthread+0x328/0x630 [ 32.572060] ret_from_fork+0x10/0x20 [ 32.572110] [ 32.572618] Allocated by task 298: [ 32.572710] kasan_save_stack+0x3c/0x68 [ 32.572779] kasan_save_track+0x20/0x40 [ 32.572856] kasan_save_alloc_info+0x40/0x58 [ 32.573342] __kasan_kmalloc+0xd4/0xd8 [ 32.573397] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.573658] kasan_atomics+0xb8/0x2e0 [ 32.573748] kunit_try_run_case+0x170/0x3f0 [ 32.573934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.574327] kthread+0x328/0x630 [ 32.574423] ret_from_fork+0x10/0x20 [ 32.574521] [ 32.574577] The buggy address belongs to the object at fff00000c5ae7400 [ 32.574577] which belongs to the cache kmalloc-64 of size 64 [ 32.574638] The buggy address is located 0 bytes to the right of [ 32.574638] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.574705] [ 32.574728] The buggy address belongs to the physical page: [ 32.574760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.574814] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.575309] page_type: f5(slab) [ 32.575527] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.575603] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.575805] page dumped because: kasan: bad access detected [ 32.575839] [ 32.575859] Memory state around the buggy address: [ 32.575948] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.576597] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.576668] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.576740] ^ [ 32.576791] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.576849] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.577410] ================================================================== [ 32.518502] ================================================================== [ 32.518551] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 32.518602] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.518652] [ 32.518683] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.518768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.518797] Hardware name: linux,dummy-virt (DT) [ 32.518831] Call trace: [ 32.518856] show_stack+0x20/0x38 (C) [ 32.519061] dump_stack_lvl+0x8c/0xd0 [ 32.519166] print_report+0x118/0x608 [ 32.519219] kasan_report+0xdc/0x128 [ 32.519303] kasan_check_range+0x100/0x1a8 [ 32.519389] __kasan_check_write+0x20/0x30 [ 32.519464] kasan_atomics_helper+0x14e4/0x4858 [ 32.519518] kasan_atomics+0x198/0x2e0 [ 32.519603] kunit_try_run_case+0x170/0x3f0 [ 32.519703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.519778] kthread+0x328/0x630 [ 32.519938] ret_from_fork+0x10/0x20 [ 32.520027] [ 32.520052] Allocated by task 298: [ 32.520081] kasan_save_stack+0x3c/0x68 [ 32.520214] kasan_save_track+0x20/0x40 [ 32.520256] kasan_save_alloc_info+0x40/0x58 [ 32.520297] __kasan_kmalloc+0xd4/0xd8 [ 32.520336] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.520378] kasan_atomics+0xb8/0x2e0 [ 32.520418] kunit_try_run_case+0x170/0x3f0 [ 32.520460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.520675] kthread+0x328/0x630 [ 32.520822] ret_from_fork+0x10/0x20 [ 32.520876] [ 32.520933] The buggy address belongs to the object at fff00000c5ae7400 [ 32.520933] which belongs to the cache kmalloc-64 of size 64 [ 32.521090] The buggy address is located 0 bytes to the right of [ 32.521090] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.521159] [ 32.521188] The buggy address belongs to the physical page: [ 32.521252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.521306] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.521353] page_type: f5(slab) [ 32.521393] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.521558] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.521610] page dumped because: kasan: bad access detected [ 32.521736] [ 32.522022] Memory state around the buggy address: [ 32.522136] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.522386] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.522632] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.522819] ^ [ 32.523014] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.523232] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.523529] ================================================================== [ 32.308259] ================================================================== [ 32.308321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 32.308373] Read of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.308425] [ 32.308455] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.308540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.308569] Hardware name: linux,dummy-virt (DT) [ 32.308607] Call trace: [ 32.308630] show_stack+0x20/0x38 (C) [ 32.308680] dump_stack_lvl+0x8c/0xd0 [ 32.308728] print_report+0x118/0x608 [ 32.308790] kasan_report+0xdc/0x128 [ 32.308953] kasan_atomics+0x198/0x2e0 [ 32.310568] __kasan_kmalloc+0xd4/0xd8 [ 32.310862] [ 32.311022] [ 32.311131] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.311182] page_type: f5(slab) [ 32.311346] [ 32.311530] ^ [ 32.311859] Write of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.312358] __kasan_check_write+0x20/0x30 [ 32.312866] __kasan_kmalloc+0xd4/0xd8 [ 32.313097] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.313143] kasan_atomics+0xb8/0x2e0 [ 32.313184] kunit_try_run_case+0x170/0x3f0 [ 32.313224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.313269] kthread+0x328/0x630 [ 32.313305] ret_from_fork+0x10/0x20 [ 32.313344] [ 32.313365] The buggy address belongs to the object at fff00000c5ae7400 [ 32.313365] which belongs to the cache kmalloc-64 of size 64 [ 32.313425] The buggy address is located 0 bytes to the right of [ 32.313425] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.313490] [ 32.313513] The buggy address belongs to the physical page: [ 32.313546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.313598] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.313648] page_type: f5(slab) [ 32.313688] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.313742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.313786] page dumped because: kasan: bad access detected [ 32.313820] [ 32.313840] Memory state around the buggy address: [ 32.313874] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.313931] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.313976] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.314018] ^ [ 32.314054] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.314097] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.314139] ================================================================== [ 32.404084] ================================================================== [ 32.404138] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 32.404190] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.404502] [ 32.404658] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.404754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.404793] Hardware name: linux,dummy-virt (DT) [ 32.404943] Call trace: [ 32.404979] show_stack+0x20/0x38 (C) [ 32.405033] dump_stack_lvl+0x8c/0xd0 [ 32.405131] print_report+0x118/0x608 [ 32.405210] kasan_report+0xdc/0x128 [ 32.405262] kasan_check_range+0x100/0x1a8 [ 32.405395] __kasan_check_read+0x20/0x30 [ 32.405498] kasan_atomics_helper+0xdd4/0x4858 [ 32.405566] kasan_atomics+0x198/0x2e0 [ 32.405722] kunit_try_run_case+0x170/0x3f0 [ 32.405789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.405946] kthread+0x328/0x630 [ 32.406023] ret_from_fork+0x10/0x20 [ 32.406112] [ 32.406137] Allocated by task 298: [ 32.406182] kasan_save_stack+0x3c/0x68 [ 32.406238] kasan_save_track+0x20/0x40 [ 32.406279] kasan_save_alloc_info+0x40/0x58 [ 32.406328] __kasan_kmalloc+0xd4/0xd8 [ 32.406377] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.406420] kasan_atomics+0xb8/0x2e0 [ 32.406468] kunit_try_run_case+0x170/0x3f0 [ 32.406510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.406557] kthread+0x328/0x630 [ 32.406602] ret_from_fork+0x10/0x20 [ 32.406641] [ 32.406664] The buggy address belongs to the object at fff00000c5ae7400 [ 32.406664] which belongs to the cache kmalloc-64 of size 64 [ 32.406724] The buggy address is located 0 bytes to the right of [ 32.406724] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.406788] [ 32.406818] The buggy address belongs to the physical page: [ 32.406851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.406936] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.406986] page_type: f5(slab) [ 32.407024] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.407078] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.407121] page dumped because: kasan: bad access detected [ 32.407153] [ 32.407185] Memory state around the buggy address: [ 32.407232] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.407286] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.407339] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.407380] ^ [ 32.407413] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.407458] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.407507] ================================================================== [ 32.509499] ================================================================== [ 32.509633] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 32.509686] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.509772] [ 32.510037] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.510309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.510544] Hardware name: linux,dummy-virt (DT) [ 32.510720] Call trace: [ 32.510812] show_stack+0x20/0x38 (C) [ 32.510965] dump_stack_lvl+0x8c/0xd0 [ 32.511127] print_report+0x118/0x608 [ 32.511298] kasan_report+0xdc/0x128 [ 32.511423] kasan_check_range+0x100/0x1a8 [ 32.511471] __kasan_check_write+0x20/0x30 [ 32.511540] kasan_atomics_helper+0x1414/0x4858 [ 32.511592] kasan_atomics+0x198/0x2e0 [ 32.511638] kunit_try_run_case+0x170/0x3f0 [ 32.511705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.512006] kthread+0x328/0x630 [ 32.512146] ret_from_fork+0x10/0x20 [ 32.512217] [ 32.512240] Allocated by task 298: [ 32.512281] kasan_save_stack+0x3c/0x68 [ 32.512340] kasan_save_track+0x20/0x40 [ 32.512382] kasan_save_alloc_info+0x40/0x58 [ 32.512429] __kasan_kmalloc+0xd4/0xd8 [ 32.512470] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.512513] kasan_atomics+0xb8/0x2e0 [ 32.512571] kunit_try_run_case+0x170/0x3f0 [ 32.512614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.512662] kthread+0x328/0x630 [ 32.512698] ret_from_fork+0x10/0x20 [ 32.512737] [ 32.512768] The buggy address belongs to the object at fff00000c5ae7400 [ 32.512768] which belongs to the cache kmalloc-64 of size 64 [ 32.512832] The buggy address is located 0 bytes to the right of [ 32.512832] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.512908] [ 32.512949] The buggy address belongs to the physical page: [ 32.512984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.513037] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.513084] page_type: f5(slab) [ 32.513130] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.513199] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.513243] page dumped because: kasan: bad access detected [ 32.513277] [ 32.513297] Memory state around the buggy address: [ 32.513342] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.513393] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.513447] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.513494] ^ [ 32.513537] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.513591] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.513651] ================================================================== [ 32.482207] ================================================================== [ 32.482321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 32.482403] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.482489] [ 32.482566] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.482654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.482690] Hardware name: linux,dummy-virt (DT) [ 32.482722] Call trace: [ 32.482747] show_stack+0x20/0x38 (C) [ 32.482812] dump_stack_lvl+0x8c/0xd0 [ 32.482861] print_report+0x118/0x608 [ 32.483131] kasan_report+0xdc/0x128 [ 32.483192] kasan_check_range+0x100/0x1a8 [ 32.483239] __kasan_check_write+0x20/0x30 [ 32.483385] kasan_atomics_helper+0x11f8/0x4858 [ 32.483494] kasan_atomics+0x198/0x2e0 [ 32.483570] kunit_try_run_case+0x170/0x3f0 [ 32.483622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.483680] kthread+0x328/0x630 [ 32.483724] ret_from_fork+0x10/0x20 [ 32.483912] [ 32.484148] Allocated by task 298: [ 32.484222] kasan_save_stack+0x3c/0x68 [ 32.484325] kasan_save_track+0x20/0x40 [ 32.484368] kasan_save_alloc_info+0x40/0x58 [ 32.484415] __kasan_kmalloc+0xd4/0xd8 [ 32.484462] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.484653] kasan_atomics+0xb8/0x2e0 [ 32.484720] kunit_try_run_case+0x170/0x3f0 [ 32.484850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.484927] kthread+0x328/0x630 [ 32.484966] ret_from_fork+0x10/0x20 [ 32.485005] [ 32.485027] The buggy address belongs to the object at fff00000c5ae7400 [ 32.485027] which belongs to the cache kmalloc-64 of size 64 [ 32.485299] The buggy address is located 0 bytes to the right of [ 32.485299] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.485404] [ 32.485488] The buggy address belongs to the physical page: [ 32.485523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.485607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.485657] page_type: f5(slab) [ 32.485845] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.485926] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.486146] page dumped because: kasan: bad access detected [ 32.486205] [ 32.486237] Memory state around the buggy address: [ 32.486271] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.486336] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.486382] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.486433] ^ [ 32.486476] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.486523] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.486575] ================================================================== [ 32.503536] ================================================================== [ 32.503594] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 32.503648] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.504168] [ 32.504214] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.504302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.504368] Hardware name: linux,dummy-virt (DT) [ 32.504532] Call trace: [ 32.504583] show_stack+0x20/0x38 (C) [ 32.504760] dump_stack_lvl+0x8c/0xd0 [ 32.504855] print_report+0x118/0x608 [ 32.504955] kasan_report+0xdc/0x128 [ 32.505007] __asan_report_load8_noabort+0x20/0x30 [ 32.505067] kasan_atomics_helper+0x3f04/0x4858 [ 32.505119] kasan_atomics+0x198/0x2e0 [ 32.505166] kunit_try_run_case+0x170/0x3f0 [ 32.505216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.505273] kthread+0x328/0x630 [ 32.505317] ret_from_fork+0x10/0x20 [ 32.505367] [ 32.505399] Allocated by task 298: [ 32.505441] kasan_save_stack+0x3c/0x68 [ 32.505484] kasan_save_track+0x20/0x40 [ 32.505525] kasan_save_alloc_info+0x40/0x58 [ 32.505573] __kasan_kmalloc+0xd4/0xd8 [ 32.505622] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.505665] kasan_atomics+0xb8/0x2e0 [ 32.505734] kunit_try_run_case+0x170/0x3f0 [ 32.505777] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.505842] kthread+0x328/0x630 [ 32.505879] ret_from_fork+0x10/0x20 [ 32.505927] [ 32.505948] The buggy address belongs to the object at fff00000c5ae7400 [ 32.505948] which belongs to the cache kmalloc-64 of size 64 [ 32.506368] The buggy address is located 0 bytes to the right of [ 32.506368] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.506496] [ 32.506692] The buggy address belongs to the physical page: [ 32.506814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.506977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.507029] page_type: f5(slab) [ 32.507069] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.507122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.507505] page dumped because: kasan: bad access detected [ 32.507547] [ 32.507579] Memory state around the buggy address: [ 32.507697] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.508013] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.508081] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.508123] ^ [ 32.508409] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.508556] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.508646] ================================================================== [ 32.437315] ================================================================== [ 32.437379] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 32.437463] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.437518] [ 32.437551] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.437750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.437997] Hardware name: linux,dummy-virt (DT) [ 32.438083] Call trace: [ 32.438180] show_stack+0x20/0x38 (C) [ 32.438372] dump_stack_lvl+0x8c/0xd0 [ 32.438533] print_report+0x118/0x608 [ 32.438589] kasan_report+0xdc/0x128 [ 32.438873] kasan_check_range+0x100/0x1a8 [ 32.439018] __kasan_check_write+0x20/0x30 [ 32.439190] kasan_atomics_helper+0xf20/0x4858 [ 32.439519] kasan_atomics+0x198/0x2e0 [ 32.439610] kunit_try_run_case+0x170/0x3f0 [ 32.439765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.439850] kthread+0x328/0x630 [ 32.440050] ret_from_fork+0x10/0x20 [ 32.440219] [ 32.440242] Allocated by task 298: [ 32.440279] kasan_save_stack+0x3c/0x68 [ 32.440326] kasan_save_track+0x20/0x40 [ 32.440368] kasan_save_alloc_info+0x40/0x58 [ 32.440409] __kasan_kmalloc+0xd4/0xd8 [ 32.440449] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.440531] kasan_atomics+0xb8/0x2e0 [ 32.440595] kunit_try_run_case+0x170/0x3f0 [ 32.440653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.440701] kthread+0x328/0x630 [ 32.440761] ret_from_fork+0x10/0x20 [ 32.440806] [ 32.440838] The buggy address belongs to the object at fff00000c5ae7400 [ 32.440838] which belongs to the cache kmalloc-64 of size 64 [ 32.441206] The buggy address is located 0 bytes to the right of [ 32.441206] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.441415] [ 32.441478] The buggy address belongs to the physical page: [ 32.441642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.444617] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.444682] page_type: f5(slab) [ 32.444731] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.444791] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.444835] page dumped because: kasan: bad access detected [ 32.444870] [ 32.444891] Memory state around the buggy address: [ 32.444981] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.445027] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.445071] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.445113] ^ [ 32.445149] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.445193] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.445233] ================================================================== [ 32.496197] ================================================================== [ 32.496395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 32.496458] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.496550] [ 32.496609] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.496719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.496767] Hardware name: linux,dummy-virt (DT) [ 32.496829] Call trace: [ 32.497013] show_stack+0x20/0x38 (C) [ 32.497219] dump_stack_lvl+0x8c/0xd0 [ 32.497283] print_report+0x118/0x608 [ 32.497444] kasan_report+0xdc/0x128 [ 32.497496] kasan_check_range+0x100/0x1a8 [ 32.497573] __kasan_check_write+0x20/0x30 [ 32.497622] kasan_atomics_helper+0x1384/0x4858 [ 32.497735] kasan_atomics+0x198/0x2e0 [ 32.497792] kunit_try_run_case+0x170/0x3f0 [ 32.497846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.497912] kthread+0x328/0x630 [ 32.498251] ret_from_fork+0x10/0x20 [ 32.498338] [ 32.498390] Allocated by task 298: [ 32.498588] kasan_save_stack+0x3c/0x68 [ 32.498861] kasan_save_track+0x20/0x40 [ 32.499080] kasan_save_alloc_info+0x40/0x58 [ 32.499148] __kasan_kmalloc+0xd4/0xd8 [ 32.499189] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.499232] kasan_atomics+0xb8/0x2e0 [ 32.499296] kunit_try_run_case+0x170/0x3f0 [ 32.499338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.499386] kthread+0x328/0x630 [ 32.499615] ret_from_fork+0x10/0x20 [ 32.499787] [ 32.499866] The buggy address belongs to the object at fff00000c5ae7400 [ 32.499866] which belongs to the cache kmalloc-64 of size 64 [ 32.500124] The buggy address is located 0 bytes to the right of [ 32.500124] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.500377] [ 32.500452] The buggy address belongs to the physical page: [ 32.500584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.500679] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.500728] page_type: f5(slab) [ 32.501139] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.501358] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.501444] page dumped because: kasan: bad access detected [ 32.501661] [ 32.501922] Memory state around the buggy address: [ 32.502046] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.502171] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.502341] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.502458] ^ [ 32.502698] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.502929] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.502993] ================================================================== [ 32.554093] ================================================================== [ 32.554146] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 32.554197] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.554250] [ 32.554522] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.554772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.554841] Hardware name: linux,dummy-virt (DT) [ 32.554877] Call trace: [ 32.555075] show_stack+0x20/0x38 (C) [ 32.555132] dump_stack_lvl+0x8c/0xd0 [ 32.555185] print_report+0x118/0x608 [ 32.555235] kasan_report+0xdc/0x128 [ 32.555516] kasan_check_range+0x100/0x1a8 [ 32.555746] __kasan_check_write+0x20/0x30 [ 32.555849] kasan_atomics_helper+0x16d0/0x4858 [ 32.555919] kasan_atomics+0x198/0x2e0 [ 32.555967] kunit_try_run_case+0x170/0x3f0 [ 32.556017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.556290] kthread+0x328/0x630 [ 32.556645] ret_from_fork+0x10/0x20 [ 32.556864] [ 32.556892] Allocated by task 298: [ 32.556962] kasan_save_stack+0x3c/0x68 [ 32.557017] kasan_save_track+0x20/0x40 [ 32.557069] kasan_save_alloc_info+0x40/0x58 [ 32.557112] __kasan_kmalloc+0xd4/0xd8 [ 32.557373] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.557431] kasan_atomics+0xb8/0x2e0 [ 32.557521] kunit_try_run_case+0x170/0x3f0 [ 32.557565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.557613] kthread+0x328/0x630 [ 32.557648] ret_from_fork+0x10/0x20 [ 32.560625] [ 32.560664] The buggy address belongs to the object at fff00000c5ae7400 [ 32.560664] which belongs to the cache kmalloc-64 of size 64 [ 32.560732] The buggy address is located 0 bytes to the right of [ 32.560732] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.560810] [ 32.560834] The buggy address belongs to the physical page: [ 32.560868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.560931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.560981] page_type: f5(slab) [ 32.561020] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.561072] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.561113] page dumped because: kasan: bad access detected [ 32.561148] [ 32.561169] Memory state around the buggy address: [ 32.561202] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.561246] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.561291] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.561330] ^ [ 32.561364] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.561409] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.561450] ================================================================== [ 32.532858] ================================================================== [ 32.532919] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 32.532972] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.533023] [ 32.533053] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.533159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.533187] Hardware name: linux,dummy-virt (DT) [ 32.533221] Call trace: [ 32.533245] show_stack+0x20/0x38 (C) [ 32.533294] dump_stack_lvl+0x8c/0xd0 [ 32.533340] print_report+0x118/0x608 [ 32.533838] kasan_report+0xdc/0x128 [ 32.533921] __asan_report_load8_noabort+0x20/0x30 [ 32.533973] kasan_atomics_helper+0x3db0/0x4858 [ 32.534024] kasan_atomics+0x198/0x2e0 [ 32.534071] kunit_try_run_case+0x170/0x3f0 [ 32.534247] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.534489] kthread+0x328/0x630 [ 32.534566] ret_from_fork+0x10/0x20 [ 32.534908] [ 32.535154] Allocated by task 298: [ 32.535231] kasan_save_stack+0x3c/0x68 [ 32.535378] kasan_save_track+0x20/0x40 [ 32.535438] kasan_save_alloc_info+0x40/0x58 [ 32.535478] __kasan_kmalloc+0xd4/0xd8 [ 32.535544] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.535587] kasan_atomics+0xb8/0x2e0 [ 32.535627] kunit_try_run_case+0x170/0x3f0 [ 32.536006] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.536101] kthread+0x328/0x630 [ 32.536253] ret_from_fork+0x10/0x20 [ 32.536367] [ 32.536447] The buggy address belongs to the object at fff00000c5ae7400 [ 32.536447] which belongs to the cache kmalloc-64 of size 64 [ 32.536773] The buggy address is located 0 bytes to the right of [ 32.536773] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.536852] [ 32.536875] The buggy address belongs to the physical page: [ 32.536920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.537247] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.537389] page_type: f5(slab) [ 32.537494] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.537916] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.538109] page dumped because: kasan: bad access detected [ 32.538180] [ 32.538201] Memory state around the buggy address: [ 32.538234] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.538307] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.538353] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.538845] ^ [ 32.539070] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.539179] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.539499] ================================================================== [ 32.451760] ================================================================== [ 32.451851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 32.451959] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.452014] [ 32.452047] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.452135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.452162] Hardware name: linux,dummy-virt (DT) [ 32.452194] Call trace: [ 32.452268] show_stack+0x20/0x38 (C) [ 32.452496] dump_stack_lvl+0x8c/0xd0 [ 32.452619] print_report+0x118/0x608 [ 32.452823] kasan_report+0xdc/0x128 [ 32.453049] kasan_check_range+0x100/0x1a8 [ 32.453160] __kasan_check_write+0x20/0x30 [ 32.453247] kasan_atomics_helper+0xff0/0x4858 [ 32.453301] kasan_atomics+0x198/0x2e0 [ 32.453414] kunit_try_run_case+0x170/0x3f0 [ 32.453468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.453524] kthread+0x328/0x630 [ 32.453606] ret_from_fork+0x10/0x20 [ 32.453672] [ 32.453749] Allocated by task 298: [ 32.453862] kasan_save_stack+0x3c/0x68 [ 32.453930] kasan_save_track+0x20/0x40 [ 32.453974] kasan_save_alloc_info+0x40/0x58 [ 32.454014] __kasan_kmalloc+0xd4/0xd8 [ 32.454055] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.454097] kasan_atomics+0xb8/0x2e0 [ 32.454137] kunit_try_run_case+0x170/0x3f0 [ 32.454470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.454531] kthread+0x328/0x630 [ 32.454585] ret_from_fork+0x10/0x20 [ 32.454626] [ 32.454650] The buggy address belongs to the object at fff00000c5ae7400 [ 32.454650] which belongs to the cache kmalloc-64 of size 64 [ 32.454713] The buggy address is located 0 bytes to the right of [ 32.454713] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.454787] [ 32.454812] The buggy address belongs to the physical page: [ 32.454846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.454924] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.454976] page_type: f5(slab) [ 32.455015] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.455334] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.455435] page dumped because: kasan: bad access detected [ 32.455572] [ 32.455866] Memory state around the buggy address: [ 32.455922] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.456115] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.456334] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.456526] ^ [ 32.456808] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.456877] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.456987] ================================================================== [ 32.328263] ================================================================== [ 32.328415] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 32.328478] Write of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.328532] [ 32.328584] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.328673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.328928] Hardware name: linux,dummy-virt (DT) [ 32.329117] Call trace: [ 32.329195] show_stack+0x20/0x38 (C) [ 32.329416] dump_stack_lvl+0x8c/0xd0 [ 32.329518] print_report+0x118/0x608 [ 32.329619] kasan_report+0xdc/0x128 [ 32.329674] kasan_check_range+0x100/0x1a8 [ 32.329823] __kasan_check_write+0x20/0x30 [ 32.329876] kasan_atomics_helper+0xa6c/0x4858 [ 32.330049] kasan_atomics+0x198/0x2e0 [ 32.330260] kunit_try_run_case+0x170/0x3f0 [ 32.330374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.330628] kthread+0x328/0x630 [ 32.330790] ret_from_fork+0x10/0x20 [ 32.330987] [ 32.331048] Allocated by task 298: [ 32.331113] kasan_save_stack+0x3c/0x68 [ 32.331161] kasan_save_track+0x20/0x40 [ 32.331543] kasan_save_alloc_info+0x40/0x58 [ 32.331673] __kasan_kmalloc+0xd4/0xd8 [ 32.331886] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.332076] kasan_atomics+0xb8/0x2e0 [ 32.332181] kunit_try_run_case+0x170/0x3f0 [ 32.332291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.332466] kthread+0x328/0x630 [ 32.332697] ret_from_fork+0x10/0x20 [ 32.332833] [ 32.333095] The buggy address belongs to the object at fff00000c5ae7400 [ 32.333095] which belongs to the cache kmalloc-64 of size 64 [ 32.333277] The buggy address is located 0 bytes to the right of [ 32.333277] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.333478] [ 32.333579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.333641] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.333692] page_type: f5(slab) [ 32.333864] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.333990] page dumped because: kasan: bad access detected [ 32.334498] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.337010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.338210] kasan_save_stack+0x3c/0x68 [ 32.340924] [ 32.341206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.341442] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.341932] page_type: f5(slab) [ 32.342016] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.342096] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.342262] page dumped because: kasan: bad access detected [ 32.342524] [ 32.342635] Memory state around the buggy address: [ 32.342776] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.342822] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.342874] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.342922] ^ [ 32.343202] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.343369] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.343454] ================================================================== [ 32.461172] ================================================================== [ 32.461220] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 32.461271] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.461822] [ 32.461941] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.462057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.462086] Hardware name: linux,dummy-virt (DT) [ 32.462119] Call trace: [ 32.462144] show_stack+0x20/0x38 (C) [ 32.462238] dump_stack_lvl+0x8c/0xd0 [ 32.462289] print_report+0x118/0x608 [ 32.462348] kasan_report+0xdc/0x128 [ 32.462594] kasan_check_range+0x100/0x1a8 [ 32.462694] __kasan_check_write+0x20/0x30 [ 32.462816] kasan_atomics_helper+0x10c0/0x4858 [ 32.463255] kasan_atomics+0x198/0x2e0 [ 32.463351] kunit_try_run_case+0x170/0x3f0 [ 32.463493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.463611] kthread+0x328/0x630 [ 32.463744] ret_from_fork+0x10/0x20 [ 32.463910] [ 32.464018] Allocated by task 298: [ 32.464098] kasan_save_stack+0x3c/0x68 [ 32.464230] kasan_save_track+0x20/0x40 [ 32.464351] kasan_save_alloc_info+0x40/0x58 [ 32.464494] __kasan_kmalloc+0xd4/0xd8 [ 32.464564] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.464608] kasan_atomics+0xb8/0x2e0 [ 32.464649] kunit_try_run_case+0x170/0x3f0 [ 32.464920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.465185] kthread+0x328/0x630 [ 32.465245] ret_from_fork+0x10/0x20 [ 32.465646] [ 32.465794] The buggy address belongs to the object at fff00000c5ae7400 [ 32.465794] which belongs to the cache kmalloc-64 of size 64 [ 32.465881] The buggy address is located 0 bytes to the right of [ 32.465881] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.465962] [ 32.465986] The buggy address belongs to the physical page: [ 32.466022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.466372] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.466488] page_type: f5(slab) [ 32.466675] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.466806] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.467013] page dumped because: kasan: bad access detected [ 32.467049] [ 32.467070] Memory state around the buggy address: [ 32.467338] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.467435] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.467541] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.467621] ^ [ 32.468130] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.468267] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.468367] ================================================================== [ 32.381581] ================================================================== [ 32.381622] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 32.381670] Read of size 4 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.381736] [ 32.381768] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.382403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.382494] Hardware name: linux,dummy-virt (DT) [ 32.382574] Call trace: [ 32.382769] show_stack+0x20/0x38 (C) [ 32.382824] dump_stack_lvl+0x8c/0xd0 [ 32.382873] print_report+0x118/0x608 [ 32.382935] kasan_report+0xdc/0x128 [ 32.383090] __asan_report_load4_noabort+0x20/0x30 [ 32.383305] kasan_atomics_helper+0x3dd8/0x4858 [ 32.383636] kasan_atomics+0x198/0x2e0 [ 32.383833] kunit_try_run_case+0x170/0x3f0 [ 32.383970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.384030] kthread+0x328/0x630 [ 32.384306] ret_from_fork+0x10/0x20 [ 32.384594] [ 32.384756] Allocated by task 298: [ 32.384995] kasan_save_stack+0x3c/0x68 [ 32.385086] kasan_save_track+0x20/0x40 [ 32.385136] kasan_save_alloc_info+0x40/0x58 [ 32.385374] __kasan_kmalloc+0xd4/0xd8 [ 32.385572] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.386081] kasan_atomics+0xb8/0x2e0 [ 32.386191] kunit_try_run_case+0x170/0x3f0 [ 32.386250] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.386297] kthread+0x328/0x630 [ 32.386597] ret_from_fork+0x10/0x20 [ 32.386811] [ 32.387259] The buggy address belongs to the object at fff00000c5ae7400 [ 32.387259] which belongs to the cache kmalloc-64 of size 64 [ 32.387347] The buggy address is located 0 bytes to the right of [ 32.387347] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.387428] [ 32.387452] The buggy address belongs to the physical page: [ 32.387667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.387873] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.387981] page_type: f5(slab) [ 32.388275] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.388404] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.388525] page dumped because: kasan: bad access detected [ 32.388664] [ 32.389123] Memory state around the buggy address: [ 32.389219] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.389274] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.389686] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.389757] ^ [ 32.389825] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.390263] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.390353] ================================================================== [ 32.545504] ================================================================== [ 32.545551] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 32.545602] Read of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.545654] [ 32.545686] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.545780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.545810] Hardware name: linux,dummy-virt (DT) [ 32.545842] Call trace: [ 32.546417] show_stack+0x20/0x38 (C) [ 32.546489] dump_stack_lvl+0x8c/0xd0 [ 32.546558] print_report+0x118/0x608 [ 32.546615] kasan_report+0xdc/0x128 [ 32.547000] __asan_report_load8_noabort+0x20/0x30 [ 32.547081] kasan_atomics_helper+0x3df4/0x4858 [ 32.547385] kasan_atomics+0x198/0x2e0 [ 32.547478] kunit_try_run_case+0x170/0x3f0 [ 32.547561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.547823] kthread+0x328/0x630 [ 32.548092] ret_from_fork+0x10/0x20 [ 32.548204] [ 32.548332] Allocated by task 298: [ 32.548487] kasan_save_stack+0x3c/0x68 [ 32.548551] kasan_save_track+0x20/0x40 [ 32.548940] kasan_save_alloc_info+0x40/0x58 [ 32.549012] __kasan_kmalloc+0xd4/0xd8 [ 32.549184] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.549432] kasan_atomics+0xb8/0x2e0 [ 32.549533] kunit_try_run_case+0x170/0x3f0 [ 32.549757] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.549847] kthread+0x328/0x630 [ 32.549885] ret_from_fork+0x10/0x20 [ 32.550273] [ 32.550362] The buggy address belongs to the object at fff00000c5ae7400 [ 32.550362] which belongs to the cache kmalloc-64 of size 64 [ 32.550499] The buggy address is located 0 bytes to the right of [ 32.550499] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.550651] [ 32.550844] The buggy address belongs to the physical page: [ 32.551149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.551305] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.551394] page_type: f5(slab) [ 32.551443] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.551653] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.551865] page dumped because: kasan: bad access detected [ 32.552088] [ 32.552148] Memory state around the buggy address: [ 32.552184] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.552247] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.552305] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.552624] ^ [ 32.552729] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.552803] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.553254] ================================================================== [ 32.457631] ================================================================== [ 32.457766] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 32.457915] Write of size 8 at addr fff00000c5ae7430 by task kunit_try_catch/298 [ 32.458097] [ 32.458210] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.458345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.458394] Hardware name: linux,dummy-virt (DT) [ 32.458427] Call trace: [ 32.458452] show_stack+0x20/0x38 (C) [ 32.458532] dump_stack_lvl+0x8c/0xd0 [ 32.458894] print_report+0x118/0x608 [ 32.458968] kasan_report+0xdc/0x128 [ 32.459018] kasan_check_range+0x100/0x1a8 [ 32.459065] __kasan_check_write+0x20/0x30 [ 32.459114] kasan_atomics_helper+0x1058/0x4858 [ 32.459177] kasan_atomics+0x198/0x2e0 [ 32.459246] kunit_try_run_case+0x170/0x3f0 [ 32.459322] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.459391] kthread+0x328/0x630 [ 32.459444] ret_from_fork+0x10/0x20 [ 32.459515] [ 32.459547] Allocated by task 298: [ 32.459577] kasan_save_stack+0x3c/0x68 [ 32.459623] kasan_save_track+0x20/0x40 [ 32.459666] kasan_save_alloc_info+0x40/0x58 [ 32.459726] __kasan_kmalloc+0xd4/0xd8 [ 32.459766] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.459810] kasan_atomics+0xb8/0x2e0 [ 32.459861] kunit_try_run_case+0x170/0x3f0 [ 32.459920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.459970] kthread+0x328/0x630 [ 32.460007] ret_from_fork+0x10/0x20 [ 32.460046] [ 32.460070] The buggy address belongs to the object at fff00000c5ae7400 [ 32.460070] which belongs to the cache kmalloc-64 of size 64 [ 32.460141] The buggy address is located 0 bytes to the right of [ 32.460141] allocated 48-byte region [fff00000c5ae7400, fff00000c5ae7430) [ 32.460218] [ 32.460271] The buggy address belongs to the physical page: [ 32.460317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae7 [ 32.460381] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.460439] page_type: f5(slab) [ 32.460498] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.460559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.460606] page dumped because: kasan: bad access detected [ 32.460648] [ 32.460678] Memory state around the buggy address: [ 32.460712] fff00000c5ae7300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.460758] fff00000c5ae7380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.460807] >fff00000c5ae7400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.460857] ^ [ 32.460893] fff00000c5ae7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.460948] fff00000c5ae7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.460989] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 32.001031] ================================================================== [ 32.001087] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 32.001139] Read of size 1 at addr fff00000c5ad9b50 by task kunit_try_catch/292 [ 32.001212] [ 32.001244] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.001338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.001366] Hardware name: linux,dummy-virt (DT) [ 32.001398] Call trace: [ 32.001437] show_stack+0x20/0x38 (C) [ 32.001487] dump_stack_lvl+0x8c/0xd0 [ 32.001535] print_report+0x118/0x608 [ 32.001582] kasan_report+0xdc/0x128 [ 32.001640] __asan_report_load1_noabort+0x20/0x30 [ 32.001690] kasan_strings+0x95c/0xb00 [ 32.001737] kunit_try_run_case+0x170/0x3f0 [ 32.001787] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.001841] kthread+0x328/0x630 [ 32.001883] ret_from_fork+0x10/0x20 [ 32.002570] [ 32.002598] Allocated by task 292: [ 32.002740] kasan_save_stack+0x3c/0x68 [ 32.002827] kasan_save_track+0x20/0x40 [ 32.003005] kasan_save_alloc_info+0x40/0x58 [ 32.003055] __kasan_kmalloc+0xd4/0xd8 [ 32.003257] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.004299] Freed by task 292: [ 32.005493] kthread+0x328/0x630 [ 32.006268] [ 32.006389] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.006887] [ 32.007359] >fff00000c5ad9b00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 32.010231] Hardware name: linux,dummy-virt (DT) [ 32.013086] kasan_save_alloc_info+0x40/0x58 [ 32.013288] __kasan_kmalloc+0xd4/0xd8 [ 32.013938] kasan_save_stack+0x3c/0x68 [ 32.014361] ret_from_fork+0x10/0x20 [ 32.014624] The buggy address belongs to the physical page: [ 32.015678] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 32.019231] Read of size 1 at addr fff00000c5ad9b50 by task kunit_try_catch/292 [ 32.020693] strnlen+0x80/0x88 [ 32.020748] kasan_strings+0x478/0xb00 [ 32.021965] kasan_save_track+0x20/0x40 [ 32.023999] kasan_save_stack+0x3c/0x68 [ 32.025610] [ 32.025700] The buggy address is located 16 bytes inside of [ 32.025700] freed 32-byte region [fff00000c5ad9b40, fff00000c5ad9b60) [ 32.027310] Memory state around the buggy address: [ 32.033767] not ok 62 kasan_strings [ 32.037444] [ 32.037565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.039954] kthread+0x328/0x630 [ 32.041210] __kasan_kmalloc+0xd4/0xd8 [ 32.042271] kthread+0x328/0x630 [ 32.043853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085e8 [ 32.046283] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 31.992891] ================================================================== [ 31.993082] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 31.993144] Read of size 1 at addr fff00000c5ad9b50 by task kunit_try_catch/292 [ 31.993354] [ 31.993408] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.993584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.993619] Hardware name: linux,dummy-virt (DT) [ 31.993654] Call trace: [ 31.993680] show_stack+0x20/0x38 (C) [ 31.993776] dump_stack_lvl+0x8c/0xd0 [ 31.993872] print_report+0x118/0x608 [ 31.993945] kasan_report+0xdc/0x128 [ 31.993995] __asan_report_load1_noabort+0x20/0x30 [ 31.994083] strcmp+0xc0/0xc8 [ 31.994127] kasan_strings+0x340/0xb00 [ 31.994176] kunit_try_run_case+0x170/0x3f0 [ 31.994225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.994281] kthread+0x328/0x630 [ 31.994326] ret_from_fork+0x10/0x20 [ 31.994572] [ 31.994679] Allocated by task 292: [ 31.994747] kasan_save_stack+0x3c/0x68 [ 31.994839] kasan_save_track+0x20/0x40 [ 31.995004] kasan_save_alloc_info+0x40/0x58 [ 31.995204] __kasan_kmalloc+0xd4/0xd8 [ 31.995366] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.995412] kasan_strings+0xc8/0xb00 [ 31.995658] kunit_try_run_case+0x170/0x3f0 [ 31.995739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.995880] kthread+0x328/0x630 [ 31.996065] ret_from_fork+0x10/0x20 [ 31.996132] [ 31.996331] Freed by task 292: [ 31.996416] kasan_save_stack+0x3c/0x68 [ 31.996459] kasan_save_track+0x20/0x40 [ 31.996699] kasan_save_free_info+0x4c/0x78 [ 31.996747] __kasan_slab_free+0x6c/0x98 [ 31.996846] kfree+0x214/0x3c8 [ 31.996892] kasan_strings+0x24c/0xb00 [ 31.997062] kunit_try_run_case+0x170/0x3f0 [ 31.997116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.997323] kthread+0x328/0x630 [ 31.997571] ret_from_fork+0x10/0x20 [ 31.998017] [ 31.998046] The buggy address belongs to the object at fff00000c5ad9b40 [ 31.998046] which belongs to the cache kmalloc-32 of size 32 [ 31.998123] The buggy address is located 16 bytes inside of [ 31.998123] freed 32-byte region [fff00000c5ad9b40, fff00000c5ad9b60) [ 31.998208] [ 31.998234] The buggy address belongs to the physical page: [ 31.998266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad9 [ 31.998471] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.998657] page_type: f5(slab) [ 31.998706] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.998793] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.998847] page dumped because: kasan: bad access detected [ 31.998974] [ 31.999027] Memory state around the buggy address: [ 31.999063] fff00000c5ad9a00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.999270] fff00000c5ad9a80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.999316] >fff00000c5ad9b00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.999394] ^ [ 31.999468] fff00000c5ad9b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.999599] fff00000c5ad9c00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 31.999873] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 31.976581] ================================================================== [ 31.976644] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 31.976971] Read of size 1 at addr fff00000c5ad9998 by task kunit_try_catch/290 [ 31.977255] [ 31.977349] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.977447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.977477] Hardware name: linux,dummy-virt (DT) [ 31.977524] Call trace: [ 31.977549] show_stack+0x20/0x38 (C) [ 31.977606] dump_stack_lvl+0x8c/0xd0 [ 31.977661] print_report+0x118/0x608 [ 31.977713] kasan_report+0xdc/0x128 [ 31.977762] __asan_report_load1_noabort+0x20/0x30 [ 31.977814] memcmp+0x198/0x1d8 [ 31.977869] kasan_memcmp+0x16c/0x300 [ 31.977929] kunit_try_run_case+0x170/0x3f0 [ 31.977980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.978038] kthread+0x328/0x630 [ 31.978091] ret_from_fork+0x10/0x20 [ 31.978141] [ 31.978168] Allocated by task 290: [ 31.978202] kasan_save_stack+0x3c/0x68 [ 31.978246] kasan_save_track+0x20/0x40 [ 31.978287] kasan_save_alloc_info+0x40/0x58 [ 31.978333] __kasan_kmalloc+0xd4/0xd8 [ 31.978375] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.978425] kasan_memcmp+0xbc/0x300 [ 31.978464] kunit_try_run_case+0x170/0x3f0 [ 31.978504] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.978551] kthread+0x328/0x630 [ 31.978584] ret_from_fork+0x10/0x20 [ 31.978628] [ 31.978650] The buggy address belongs to the object at fff00000c5ad9980 [ 31.978650] which belongs to the cache kmalloc-32 of size 32 [ 31.978719] The buggy address is located 0 bytes to the right of [ 31.978719] allocated 24-byte region [fff00000c5ad9980, fff00000c5ad9998) [ 31.978794] [ 31.978820] The buggy address belongs to the physical page: [ 31.978853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ad9 [ 31.978929] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.979734] page_type: f5(slab) [ 31.979788] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.980017] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.980141] page dumped because: kasan: bad access detected [ 31.980323] [ 31.980468] Memory state around the buggy address: [ 31.980505] fff00000c5ad9880: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 31.980569] fff00000c5ad9900: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.980855] >fff00000c5ad9980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.980949] ^ [ 31.981016] fff00000c5ad9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.981102] fff00000c5ad9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.981204] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 31.950978] ================================================================== [ 31.951063] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 31.951131] Read of size 1 at addr ffff800080bc7b4a by task kunit_try_catch/286 [ 31.951185] [ 31.951218] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.951309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.951338] Hardware name: linux,dummy-virt (DT) [ 31.951374] Call trace: [ 31.951400] show_stack+0x20/0x38 (C) [ 31.951452] dump_stack_lvl+0x8c/0xd0 [ 31.951501] print_report+0x310/0x608 [ 31.951563] kasan_report+0xdc/0x128 [ 31.951614] __asan_report_load1_noabort+0x20/0x30 [ 31.951665] kasan_alloca_oob_right+0x2dc/0x340 [ 31.951716] kunit_try_run_case+0x170/0x3f0 [ 31.951766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.951824] kthread+0x328/0x630 [ 31.951870] ret_from_fork+0x10/0x20 [ 31.952267] [ 31.952294] The buggy address belongs to stack of task kunit_try_catch/286 [ 31.952630] [ 31.952667] The buggy address belongs to the virtual mapping at [ 31.952667] [ffff800080bc0000, ffff800080bc9000) created by: [ 31.952667] kernel_clone+0x150/0x7a8 [ 31.952834] [ 31.952863] The buggy address belongs to the physical page: [ 31.952911] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aee [ 31.952980] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.953203] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.953273] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.953380] page dumped because: kasan: bad access detected [ 31.953500] [ 31.953597] Memory state around the buggy address: [ 31.953654] ffff800080bc7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.953843] ffff800080bc7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.953921] >ffff800080bc7b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 31.954031] ^ [ 31.954106] ffff800080bc7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 31.954161] ffff800080bc7c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.954458] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 31.939248] ================================================================== [ 31.939353] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 31.939450] Read of size 1 at addr ffff800080bc7b5f by task kunit_try_catch/284 [ 31.939558] [ 31.939593] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.939868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.939944] Hardware name: linux,dummy-virt (DT) [ 31.939984] Call trace: [ 31.940012] show_stack+0x20/0x38 (C) [ 31.940067] dump_stack_lvl+0x8c/0xd0 [ 31.940136] print_report+0x310/0x608 [ 31.940188] kasan_report+0xdc/0x128 [ 31.940238] __asan_report_load1_noabort+0x20/0x30 [ 31.940291] kasan_alloca_oob_left+0x2b8/0x310 [ 31.940351] kunit_try_run_case+0x170/0x3f0 [ 31.940403] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.940461] kthread+0x328/0x630 [ 31.940515] ret_from_fork+0x10/0x20 [ 31.940568] [ 31.940597] The buggy address belongs to stack of task kunit_try_catch/284 [ 31.940672] [ 31.940712] The buggy address belongs to the virtual mapping at [ 31.940712] [ffff800080bc0000, ffff800080bc9000) created by: [ 31.940712] kernel_clone+0x150/0x7a8 [ 31.940807] [ 31.940832] The buggy address belongs to the physical page: [ 31.940876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aee [ 31.941367] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.941509] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.941625] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.941748] page dumped because: kasan: bad access detected [ 31.941836] [ 31.941961] Memory state around the buggy address: [ 31.942001] ffff800080bc7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.942051] ffff800080bc7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.942260] >ffff800080bc7b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 31.942350] ^ [ 31.942468] ffff800080bc7b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 31.942534] ffff800080bc7c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.942614] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 31.919868] ================================================================== [ 31.920193] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 31.920281] Read of size 1 at addr ffff800080ba7c2a by task kunit_try_catch/282 [ 31.920333] [ 31.920367] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.920709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.920763] Hardware name: linux,dummy-virt (DT) [ 31.920802] Call trace: [ 31.920848] show_stack+0x20/0x38 (C) [ 31.920922] dump_stack_lvl+0x8c/0xd0 [ 31.921076] print_report+0x310/0x608 [ 31.921173] kasan_report+0xdc/0x128 [ 31.921245] __asan_report_load1_noabort+0x20/0x30 [ 31.921405] kasan_stack_oob+0x238/0x270 [ 31.921452] kunit_try_run_case+0x170/0x3f0 [ 31.921503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.921568] kthread+0x328/0x630 [ 31.921673] ret_from_fork+0x10/0x20 [ 31.921773] [ 31.921842] The buggy address belongs to stack of task kunit_try_catch/282 [ 31.922465] and is located at offset 138 in frame: [ 31.922554] kasan_stack_oob+0x0/0x270 [ 31.922709] [ 31.922753] This frame has 4 objects: [ 31.922985] [48, 49) '__assertion' [ 31.923036] [64, 72) 'array' [ 31.923201] [96, 112) '__assertion' [ 31.923302] [128, 138) 'stack_array' [ 31.923364] [ 31.923407] The buggy address belongs to the virtual mapping at [ 31.923407] [ffff800080ba0000, ffff800080ba9000) created by: [ 31.923407] kernel_clone+0x150/0x7a8 [ 31.923541] [ 31.923613] The buggy address belongs to the physical page: [ 31.923654] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ac4 [ 31.923853] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.925090] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.925152] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.925691] page dumped because: kasan: bad access detected [ 31.925736] [ 31.925758] Memory state around the buggy address: [ 31.925794] ffff800080ba7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.926181] ffff800080ba7b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 31.926235] >ffff800080ba7c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 31.926276] ^ [ 31.926667] ffff800080ba7c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 31.926716] ffff800080ba7d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.927102] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 31.897030] ================================================================== [ 31.897093] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 31.897149] Read of size 1 at addr ffffa0287211268d by task kunit_try_catch/278 [ 31.897430] [ 31.897779] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.898109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.898140] Hardware name: linux,dummy-virt (DT) [ 31.898173] Call trace: [ 31.898200] show_stack+0x20/0x38 (C) [ 31.898255] dump_stack_lvl+0x8c/0xd0 [ 31.898302] print_report+0x310/0x608 [ 31.898352] kasan_report+0xdc/0x128 [ 31.898841] __asan_report_load1_noabort+0x20/0x30 [ 31.898926] kasan_global_oob_right+0x230/0x270 [ 31.899415] kunit_try_run_case+0x170/0x3f0 [ 31.899495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.899743] kthread+0x328/0x630 [ 31.899791] ret_from_fork+0x10/0x20 [ 31.899851] [ 31.899955] The buggy address belongs to the variable: [ 31.899990] global_array+0xd/0x40 [ 31.900059] [ 31.900425] The buggy address belongs to the virtual mapping at [ 31.900425] [ffffa02870290000, ffffa028721d1000) created by: [ 31.900425] paging_init+0x66c/0x7d0 [ 31.900775] [ 31.901267] The buggy address belongs to the physical page: [ 31.901314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47d12 [ 31.901592] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 31.901799] raw: 03fffe0000002000 ffffc1ffc01f4488 ffffc1ffc01f4488 0000000000000000 [ 31.902022] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.902134] page dumped because: kasan: bad access detected [ 31.902222] [ 31.902304] Memory state around the buggy address: [ 31.902347] ffffa02872112580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.902408] ffffa02872112600: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 [ 31.902454] >ffffa02872112680: 00 02 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 31.902496] ^ [ 31.902540] ffffa02872112700: 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 31.902583] ffffa02872112780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.902988] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 31.863105] ================================================================== [ 31.863385] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.863508] Free of addr fff00000c929ff01 by task kunit_try_catch/274 [ 31.863685] [ 31.863718] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.863805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.863833] Hardware name: linux,dummy-virt (DT) [ 31.863864] Call trace: [ 31.863887] show_stack+0x20/0x38 (C) [ 31.864156] dump_stack_lvl+0x8c/0xd0 [ 31.864375] print_report+0x118/0x608 [ 31.864522] kasan_report_invalid_free+0xc0/0xe8 [ 31.864588] check_slab_allocation+0xfc/0x108 [ 31.864715] __kasan_mempool_poison_object+0x78/0x150 [ 31.864832] mempool_free+0x28c/0x328 [ 31.865101] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.865399] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.865629] kunit_try_run_case+0x170/0x3f0 [ 31.865693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.865806] kthread+0x328/0x630 [ 31.865850] ret_from_fork+0x10/0x20 [ 31.865908] [ 31.865928] Allocated by task 274: [ 31.865957] kasan_save_stack+0x3c/0x68 [ 31.866021] kasan_save_track+0x20/0x40 [ 31.866058] kasan_save_alloc_info+0x40/0x58 [ 31.866134] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.866352] remove_element+0x130/0x1f8 [ 31.866535] mempool_alloc_preallocated+0x58/0xc0 [ 31.866577] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 31.866619] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.866661] kunit_try_run_case+0x170/0x3f0 [ 31.866701] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.866744] kthread+0x328/0x630 [ 31.866777] ret_from_fork+0x10/0x20 [ 31.866831] [ 31.866937] The buggy address belongs to the object at fff00000c929ff00 [ 31.866937] which belongs to the cache kmalloc-128 of size 128 [ 31.867205] The buggy address is located 1 bytes inside of [ 31.867205] 128-byte region [fff00000c929ff00, fff00000c929ff80) [ 31.867265] [ 31.867291] The buggy address belongs to the physical page: [ 31.867404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f [ 31.867544] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.867592] page_type: f5(slab) [ 31.867636] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.867797] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 31.867873] page dumped because: kasan: bad access detected [ 31.867915] [ 31.867934] Memory state around the buggy address: [ 31.867966] fff00000c929fe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.868010] fff00000c929fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.868051] >fff00000c929ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.868435] ^ [ 31.868566] fff00000c929ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.868779] fff00000c92a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.868825] ================================================================== [ 31.882328] ================================================================== [ 31.882390] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.882479] Free of addr fff00000c9c14001 by task kunit_try_catch/276 [ 31.882638] [ 31.882675] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.882955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.882988] Hardware name: linux,dummy-virt (DT) [ 31.883018] Call trace: [ 31.883041] show_stack+0x20/0x38 (C) [ 31.883094] dump_stack_lvl+0x8c/0xd0 [ 31.883138] print_report+0x118/0x608 [ 31.883186] kasan_report_invalid_free+0xc0/0xe8 [ 31.883236] __kasan_mempool_poison_object+0xfc/0x150 [ 31.883288] mempool_free+0x28c/0x328 [ 31.883332] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.883400] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 31.883454] kunit_try_run_case+0x170/0x3f0 [ 31.883501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.883555] kthread+0x328/0x630 [ 31.883597] ret_from_fork+0x10/0x20 [ 31.883646] [ 31.883674] The buggy address belongs to the physical page: [ 31.883808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c14 [ 31.884130] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.884431] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.884488] page_type: f8(unknown) [ 31.884528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.884711] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.885075] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.885186] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.885286] head: 0bfffe0000000002 ffffc1ffc3270501 00000000ffffffff 00000000ffffffff [ 31.885359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.885561] page dumped because: kasan: bad access detected [ 31.885610] [ 31.885628] Memory state around the buggy address: [ 31.885662] fff00000c9c13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.886185] fff00000c9c13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.886244] >fff00000c9c14000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886286] ^ [ 31.886314] fff00000c9c14080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886386] fff00000c9c14100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.886426] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 31.851039] ================================================================== [ 31.851096] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.851501] Free of addr fff00000c9c10000 by task kunit_try_catch/272 [ 31.851559] [ 31.851590] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.851676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.851703] Hardware name: linux,dummy-virt (DT) [ 31.851735] Call trace: [ 31.851767] show_stack+0x20/0x38 (C) [ 31.851819] dump_stack_lvl+0x8c/0xd0 [ 31.852022] print_report+0x118/0x608 [ 31.852314] kasan_report_invalid_free+0xc0/0xe8 [ 31.852389] __kasan_mempool_poison_pages+0xe0/0xe8 [ 31.852441] mempool_free+0x24c/0x328 [ 31.852487] mempool_double_free_helper+0x150/0x2e8 [ 31.852535] mempool_page_alloc_double_free+0xbc/0x118 [ 31.852817] kunit_try_run_case+0x170/0x3f0 [ 31.852913] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.852968] kthread+0x328/0x630 [ 31.853251] ret_from_fork+0x10/0x20 [ 31.853300] [ 31.853320] The buggy address belongs to the physical page: [ 31.853351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c10 [ 31.853403] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.853463] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.853520] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.853736] page dumped because: kasan: bad access detected [ 31.853769] [ 31.853787] Memory state around the buggy address: [ 31.854092] fff00000c9c0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.854165] fff00000c9c0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.854209] >fff00000c9c10000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.854247] ^ [ 31.854276] fff00000c9c10080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.854400] fff00000c9c10100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.854441] ================================================================== [ 31.823874] ================================================================== [ 31.823971] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.824226] Free of addr fff00000c929fb00 by task kunit_try_catch/268 [ 31.824428] [ 31.824569] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.824765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.824796] Hardware name: linux,dummy-virt (DT) [ 31.824830] Call trace: [ 31.824854] show_stack+0x20/0x38 (C) [ 31.824913] dump_stack_lvl+0x8c/0xd0 [ 31.824958] print_report+0x118/0x608 [ 31.825005] kasan_report_invalid_free+0xc0/0xe8 [ 31.825054] check_slab_allocation+0xd4/0x108 [ 31.825104] __kasan_mempool_poison_object+0x78/0x150 [ 31.825155] mempool_free+0x28c/0x328 [ 31.825200] mempool_double_free_helper+0x150/0x2e8 [ 31.825250] mempool_kmalloc_double_free+0xc0/0x118 [ 31.825299] kunit_try_run_case+0x170/0x3f0 [ 31.825349] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.825433] kthread+0x328/0x630 [ 31.825476] ret_from_fork+0x10/0x20 [ 31.825524] [ 31.825543] Allocated by task 268: [ 31.825573] kasan_save_stack+0x3c/0x68 [ 31.825616] kasan_save_track+0x20/0x40 [ 31.825654] kasan_save_alloc_info+0x40/0x58 [ 31.825692] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.825765] remove_element+0x130/0x1f8 [ 31.825915] mempool_alloc_preallocated+0x58/0xc0 [ 31.826043] mempool_double_free_helper+0x94/0x2e8 [ 31.826085] mempool_kmalloc_double_free+0xc0/0x118 [ 31.826135] kunit_try_run_case+0x170/0x3f0 [ 31.826251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.826308] kthread+0x328/0x630 [ 31.826340] ret_from_fork+0x10/0x20 [ 31.826410] [ 31.826429] Freed by task 268: [ 31.826468] kasan_save_stack+0x3c/0x68 [ 31.826617] kasan_save_track+0x20/0x40 [ 31.826686] kasan_save_free_info+0x4c/0x78 [ 31.826730] __kasan_mempool_poison_object+0xc0/0x150 [ 31.826773] mempool_free+0x28c/0x328 [ 31.826808] mempool_double_free_helper+0x100/0x2e8 [ 31.826849] mempool_kmalloc_double_free+0xc0/0x118 [ 31.826890] kunit_try_run_case+0x170/0x3f0 [ 31.826937] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.827001] kthread+0x328/0x630 [ 31.827033] ret_from_fork+0x10/0x20 [ 31.827069] [ 31.827088] The buggy address belongs to the object at fff00000c929fb00 [ 31.827088] which belongs to the cache kmalloc-128 of size 128 [ 31.827146] The buggy address is located 0 bytes inside of [ 31.827146] 128-byte region [fff00000c929fb00, fff00000c929fb80) [ 31.827223] [ 31.827243] The buggy address belongs to the physical page: [ 31.827280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f [ 31.827437] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.827526] page_type: f5(slab) [ 31.827643] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.827702] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.827870] page dumped because: kasan: bad access detected [ 31.827911] [ 31.827930] Memory state around the buggy address: [ 31.827962] fff00000c929fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.828006] fff00000c929fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.828086] >fff00000c929fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.828150] ^ [ 31.828212] fff00000c929fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.828359] fff00000c929fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.828401] ================================================================== [ 31.836022] ================================================================== [ 31.836084] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.836137] Free of addr fff00000c9c10000 by task kunit_try_catch/270 [ 31.836180] [ 31.836210] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.836295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.836323] Hardware name: linux,dummy-virt (DT) [ 31.836356] Call trace: [ 31.836386] show_stack+0x20/0x38 (C) [ 31.836538] dump_stack_lvl+0x8c/0xd0 [ 31.836681] print_report+0x118/0x608 [ 31.837223] kasan_report_invalid_free+0xc0/0xe8 [ 31.837321] __kasan_mempool_poison_object+0x14c/0x150 [ 31.837387] mempool_free+0x28c/0x328 [ 31.837432] mempool_double_free_helper+0x150/0x2e8 [ 31.837847] mempool_kmalloc_large_double_free+0xc0/0x118 [ 31.838089] kunit_try_run_case+0x170/0x3f0 [ 31.838142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.838195] kthread+0x328/0x630 [ 31.838239] ret_from_fork+0x10/0x20 [ 31.838287] [ 31.838317] The buggy address belongs to the physical page: [ 31.838349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c10 [ 31.839518] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.839622] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.839682] page_type: f8(unknown) [ 31.839980] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.840090] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.840174] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.840236] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.840427] head: 0bfffe0000000002 ffffc1ffc3270401 00000000ffffffff 00000000ffffffff [ 31.840524] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.840707] page dumped because: kasan: bad access detected [ 31.840741] [ 31.840760] Memory state around the buggy address: [ 31.841140] fff00000c9c0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.841191] fff00000c9c0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.841256] >fff00000c9c10000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.841296] ^ [ 31.841323] fff00000c9c10080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.841423] fff00000c9c10100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.841596] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 31.812413] ================================================================== [ 31.812881] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.812963] Read of size 1 at addr fff00000c9c10000 by task kunit_try_catch/266 [ 31.813025] [ 31.813163] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.813253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.813282] Hardware name: linux,dummy-virt (DT) [ 31.813315] Call trace: [ 31.813340] show_stack+0x20/0x38 (C) [ 31.813392] dump_stack_lvl+0x8c/0xd0 [ 31.813450] print_report+0x118/0x608 [ 31.813499] kasan_report+0xdc/0x128 [ 31.814008] __asan_report_load1_noabort+0x20/0x30 [ 31.814116] mempool_uaf_helper+0x314/0x340 [ 31.814164] mempool_page_alloc_uaf+0xc0/0x118 [ 31.814222] kunit_try_run_case+0x170/0x3f0 [ 31.814277] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.814332] kthread+0x328/0x630 [ 31.814514] ret_from_fork+0x10/0x20 [ 31.814865] [ 31.814969] The buggy address belongs to the physical page: [ 31.815076] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c10 [ 31.815198] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.815263] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.815576] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.815624] page dumped because: kasan: bad access detected [ 31.815657] [ 31.815675] Memory state around the buggy address: [ 31.815736] fff00000c9c0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.815913] fff00000c9c0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.815957] >fff00000c9c10000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.816012] ^ [ 31.816040] fff00000c9c10080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.816089] fff00000c9c10100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.816163] ================================================================== [ 31.747408] ================================================================== [ 31.747780] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.747837] Read of size 1 at addr fff00000c9bdc000 by task kunit_try_catch/262 [ 31.747971] [ 31.748155] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.748454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.748487] Hardware name: linux,dummy-virt (DT) [ 31.748726] Call trace: [ 31.748763] show_stack+0x20/0x38 (C) [ 31.748827] dump_stack_lvl+0x8c/0xd0 [ 31.749004] print_report+0x118/0x608 [ 31.749091] kasan_report+0xdc/0x128 [ 31.749225] __asan_report_load1_noabort+0x20/0x30 [ 31.749274] mempool_uaf_helper+0x314/0x340 [ 31.749324] mempool_kmalloc_large_uaf+0xc4/0x120 [ 31.749377] kunit_try_run_case+0x170/0x3f0 [ 31.749596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.749884] kthread+0x328/0x630 [ 31.750160] ret_from_fork+0x10/0x20 [ 31.750209] [ 31.750233] The buggy address belongs to the physical page: [ 31.750266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bdc [ 31.750559] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.750837] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.750949] page_type: f8(unknown) [ 31.750992] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.751160] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.751240] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.751296] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.751345] head: 0bfffe0000000002 ffffc1ffc326f701 00000000ffffffff 00000000ffffffff [ 31.751647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.751789] page dumped because: kasan: bad access detected [ 31.751853] [ 31.751871] Memory state around the buggy address: [ 31.752179] fff00000c9bdbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.752310] fff00000c9bdbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.752355] >fff00000c9bdc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.752393] ^ [ 31.752619] fff00000c9bdc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.752717] fff00000c9bdc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.752755] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 31.765750] ================================================================== [ 31.765815] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.765870] Read of size 1 at addr fff00000c5aea240 by task kunit_try_catch/264 [ 31.765934] [ 31.766125] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.766306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.766344] Hardware name: linux,dummy-virt (DT) [ 31.766426] Call trace: [ 31.766495] show_stack+0x20/0x38 (C) [ 31.766547] dump_stack_lvl+0x8c/0xd0 [ 31.766831] print_report+0x118/0x608 [ 31.766980] kasan_report+0xdc/0x128 [ 31.767051] __asan_report_load1_noabort+0x20/0x30 [ 31.767125] mempool_uaf_helper+0x314/0x340 [ 31.767266] mempool_slab_uaf+0xc0/0x118 [ 31.767341] kunit_try_run_case+0x170/0x3f0 [ 31.767488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.767587] kthread+0x328/0x630 [ 31.767656] ret_from_fork+0x10/0x20 [ 31.767707] [ 31.767727] Allocated by task 264: [ 31.767784] kasan_save_stack+0x3c/0x68 [ 31.767833] kasan_save_track+0x20/0x40 [ 31.768245] kasan_save_alloc_info+0x40/0x58 [ 31.768557] __kasan_mempool_unpoison_object+0xbc/0x180 [ 31.768818] remove_element+0x16c/0x1f8 [ 31.769124] mempool_alloc_preallocated+0x58/0xc0 [ 31.769194] mempool_uaf_helper+0xa4/0x340 [ 31.769234] mempool_slab_uaf+0xc0/0x118 [ 31.769551] kunit_try_run_case+0x170/0x3f0 [ 31.769629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.769675] kthread+0x328/0x630 [ 31.769709] ret_from_fork+0x10/0x20 [ 31.769747] [ 31.769766] Freed by task 264: [ 31.770066] kasan_save_stack+0x3c/0x68 [ 31.770114] kasan_save_track+0x20/0x40 [ 31.770154] kasan_save_free_info+0x4c/0x78 [ 31.770201] __kasan_mempool_poison_object+0xc0/0x150 [ 31.770278] mempool_free+0x28c/0x328 [ 31.770316] mempool_uaf_helper+0x104/0x340 [ 31.770353] mempool_slab_uaf+0xc0/0x118 [ 31.770392] kunit_try_run_case+0x170/0x3f0 [ 31.770430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.770474] kthread+0x328/0x630 [ 31.770507] ret_from_fork+0x10/0x20 [ 31.770943] [ 31.770970] The buggy address belongs to the object at fff00000c5aea240 [ 31.770970] which belongs to the cache test_cache of size 123 [ 31.771031] The buggy address is located 0 bytes inside of [ 31.771031] freed 123-byte region [fff00000c5aea240, fff00000c5aea2bb) [ 31.771102] [ 31.771125] The buggy address belongs to the physical page: [ 31.771155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aea [ 31.771571] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.771675] page_type: f5(slab) [ 31.772116] raw: 0bfffe0000000000 fff00000c3f32640 dead000000000122 0000000000000000 [ 31.772290] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 31.772332] page dumped because: kasan: bad access detected [ 31.772392] [ 31.772412] Memory state around the buggy address: [ 31.772446] fff00000c5aea100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.772525] fff00000c5aea180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.772568] >fff00000c5aea200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.772746] ^ [ 31.772871] fff00000c5aea280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.772925] fff00000c5aea300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.772965] ================================================================== [ 31.731628] ================================================================== [ 31.731692] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.731754] Read of size 1 at addr fff00000c929f700 by task kunit_try_catch/260 [ 31.731812] [ 31.732022] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.732311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.732419] Hardware name: linux,dummy-virt (DT) [ 31.732454] Call trace: [ 31.732478] show_stack+0x20/0x38 (C) [ 31.732535] dump_stack_lvl+0x8c/0xd0 [ 31.732793] print_report+0x118/0x608 [ 31.733504] kasan_report+0xdc/0x128 [ 31.733554] __asan_report_load1_noabort+0x20/0x30 [ 31.733603] mempool_uaf_helper+0x314/0x340 [ 31.733650] mempool_kmalloc_uaf+0xc4/0x120 [ 31.733698] kunit_try_run_case+0x170/0x3f0 [ 31.733748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.733815] kthread+0x328/0x630 [ 31.733877] ret_from_fork+0x10/0x20 [ 31.733934] [ 31.733952] Allocated by task 260: [ 31.733982] kasan_save_stack+0x3c/0x68 [ 31.734024] kasan_save_track+0x20/0x40 [ 31.734131] kasan_save_alloc_info+0x40/0x58 [ 31.734171] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.734295] remove_element+0x130/0x1f8 [ 31.734334] mempool_alloc_preallocated+0x58/0xc0 [ 31.734380] mempool_uaf_helper+0xa4/0x340 [ 31.734452] mempool_kmalloc_uaf+0xc4/0x120 [ 31.734491] kunit_try_run_case+0x170/0x3f0 [ 31.734529] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.734585] kthread+0x328/0x630 [ 31.734617] ret_from_fork+0x10/0x20 [ 31.734664] [ 31.734684] Freed by task 260: [ 31.734711] kasan_save_stack+0x3c/0x68 [ 31.734749] kasan_save_track+0x20/0x40 [ 31.734788] kasan_save_free_info+0x4c/0x78 [ 31.734908] __kasan_mempool_poison_object+0xc0/0x150 [ 31.735024] mempool_free+0x28c/0x328 [ 31.735059] mempool_uaf_helper+0x104/0x340 [ 31.735098] mempool_kmalloc_uaf+0xc4/0x120 [ 31.735200] kunit_try_run_case+0x170/0x3f0 [ 31.735238] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.735283] kthread+0x328/0x630 [ 31.735315] ret_from_fork+0x10/0x20 [ 31.735696] [ 31.735762] The buggy address belongs to the object at fff00000c929f700 [ 31.735762] which belongs to the cache kmalloc-128 of size 128 [ 31.735828] The buggy address is located 0 bytes inside of [ 31.735828] freed 128-byte region [fff00000c929f700, fff00000c929f780) [ 31.735905] [ 31.735927] The buggy address belongs to the physical page: [ 31.735961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f [ 31.736015] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.736305] page_type: f5(slab) [ 31.736474] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.736717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.736761] page dumped because: kasan: bad access detected [ 31.736819] [ 31.736838] Memory state around the buggy address: [ 31.736919] fff00000c929f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.737096] fff00000c929f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.737184] >fff00000c929f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.737318] ^ [ 31.737347] fff00000c929f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.737391] fff00000c929f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.737430] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 31.651390] ================================================================== [ 31.651456] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.651533] Read of size 1 at addr fff00000c929f373 by task kunit_try_catch/254 [ 31.651584] [ 31.651630] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.651723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.652180] Hardware name: linux,dummy-virt (DT) [ 31.652287] Call trace: [ 31.652316] show_stack+0x20/0x38 (C) [ 31.652380] dump_stack_lvl+0x8c/0xd0 [ 31.652431] print_report+0x118/0x608 [ 31.652480] kasan_report+0xdc/0x128 [ 31.652527] __asan_report_load1_noabort+0x20/0x30 [ 31.652577] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.652627] mempool_kmalloc_oob_right+0xc4/0x120 [ 31.652675] kunit_try_run_case+0x170/0x3f0 [ 31.652726] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.652780] kthread+0x328/0x630 [ 31.652826] ret_from_fork+0x10/0x20 [ 31.652877] [ 31.652907] Allocated by task 254: [ 31.652937] kasan_save_stack+0x3c/0x68 [ 31.652984] kasan_save_track+0x20/0x40 [ 31.653976] kasan_save_alloc_info+0x40/0x58 [ 31.654042] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.654090] remove_element+0x130/0x1f8 [ 31.654133] mempool_alloc_preallocated+0x58/0xc0 [ 31.654172] mempool_oob_right_helper+0x98/0x2f0 [ 31.654212] mempool_kmalloc_oob_right+0xc4/0x120 [ 31.654272] kunit_try_run_case+0x170/0x3f0 [ 31.654315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.654360] kthread+0x328/0x630 [ 31.654400] ret_from_fork+0x10/0x20 [ 31.654437] [ 31.654458] The buggy address belongs to the object at fff00000c929f300 [ 31.654458] which belongs to the cache kmalloc-128 of size 128 [ 31.654520] The buggy address is located 0 bytes to the right of [ 31.654520] allocated 115-byte region [fff00000c929f300, fff00000c929f373) [ 31.654596] [ 31.654618] The buggy address belongs to the physical page: [ 31.654654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f [ 31.654710] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.654765] page_type: f5(slab) [ 31.654810] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.654868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.655526] page dumped because: kasan: bad access detected [ 31.655584] [ 31.655605] Memory state around the buggy address: [ 31.655642] fff00000c929f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.655687] fff00000c929f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.655959] >fff00000c929f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.656078] ^ [ 31.656168] fff00000c929f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.656357] fff00000c929f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.656528] ================================================================== [ 31.694302] ================================================================== [ 31.694370] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.695031] Read of size 1 at addr fff00000c9abc2bb by task kunit_try_catch/258 [ 31.695416] [ 31.695455] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.695959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.696070] Hardware name: linux,dummy-virt (DT) [ 31.696166] Call trace: [ 31.696278] show_stack+0x20/0x38 (C) [ 31.696484] dump_stack_lvl+0x8c/0xd0 [ 31.696762] print_report+0x118/0x608 [ 31.696816] kasan_report+0xdc/0x128 [ 31.697276] __asan_report_load1_noabort+0x20/0x30 [ 31.697373] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.697424] mempool_slab_oob_right+0xc0/0x118 [ 31.698021] kunit_try_run_case+0x170/0x3f0 [ 31.698592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.698759] kthread+0x328/0x630 [ 31.698964] ret_from_fork+0x10/0x20 [ 31.699244] [ 31.699432] Allocated by task 258: [ 31.699659] kasan_save_stack+0x3c/0x68 [ 31.699775] kasan_save_track+0x20/0x40 [ 31.699815] kasan_save_alloc_info+0x40/0x58 [ 31.699853] __kasan_mempool_unpoison_object+0xbc/0x180 [ 31.699909] remove_element+0x16c/0x1f8 [ 31.700617] mempool_alloc_preallocated+0x58/0xc0 [ 31.700691] mempool_oob_right_helper+0x98/0x2f0 [ 31.700732] mempool_slab_oob_right+0xc0/0x118 [ 31.701156] kunit_try_run_case+0x170/0x3f0 [ 31.701207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.701564] kthread+0x328/0x630 [ 31.701663] ret_from_fork+0x10/0x20 [ 31.701820] [ 31.701843] The buggy address belongs to the object at fff00000c9abc240 [ 31.701843] which belongs to the cache test_cache of size 123 [ 31.702092] The buggy address is located 0 bytes to the right of [ 31.702092] allocated 123-byte region [fff00000c9abc240, fff00000c9abc2bb) [ 31.702190] [ 31.702645] The buggy address belongs to the physical page: [ 31.702849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109abc [ 31.703084] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.703183] page_type: f5(slab) [ 31.703342] raw: 0bfffe0000000000 fff00000c3f32500 dead000000000122 0000000000000000 [ 31.703591] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 31.703631] page dumped because: kasan: bad access detected [ 31.703663] [ 31.703681] Memory state around the buggy address: [ 31.704163] fff00000c9abc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.704263] fff00000c9abc200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 31.704414] >fff00000c9abc280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 31.704643] ^ [ 31.704684] fff00000c9abc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.704891] fff00000c9abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.704942] ================================================================== [ 31.676791] ================================================================== [ 31.677072] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.677130] Read of size 1 at addr fff00000c9bde001 by task kunit_try_catch/256 [ 31.677180] [ 31.677214] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.677308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.677382] Hardware name: linux,dummy-virt (DT) [ 31.677447] Call trace: [ 31.677575] show_stack+0x20/0x38 (C) [ 31.677717] dump_stack_lvl+0x8c/0xd0 [ 31.677764] print_report+0x118/0x608 [ 31.677810] kasan_report+0xdc/0x128 [ 31.677856] __asan_report_load1_noabort+0x20/0x30 [ 31.677922] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.677972] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 31.678023] kunit_try_run_case+0x170/0x3f0 [ 31.678071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.678124] kthread+0x328/0x630 [ 31.678165] ret_from_fork+0x10/0x20 [ 31.678214] [ 31.678327] The buggy address belongs to the physical page: [ 31.678388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bdc [ 31.678522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.678586] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.678641] page_type: f8(unknown) [ 31.678682] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.678731] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.678781] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.678829] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.678878] head: 0bfffe0000000002 ffffc1ffc326f701 00000000ffffffff 00000000ffffffff [ 31.678938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.678978] page dumped because: kasan: bad access detected [ 31.679009] [ 31.679029] Memory state around the buggy address: [ 31.679061] fff00000c9bddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.679105] fff00000c9bddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.679148] >fff00000c9bde000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.679187] ^ [ 31.679216] fff00000c9bde080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.679257] fff00000c9bde100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.679296] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 31.084918] ================================================================== [ 31.085001] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 31.085075] Read of size 1 at addr fff00000c45b3b40 by task kunit_try_catch/248 [ 31.085126] [ 31.085167] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 31.085257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.085284] Hardware name: linux,dummy-virt (DT) [ 31.085320] Call trace: [ 31.085346] show_stack+0x20/0x38 (C) [ 31.085396] dump_stack_lvl+0x8c/0xd0 [ 31.085448] print_report+0x118/0x608 [ 31.085495] kasan_report+0xdc/0x128 [ 31.085541] __kasan_check_byte+0x54/0x70 [ 31.085587] kmem_cache_destroy+0x34/0x218 [ 31.085636] kmem_cache_double_destroy+0x174/0x300 [ 31.085683] kunit_try_run_case+0x170/0x3f0 [ 31.085770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.085825] kthread+0x328/0x630 [ 31.085867] ret_from_fork+0x10/0x20 [ 31.085927] [ 31.085946] Allocated by task 248: [ 31.085977] kasan_save_stack+0x3c/0x68 [ 31.086021] kasan_save_track+0x20/0x40 [ 31.086062] kasan_save_alloc_info+0x40/0x58 [ 31.086099] __kasan_slab_alloc+0xa8/0xb0 [ 31.086139] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.086180] __kmem_cache_create_args+0x178/0x280 [ 31.086220] kmem_cache_double_destroy+0xc0/0x300 [ 31.086262] kunit_try_run_case+0x170/0x3f0 [ 31.086300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.086345] kthread+0x328/0x630 [ 31.086377] ret_from_fork+0x10/0x20 [ 31.086414] [ 31.086433] Freed by task 248: [ 31.086459] kasan_save_stack+0x3c/0x68 [ 31.086498] kasan_save_track+0x20/0x40 [ 31.086535] kasan_save_free_info+0x4c/0x78 [ 31.086572] __kasan_slab_free+0x6c/0x98 [ 31.086609] kmem_cache_free+0x260/0x468 [ 31.086650] slab_kmem_cache_release+0x38/0x50 [ 31.086690] kmem_cache_release+0x1c/0x30 [ 31.086728] kobject_put+0x17c/0x420 [ 31.086765] sysfs_slab_release+0x1c/0x30 [ 31.086803] kmem_cache_destroy+0x118/0x218 [ 31.086842] kmem_cache_double_destroy+0x128/0x300 [ 31.086883] kunit_try_run_case+0x170/0x3f0 [ 31.086932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.086977] kthread+0x328/0x630 [ 31.087010] ret_from_fork+0x10/0x20 [ 31.087047] [ 31.087066] The buggy address belongs to the object at fff00000c45b3b40 [ 31.087066] which belongs to the cache kmem_cache of size 208 [ 31.087125] The buggy address is located 0 bytes inside of [ 31.087125] freed 208-byte region [fff00000c45b3b40, fff00000c45b3c10) [ 31.087186] [ 31.087209] The buggy address belongs to the physical page: [ 31.087245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045b3 [ 31.087302] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.087355] page_type: f5(slab) [ 31.087396] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 31.087447] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 31.087488] page dumped because: kasan: bad access detected [ 31.087521] [ 31.087539] Memory state around the buggy address: [ 31.087573] fff00000c45b3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.087618] fff00000c45b3a80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 31.087660] >fff00000c45b3b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.087698] ^ [ 31.087731] fff00000c45b3b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.087773] fff00000c45b3c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.087811] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 30.946504] ================================================================== [ 30.946604] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 30.946683] Read of size 1 at addr fff00000c9b7b000 by task kunit_try_catch/246 [ 30.946737] [ 30.946783] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 30.946876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.946919] Hardware name: linux,dummy-virt (DT) [ 30.946956] Call trace: [ 30.946981] show_stack+0x20/0x38 (C) [ 30.947036] dump_stack_lvl+0x8c/0xd0 [ 30.947089] print_report+0x118/0x608 [ 30.947137] kasan_report+0xdc/0x128 [ 30.947182] __asan_report_load1_noabort+0x20/0x30 [ 30.947231] kmem_cache_rcu_uaf+0x388/0x468 [ 30.947280] kunit_try_run_case+0x170/0x3f0 [ 30.947330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.947384] kthread+0x328/0x630 [ 30.947428] ret_from_fork+0x10/0x20 [ 30.947477] [ 30.947494] Allocated by task 246: [ 30.947525] kasan_save_stack+0x3c/0x68 [ 30.947568] kasan_save_track+0x20/0x40 [ 30.947605] kasan_save_alloc_info+0x40/0x58 [ 30.947642] __kasan_slab_alloc+0xa8/0xb0 [ 30.947679] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.947722] kmem_cache_rcu_uaf+0x12c/0x468 [ 30.947761] kunit_try_run_case+0x170/0x3f0 [ 30.947798] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.947842] kthread+0x328/0x630 [ 30.947875] ret_from_fork+0x10/0x20 [ 30.947978] [ 30.948006] Freed by task 0: [ 30.948038] kasan_save_stack+0x3c/0x68 [ 30.948092] kasan_save_track+0x20/0x40 [ 30.948131] kasan_save_free_info+0x4c/0x78 [ 30.948212] __kasan_slab_free+0x6c/0x98 [ 30.948255] slab_free_after_rcu_debug+0xd4/0x2f8 [ 30.948296] rcu_core+0x9f4/0x1e20 [ 30.948334] rcu_core_si+0x18/0x30 [ 30.948380] handle_softirqs+0x374/0xb28 [ 30.948417] __do_softirq+0x1c/0x28 [ 30.948452] [ 30.948471] Last potentially related work creation: [ 30.948499] kasan_save_stack+0x3c/0x68 [ 30.948539] kasan_record_aux_stack+0xb4/0xc8 [ 30.948575] kmem_cache_free+0x120/0x468 [ 30.948613] kmem_cache_rcu_uaf+0x16c/0x468 [ 30.948650] kunit_try_run_case+0x170/0x3f0 [ 30.948699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.948744] kthread+0x328/0x630 [ 30.948775] ret_from_fork+0x10/0x20 [ 30.948816] [ 30.948834] The buggy address belongs to the object at fff00000c9b7b000 [ 30.948834] which belongs to the cache test_cache of size 200 [ 30.948905] The buggy address is located 0 bytes inside of [ 30.948905] freed 200-byte region [fff00000c9b7b000, fff00000c9b7b0c8) [ 30.948968] [ 30.949245] The buggy address belongs to the physical page: [ 30.949359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b7b [ 30.949723] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.949779] page_type: f5(slab) [ 30.949824] raw: 0bfffe0000000000 fff00000c45b3a00 dead000000000122 0000000000000000 [ 30.949877] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.949930] page dumped because: kasan: bad access detected [ 30.949963] [ 30.949983] Memory state around the buggy address: [ 30.950017] fff00000c9b7af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.950061] fff00000c9b7af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.950105] >fff00000c9b7b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.950142] ^ [ 30.950171] fff00000c9b7b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.950213] fff00000c9b7b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.950251] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 30.293290] ================================================================== [ 30.293723] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 30.293875] Free of addr fff00000c9b0c001 by task kunit_try_catch/244 [ 30.293930] [ 30.294175] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 30.294566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.294732] Hardware name: linux,dummy-virt (DT) [ 30.294770] Call trace: [ 30.295126] show_stack+0x20/0x38 (C) [ 30.295197] dump_stack_lvl+0x8c/0xd0 [ 30.295389] print_report+0x118/0x608 [ 30.295603] kasan_report_invalid_free+0xc0/0xe8 [ 30.295829] check_slab_allocation+0xfc/0x108 [ 30.295930] __kasan_slab_pre_free+0x2c/0x48 [ 30.296100] kmem_cache_free+0xf0/0x468 [ 30.296363] kmem_cache_invalid_free+0x184/0x3c8 [ 30.296686] kunit_try_run_case+0x170/0x3f0 [ 30.296822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.296978] kthread+0x328/0x630 [ 30.297066] ret_from_fork+0x10/0x20 [ 30.297479] [ 30.297526] Allocated by task 244: [ 30.297618] kasan_save_stack+0x3c/0x68 [ 30.297707] kasan_save_track+0x20/0x40 [ 30.297914] kasan_save_alloc_info+0x40/0x58 [ 30.298126] __kasan_slab_alloc+0xa8/0xb0 [ 30.298209] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.298557] kmem_cache_invalid_free+0x12c/0x3c8 [ 30.298673] kunit_try_run_case+0x170/0x3f0 [ 30.298837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.299071] kthread+0x328/0x630 [ 30.299233] ret_from_fork+0x10/0x20 [ 30.299491] [ 30.299837] The buggy address belongs to the object at fff00000c9b0c000 [ 30.299837] which belongs to the cache test_cache of size 200 [ 30.300057] The buggy address is located 1 bytes inside of [ 30.300057] 200-byte region [fff00000c9b0c000, fff00000c9b0c0c8) [ 30.300362] [ 30.300392] The buggy address belongs to the physical page: [ 30.300454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b0c [ 30.301032] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.301165] page_type: f5(slab) [ 30.301490] raw: 0bfffe0000000000 fff00000c45b38c0 dead000000000122 0000000000000000 [ 30.301739] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.301826] page dumped because: kasan: bad access detected [ 30.301999] [ 30.302021] Memory state around the buggy address: [ 30.302199] fff00000c9b0bf00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.302596] fff00000c9b0bf80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.303437] >fff00000c9b0c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.303499] ^ [ 30.303694] fff00000c9b0c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 30.303850] fff00000c9b0c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.304099] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 30.244725] ================================================================== [ 30.245493] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 30.245590] Free of addr fff00000c9b10000 by task kunit_try_catch/242 [ 30.245635] [ 30.246418] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 30.246695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.246965] Hardware name: linux,dummy-virt (DT) [ 30.247074] Call trace: [ 30.247099] show_stack+0x20/0x38 (C) [ 30.247519] dump_stack_lvl+0x8c/0xd0 [ 30.247655] print_report+0x118/0x608 [ 30.247723] kasan_report_invalid_free+0xc0/0xe8 [ 30.247772] check_slab_allocation+0xd4/0x108 [ 30.248064] __kasan_slab_pre_free+0x2c/0x48 [ 30.248151] kmem_cache_free+0xf0/0x468 [ 30.248216] kmem_cache_double_free+0x190/0x3c8 [ 30.248275] kunit_try_run_case+0x170/0x3f0 [ 30.248337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.248418] kthread+0x328/0x630 [ 30.248475] ret_from_fork+0x10/0x20 [ 30.248531] [ 30.248565] Allocated by task 242: [ 30.248607] kasan_save_stack+0x3c/0x68 [ 30.248662] kasan_save_track+0x20/0x40 [ 30.248709] kasan_save_alloc_info+0x40/0x58 [ 30.248753] __kasan_slab_alloc+0xa8/0xb0 [ 30.248794] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.248844] kmem_cache_double_free+0x12c/0x3c8 [ 30.248885] kunit_try_run_case+0x170/0x3f0 [ 30.249420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.249682] kthread+0x328/0x630 [ 30.250250] ret_from_fork+0x10/0x20 [ 30.250721] [ 30.250894] Freed by task 242: [ 30.251274] kasan_save_stack+0x3c/0x68 [ 30.251393] kasan_save_track+0x20/0x40 [ 30.251458] kasan_save_free_info+0x4c/0x78 [ 30.251667] __kasan_slab_free+0x6c/0x98 [ 30.251853] kmem_cache_free+0x260/0x468 [ 30.252015] kmem_cache_double_free+0x140/0x3c8 [ 30.252112] kunit_try_run_case+0x170/0x3f0 [ 30.252319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.252504] kthread+0x328/0x630 [ 30.252716] ret_from_fork+0x10/0x20 [ 30.253177] [ 30.253202] The buggy address belongs to the object at fff00000c9b10000 [ 30.253202] which belongs to the cache test_cache of size 200 [ 30.253317] The buggy address is located 0 bytes inside of [ 30.253317] 200-byte region [fff00000c9b10000, fff00000c9b100c8) [ 30.253492] [ 30.253826] The buggy address belongs to the physical page: [ 30.254597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10 [ 30.254704] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.254884] page_type: f5(slab) [ 30.255037] raw: 0bfffe0000000000 fff00000c45b3780 dead000000000122 0000000000000000 [ 30.255361] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.255490] page dumped because: kasan: bad access detected [ 30.255567] [ 30.255703] Memory state around the buggy address: [ 30.255867] fff00000c9b0ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.256301] fff00000c9b0ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.256539] >fff00000c9b10000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.256647] ^ [ 30.256678] fff00000c9b10080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.256962] fff00000c9b10100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.257302] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 29.964986] ================================================================== [ 29.965048] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 29.965173] Read of size 1 at addr fff00000c9b130c8 by task kunit_try_catch/240 [ 29.965242] [ 29.965707] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.965908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.965977] Hardware name: linux,dummy-virt (DT) [ 29.966165] Call trace: [ 29.966191] show_stack+0x20/0x38 (C) [ 29.966256] dump_stack_lvl+0x8c/0xd0 [ 29.966835] print_report+0x118/0x608 [ 29.966975] kasan_report+0xdc/0x128 [ 29.967135] __asan_report_load1_noabort+0x20/0x30 [ 29.967302] kmem_cache_oob+0x344/0x430 [ 29.967448] kunit_try_run_case+0x170/0x3f0 [ 29.967817] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.967931] kthread+0x328/0x630 [ 29.968126] ret_from_fork+0x10/0x20 [ 29.968396] [ 29.968417] Allocated by task 240: [ 29.968705] kasan_save_stack+0x3c/0x68 [ 29.968776] kasan_save_track+0x20/0x40 [ 29.969015] kasan_save_alloc_info+0x40/0x58 [ 29.969126] __kasan_slab_alloc+0xa8/0xb0 [ 29.969243] kmem_cache_alloc_noprof+0x10c/0x398 [ 29.969318] kmem_cache_oob+0x12c/0x430 [ 29.969639] kunit_try_run_case+0x170/0x3f0 [ 29.969786] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.969834] kthread+0x328/0x630 [ 29.969868] ret_from_fork+0x10/0x20 [ 29.969950] [ 29.970248] The buggy address belongs to the object at fff00000c9b13000 [ 29.970248] which belongs to the cache test_cache of size 200 [ 29.970432] The buggy address is located 0 bytes to the right of [ 29.970432] allocated 200-byte region [fff00000c9b13000, fff00000c9b130c8) [ 29.970676] [ 29.970713] The buggy address belongs to the physical page: [ 29.970908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b13 [ 29.971272] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.971354] page_type: f5(slab) [ 29.971460] raw: 0bfffe0000000000 fff00000c45b3640 dead000000000122 0000000000000000 [ 29.971613] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 29.971982] page dumped because: kasan: bad access detected [ 29.972168] [ 29.972251] Memory state around the buggy address: [ 29.972401] fff00000c9b12f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.972503] fff00000c9b13000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.972555] >fff00000c9b13080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 29.972660] ^ [ 29.972698] fff00000c9b13100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.972754] fff00000c9b13180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.972806] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 29.921969] ================================================================== [ 29.922038] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 29.922090] Read of size 8 at addr fff00000c9b3dac0 by task kunit_try_catch/233 [ 29.922141] [ 29.922175] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.922262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.922301] Hardware name: linux,dummy-virt (DT) [ 29.922343] Call trace: [ 29.922369] show_stack+0x20/0x38 (C) [ 29.922417] dump_stack_lvl+0x8c/0xd0 [ 29.922498] print_report+0x118/0x608 [ 29.922547] kasan_report+0xdc/0x128 [ 29.922592] __asan_report_load8_noabort+0x20/0x30 [ 29.922652] workqueue_uaf+0x480/0x4a8 [ 29.922709] kunit_try_run_case+0x170/0x3f0 [ 29.922758] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.922812] kthread+0x328/0x630 [ 29.922867] ret_from_fork+0x10/0x20 [ 29.924210] [ 29.924319] Allocated by task 233: [ 29.924411] kasan_save_stack+0x3c/0x68 [ 29.924485] kasan_save_track+0x20/0x40 [ 29.924815] kasan_save_alloc_info+0x40/0x58 [ 29.925018] __kasan_kmalloc+0xd4/0xd8 [ 29.925177] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.925337] workqueue_uaf+0x13c/0x4a8 [ 29.925656] kunit_try_run_case+0x170/0x3f0 [ 29.926044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.926245] kthread+0x328/0x630 [ 29.926292] ret_from_fork+0x10/0x20 [ 29.926488] [ 29.926514] Freed by task 9: [ 29.926541] kasan_save_stack+0x3c/0x68 [ 29.926864] kasan_save_track+0x20/0x40 [ 29.927023] kasan_save_free_info+0x4c/0x78 [ 29.927254] __kasan_slab_free+0x6c/0x98 [ 29.927472] kfree+0x214/0x3c8 [ 29.927694] workqueue_uaf_work+0x18/0x30 [ 29.927759] process_one_work+0x530/0xf98 [ 29.927988] worker_thread+0x618/0xf38 [ 29.928099] kthread+0x328/0x630 [ 29.928189] ret_from_fork+0x10/0x20 [ 29.928419] [ 29.928442] Last potentially related work creation: [ 29.928476] kasan_save_stack+0x3c/0x68 [ 29.928825] kasan_record_aux_stack+0xb4/0xc8 [ 29.928974] __queue_work+0x65c/0xfe0 [ 29.929186] queue_work_on+0xbc/0xf8 [ 29.929336] workqueue_uaf+0x210/0x4a8 [ 29.929395] kunit_try_run_case+0x170/0x3f0 [ 29.929503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.929985] kthread+0x328/0x630 [ 29.930231] ret_from_fork+0x10/0x20 [ 29.930418] [ 29.930441] The buggy address belongs to the object at fff00000c9b3dac0 [ 29.930441] which belongs to the cache kmalloc-32 of size 32 [ 29.930667] The buggy address is located 0 bytes inside of [ 29.930667] freed 32-byte region [fff00000c9b3dac0, fff00000c9b3dae0) [ 29.930841] [ 29.930887] The buggy address belongs to the physical page: [ 29.930950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b3d [ 29.931263] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.931405] page_type: f5(slab) [ 29.931671] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.931817] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.931861] page dumped because: kasan: bad access detected [ 29.932248] [ 29.932381] Memory state around the buggy address: [ 29.932725] fff00000c9b3d980: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 29.932837] fff00000c9b3da00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.932882] >fff00000c9b3da80: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 29.933310] ^ [ 29.933487] fff00000c9b3db00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.933565] fff00000c9b3db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.933680] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 29.890834] ================================================================== [ 29.890975] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 29.891329] Read of size 4 at addr fff00000c9b3d900 by task swapper/0/0 [ 29.891931] [ 29.891974] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.892065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.892145] Hardware name: linux,dummy-virt (DT) [ 29.892179] Call trace: [ 29.892314] show_stack+0x20/0x38 (C) [ 29.892401] dump_stack_lvl+0x8c/0xd0 [ 29.892450] print_report+0x118/0x608 [ 29.892733] kasan_report+0xdc/0x128 [ 29.892832] __asan_report_load4_noabort+0x20/0x30 [ 29.892886] rcu_uaf_reclaim+0x64/0x70 [ 29.892978] rcu_core+0x9f4/0x1e20 [ 29.893032] rcu_core_si+0x18/0x30 [ 29.893232] handle_softirqs+0x374/0xb28 [ 29.893304] __do_softirq+0x1c/0x28 [ 29.893364] ____do_softirq+0x18/0x30 [ 29.893641] call_on_irq_stack+0x24/0x30 [ 29.893766] do_softirq_own_stack+0x24/0x38 [ 29.893820] __irq_exit_rcu+0x1fc/0x318 [ 29.893868] irq_exit_rcu+0x1c/0x80 [ 29.894226] el1_interrupt+0x38/0x58 [ 29.894338] el1h_64_irq_handler+0x18/0x28 [ 29.894532] el1h_64_irq+0x6c/0x70 [ 29.894833] arch_local_irq_enable+0x4/0x8 (P) [ 29.895076] do_idle+0x384/0x4e8 [ 29.895387] cpu_startup_entry+0x68/0x80 [ 29.895646] rest_init+0x160/0x188 [ 29.895826] start_kernel+0x30c/0x3d0 [ 29.896174] __primary_switched+0x8c/0xa0 [ 29.896324] [ 29.896529] Allocated by task 231: [ 29.896708] kasan_save_stack+0x3c/0x68 [ 29.897360] kasan_save_track+0x20/0x40 [ 29.897537] kasan_save_alloc_info+0x40/0x58 [ 29.897588] __kasan_kmalloc+0xd4/0xd8 [ 29.897629] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.897671] rcu_uaf+0xb0/0x2d8 [ 29.897706] kunit_try_run_case+0x170/0x3f0 [ 29.897919] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.898135] kthread+0x328/0x630 [ 29.898345] ret_from_fork+0x10/0x20 [ 29.898533] [ 29.898689] Freed by task 0: [ 29.898721] kasan_save_stack+0x3c/0x68 [ 29.898795] kasan_save_track+0x20/0x40 [ 29.899005] kasan_save_free_info+0x4c/0x78 [ 29.899156] __kasan_slab_free+0x6c/0x98 [ 29.899202] kfree+0x214/0x3c8 [ 29.899239] rcu_uaf_reclaim+0x28/0x70 [ 29.899275] rcu_core+0x9f4/0x1e20 [ 29.899330] rcu_core_si+0x18/0x30 [ 29.899409] handle_softirqs+0x374/0xb28 [ 29.899450] __do_softirq+0x1c/0x28 [ 29.899484] [ 29.899540] Last potentially related work creation: [ 29.899601] kasan_save_stack+0x3c/0x68 [ 29.899655] kasan_record_aux_stack+0xb4/0xc8 [ 29.899692] __call_rcu_common.constprop.0+0x74/0x8c8 [ 29.899745] call_rcu+0x18/0x30 [ 29.899784] rcu_uaf+0x14c/0x2d8 [ 29.899818] kunit_try_run_case+0x170/0x3f0 [ 29.899859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.900457] kthread+0x328/0x630 [ 29.900525] ret_from_fork+0x10/0x20 [ 29.900921] [ 29.901399] The buggy address belongs to the object at fff00000c9b3d900 [ 29.901399] which belongs to the cache kmalloc-32 of size 32 [ 29.901966] The buggy address is located 0 bytes inside of [ 29.901966] freed 32-byte region [fff00000c9b3d900, fff00000c9b3d920) [ 29.902203] [ 29.902260] The buggy address belongs to the physical page: [ 29.902335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b3d [ 29.902497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.902551] page_type: f5(slab) [ 29.902593] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.902814] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.902984] page dumped because: kasan: bad access detected [ 29.903143] [ 29.903343] Memory state around the buggy address: [ 29.903462] fff00000c9b3d800: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.903536] fff00000c9b3d880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 29.903759] >fff00000c9b3d900: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 29.903924] ^ [ 29.904060] fff00000c9b3d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.904673] fff00000c9b3da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.904783] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 29.729604] ================================================================== [ 29.729693] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 29.729849] Read of size 1 at addr fff00000c9b7a000 by task kunit_try_catch/229 [ 29.729965] [ 29.729997] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.730206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.730237] Hardware name: linux,dummy-virt (DT) [ 29.730267] Call trace: [ 29.730291] show_stack+0x20/0x38 (C) [ 29.730391] dump_stack_lvl+0x8c/0xd0 [ 29.730507] print_report+0x118/0x608 [ 29.730653] kasan_report+0xdc/0x128 [ 29.730723] __kasan_check_byte+0x54/0x70 [ 29.730805] ksize+0x30/0x88 [ 29.730920] ksize_uaf+0x168/0x5f8 [ 29.731068] kunit_try_run_case+0x170/0x3f0 [ 29.731189] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.731283] kthread+0x328/0x630 [ 29.731491] ret_from_fork+0x10/0x20 [ 29.731689] [ 29.731747] Allocated by task 229: [ 29.731893] kasan_save_stack+0x3c/0x68 [ 29.732069] kasan_save_track+0x20/0x40 [ 29.732147] kasan_save_alloc_info+0x40/0x58 [ 29.732210] __kasan_kmalloc+0xd4/0xd8 [ 29.732258] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.732301] ksize_uaf+0xb8/0x5f8 [ 29.732335] kunit_try_run_case+0x170/0x3f0 [ 29.732375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.732628] kthread+0x328/0x630 [ 29.732737] ret_from_fork+0x10/0x20 [ 29.732809] [ 29.732884] Freed by task 229: [ 29.732977] kasan_save_stack+0x3c/0x68 [ 29.733064] kasan_save_track+0x20/0x40 [ 29.733212] kasan_save_free_info+0x4c/0x78 [ 29.733319] __kasan_slab_free+0x6c/0x98 [ 29.733560] kfree+0x214/0x3c8 [ 29.733680] ksize_uaf+0x11c/0x5f8 [ 29.733953] kunit_try_run_case+0x170/0x3f0 [ 29.734097] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.734196] kthread+0x328/0x630 [ 29.734312] ret_from_fork+0x10/0x20 [ 29.734433] [ 29.734479] The buggy address belongs to the object at fff00000c9b7a000 [ 29.734479] which belongs to the cache kmalloc-128 of size 128 [ 29.734540] The buggy address is located 0 bytes inside of [ 29.734540] freed 128-byte region [fff00000c9b7a000, fff00000c9b7a080) [ 29.734602] [ 29.734840] The buggy address belongs to the physical page: [ 29.734956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b7a [ 29.735052] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.735102] page_type: f5(slab) [ 29.735141] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.735192] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.735366] page dumped because: kasan: bad access detected [ 29.735426] [ 29.735504] Memory state around the buggy address: [ 29.735640] fff00000c9b79f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.735745] fff00000c9b79f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.735984] >fff00000c9b7a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.736044] ^ [ 29.736074] fff00000c9b7a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.736308] fff00000c9b7a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.736461] ================================================================== [ 29.749197] ================================================================== [ 29.749251] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 29.749302] Read of size 1 at addr fff00000c9b7a078 by task kunit_try_catch/229 [ 29.749362] [ 29.749392] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.749488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.749515] Hardware name: linux,dummy-virt (DT) [ 29.749546] Call trace: [ 29.749569] show_stack+0x20/0x38 (C) [ 29.749616] dump_stack_lvl+0x8c/0xd0 [ 29.749663] print_report+0x118/0x608 [ 29.749951] kasan_report+0xdc/0x128 [ 29.750197] __asan_report_load1_noabort+0x20/0x30 [ 29.750258] ksize_uaf+0x544/0x5f8 [ 29.750842] kunit_try_run_case+0x170/0x3f0 [ 29.751048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.751183] kthread+0x328/0x630 [ 29.751273] ret_from_fork+0x10/0x20 [ 29.751723] [ 29.751771] Allocated by task 229: [ 29.751837] kasan_save_stack+0x3c/0x68 [ 29.751951] kasan_save_track+0x20/0x40 [ 29.752057] kasan_save_alloc_info+0x40/0x58 [ 29.752203] __kasan_kmalloc+0xd4/0xd8 [ 29.752294] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.752352] ksize_uaf+0xb8/0x5f8 [ 29.752705] kunit_try_run_case+0x170/0x3f0 [ 29.752778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.752948] kthread+0x328/0x630 [ 29.753055] ret_from_fork+0x10/0x20 [ 29.753223] [ 29.753275] Freed by task 229: [ 29.753305] kasan_save_stack+0x3c/0x68 [ 29.753748] kasan_save_track+0x20/0x40 [ 29.753828] kasan_save_free_info+0x4c/0x78 [ 29.754455] __kasan_slab_free+0x6c/0x98 [ 29.754586] kfree+0x214/0x3c8 [ 29.754650] ksize_uaf+0x11c/0x5f8 [ 29.754728] kunit_try_run_case+0x170/0x3f0 [ 29.754802] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.754974] kthread+0x328/0x630 [ 29.755248] ret_from_fork+0x10/0x20 [ 29.755527] [ 29.755568] The buggy address belongs to the object at fff00000c9b7a000 [ 29.755568] which belongs to the cache kmalloc-128 of size 128 [ 29.755880] The buggy address is located 120 bytes inside of [ 29.755880] freed 128-byte region [fff00000c9b7a000, fff00000c9b7a080) [ 29.756081] [ 29.756160] The buggy address belongs to the physical page: [ 29.756393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b7a [ 29.756451] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.756648] page_type: f5(slab) [ 29.757129] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.757222] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.757359] page dumped because: kasan: bad access detected [ 29.757504] [ 29.757623] Memory state around the buggy address: [ 29.757923] fff00000c9b79f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.758051] fff00000c9b79f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.758418] >fff00000c9b7a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.758521] ^ [ 29.758567] fff00000c9b7a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.758645] fff00000c9b7a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.758733] ================================================================== [ 29.737841] ================================================================== [ 29.737895] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 29.737960] Read of size 1 at addr fff00000c9b7a000 by task kunit_try_catch/229 [ 29.738205] [ 29.738560] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.738698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.738755] Hardware name: linux,dummy-virt (DT) [ 29.738942] Call trace: [ 29.739092] show_stack+0x20/0x38 (C) [ 29.739208] dump_stack_lvl+0x8c/0xd0 [ 29.739552] print_report+0x118/0x608 [ 29.739637] kasan_report+0xdc/0x128 [ 29.739720] __asan_report_load1_noabort+0x20/0x30 [ 29.739785] ksize_uaf+0x598/0x5f8 [ 29.740071] kunit_try_run_case+0x170/0x3f0 [ 29.740199] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.740410] kthread+0x328/0x630 [ 29.740497] ret_from_fork+0x10/0x20 [ 29.740729] [ 29.740796] Allocated by task 229: [ 29.740828] kasan_save_stack+0x3c/0x68 [ 29.741166] kasan_save_track+0x20/0x40 [ 29.741250] kasan_save_alloc_info+0x40/0x58 [ 29.741358] __kasan_kmalloc+0xd4/0xd8 [ 29.741468] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.741568] ksize_uaf+0xb8/0x5f8 [ 29.742151] kunit_try_run_case+0x170/0x3f0 [ 29.742229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.742422] kthread+0x328/0x630 [ 29.742581] ret_from_fork+0x10/0x20 [ 29.742701] [ 29.742782] Freed by task 229: [ 29.742978] kasan_save_stack+0x3c/0x68 [ 29.743212] kasan_save_track+0x20/0x40 [ 29.743318] kasan_save_free_info+0x4c/0x78 [ 29.743461] __kasan_slab_free+0x6c/0x98 [ 29.743596] kfree+0x214/0x3c8 [ 29.743674] ksize_uaf+0x11c/0x5f8 [ 29.743767] kunit_try_run_case+0x170/0x3f0 [ 29.743953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.744031] kthread+0x328/0x630 [ 29.744065] ret_from_fork+0x10/0x20 [ 29.744240] [ 29.744418] The buggy address belongs to the object at fff00000c9b7a000 [ 29.744418] which belongs to the cache kmalloc-128 of size 128 [ 29.744598] The buggy address is located 0 bytes inside of [ 29.744598] freed 128-byte region [fff00000c9b7a000, fff00000c9b7a080) [ 29.744781] [ 29.744883] The buggy address belongs to the physical page: [ 29.745044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b7a [ 29.745143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.745376] page_type: f5(slab) [ 29.745446] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.745627] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.745757] page dumped because: kasan: bad access detected [ 29.745940] [ 29.746089] Memory state around the buggy address: [ 29.746123] fff00000c9b79f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.746166] fff00000c9b79f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.746521] >fff00000c9b7a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.746585] ^ [ 29.746625] fff00000c9b7a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.746723] fff00000c9b7a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.746765] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 29.715582] ================================================================== [ 29.715635] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 29.715736] Read of size 1 at addr fff00000c5a97f78 by task kunit_try_catch/227 [ 29.715787] [ 29.715816] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.715916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.715944] Hardware name: linux,dummy-virt (DT) [ 29.715983] Call trace: [ 29.716014] show_stack+0x20/0x38 (C) [ 29.716064] dump_stack_lvl+0x8c/0xd0 [ 29.716109] print_report+0x118/0x608 [ 29.716156] kasan_report+0xdc/0x128 [ 29.716200] __asan_report_load1_noabort+0x20/0x30 [ 29.716248] ksize_unpoisons_memory+0x618/0x740 [ 29.716304] kunit_try_run_case+0x170/0x3f0 [ 29.716356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.716408] kthread+0x328/0x630 [ 29.716451] ret_from_fork+0x10/0x20 [ 29.716497] [ 29.716516] Allocated by task 227: [ 29.716544] kasan_save_stack+0x3c/0x68 [ 29.716585] kasan_save_track+0x20/0x40 [ 29.716623] kasan_save_alloc_info+0x40/0x58 [ 29.716660] __kasan_kmalloc+0xd4/0xd8 [ 29.716700] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.716740] ksize_unpoisons_memory+0xc0/0x740 [ 29.716794] kunit_try_run_case+0x170/0x3f0 [ 29.716835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.716877] kthread+0x328/0x630 [ 29.716920] ret_from_fork+0x10/0x20 [ 29.716954] [ 29.716972] The buggy address belongs to the object at fff00000c5a97f00 [ 29.716972] which belongs to the cache kmalloc-128 of size 128 [ 29.717029] The buggy address is located 5 bytes to the right of [ 29.717029] allocated 115-byte region [fff00000c5a97f00, fff00000c5a97f73) [ 29.717093] [ 29.717114] The buggy address belongs to the physical page: [ 29.717144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.717532] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.717607] page_type: f5(slab) [ 29.717674] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.717761] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.717804] page dumped because: kasan: bad access detected [ 29.717837] [ 29.717905] Memory state around the buggy address: [ 29.717941] fff00000c5a97e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.717985] fff00000c5a97e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.718044] >fff00000c5a97f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.718083] ^ [ 29.718207] fff00000c5a97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.718281] fff00000c5a98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.718374] ================================================================== [ 29.718763] ================================================================== [ 29.718809] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 29.718859] Read of size 1 at addr fff00000c5a97f7f by task kunit_try_catch/227 [ 29.719033] [ 29.719082] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.719168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.719195] Hardware name: linux,dummy-virt (DT) [ 29.719262] Call trace: [ 29.719285] show_stack+0x20/0x38 (C) [ 29.719356] dump_stack_lvl+0x8c/0xd0 [ 29.719432] print_report+0x118/0x608 [ 29.719501] kasan_report+0xdc/0x128 [ 29.719549] __asan_report_load1_noabort+0x20/0x30 [ 29.719673] ksize_unpoisons_memory+0x690/0x740 [ 29.719845] kunit_try_run_case+0x170/0x3f0 [ 29.719939] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.720024] kthread+0x328/0x630 [ 29.720067] ret_from_fork+0x10/0x20 [ 29.720152] [ 29.720190] Allocated by task 227: [ 29.720247] kasan_save_stack+0x3c/0x68 [ 29.720288] kasan_save_track+0x20/0x40 [ 29.720563] kasan_save_alloc_info+0x40/0x58 [ 29.720619] __kasan_kmalloc+0xd4/0xd8 [ 29.720686] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.720745] ksize_unpoisons_memory+0xc0/0x740 [ 29.720826] kunit_try_run_case+0x170/0x3f0 [ 29.720882] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.720983] kthread+0x328/0x630 [ 29.721042] ret_from_fork+0x10/0x20 [ 29.721124] [ 29.721157] The buggy address belongs to the object at fff00000c5a97f00 [ 29.721157] which belongs to the cache kmalloc-128 of size 128 [ 29.721221] The buggy address is located 12 bytes to the right of [ 29.721221] allocated 115-byte region [fff00000c5a97f00, fff00000c5a97f73) [ 29.721295] [ 29.721595] The buggy address belongs to the physical page: [ 29.721672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.721869] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.721941] page_type: f5(slab) [ 29.721982] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.722049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.722313] page dumped because: kasan: bad access detected [ 29.722362] [ 29.722380] Memory state around the buggy address: [ 29.722486] fff00000c5a97e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.722642] fff00000c5a97e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.722729] >fff00000c5a97f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.722769] ^ [ 29.723115] fff00000c5a97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.723216] fff00000c5a98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.723255] ================================================================== [ 29.711702] ================================================================== [ 29.711795] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 29.711868] Read of size 1 at addr fff00000c5a97f73 by task kunit_try_catch/227 [ 29.711956] [ 29.712003] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.712117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.712174] Hardware name: linux,dummy-virt (DT) [ 29.712223] Call trace: [ 29.712293] show_stack+0x20/0x38 (C) [ 29.712410] dump_stack_lvl+0x8c/0xd0 [ 29.712505] print_report+0x118/0x608 [ 29.712561] kasan_report+0xdc/0x128 [ 29.712609] __asan_report_load1_noabort+0x20/0x30 [ 29.712657] ksize_unpoisons_memory+0x628/0x740 [ 29.712706] kunit_try_run_case+0x170/0x3f0 [ 29.712756] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.712815] kthread+0x328/0x630 [ 29.713023] ret_from_fork+0x10/0x20 [ 29.713090] [ 29.713110] Allocated by task 227: [ 29.713138] kasan_save_stack+0x3c/0x68 [ 29.713179] kasan_save_track+0x20/0x40 [ 29.713216] kasan_save_alloc_info+0x40/0x58 [ 29.713254] __kasan_kmalloc+0xd4/0xd8 [ 29.713292] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.713330] ksize_unpoisons_memory+0xc0/0x740 [ 29.713367] kunit_try_run_case+0x170/0x3f0 [ 29.713406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.713450] kthread+0x328/0x630 [ 29.713481] ret_from_fork+0x10/0x20 [ 29.713516] [ 29.713534] The buggy address belongs to the object at fff00000c5a97f00 [ 29.713534] which belongs to the cache kmalloc-128 of size 128 [ 29.713592] The buggy address is located 0 bytes to the right of [ 29.713592] allocated 115-byte region [fff00000c5a97f00, fff00000c5a97f73) [ 29.713653] [ 29.713674] The buggy address belongs to the physical page: [ 29.713717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.713766] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.713813] page_type: f5(slab) [ 29.713851] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.713909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.713971] page dumped because: kasan: bad access detected [ 29.714074] [ 29.714170] Memory state around the buggy address: [ 29.714278] fff00000c5a97e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.714361] fff00000c5a97e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.714418] >fff00000c5a97f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.714458] ^ [ 29.714523] fff00000c5a97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.714570] fff00000c5a98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.714608] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 29.698821] ================================================================== [ 29.698892] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 29.698958] Free of addr fff00000c5a48a40 by task kunit_try_catch/225 [ 29.699001] [ 29.699032] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.699288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.699384] Hardware name: linux,dummy-virt (DT) [ 29.699459] Call trace: [ 29.699529] show_stack+0x20/0x38 (C) [ 29.699593] dump_stack_lvl+0x8c/0xd0 [ 29.699640] print_report+0x118/0x608 [ 29.699715] kasan_report_invalid_free+0xc0/0xe8 [ 29.699767] check_slab_allocation+0xd4/0x108 [ 29.699853] __kasan_slab_pre_free+0x2c/0x48 [ 29.699916] kfree+0xe8/0x3c8 [ 29.700039] kfree_sensitive+0x3c/0xb0 [ 29.700115] kmalloc_double_kzfree+0x168/0x308 [ 29.700170] kunit_try_run_case+0x170/0x3f0 [ 29.700222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.700378] kthread+0x328/0x630 [ 29.700604] ret_from_fork+0x10/0x20 [ 29.700666] [ 29.700687] Allocated by task 225: [ 29.700744] kasan_save_stack+0x3c/0x68 [ 29.700793] kasan_save_track+0x20/0x40 [ 29.700857] kasan_save_alloc_info+0x40/0x58 [ 29.700914] __kasan_kmalloc+0xd4/0xd8 [ 29.700962] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.701029] kmalloc_double_kzfree+0xb8/0x308 [ 29.701070] kunit_try_run_case+0x170/0x3f0 [ 29.701121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.701187] kthread+0x328/0x630 [ 29.701222] ret_from_fork+0x10/0x20 [ 29.701259] [ 29.701345] Freed by task 225: [ 29.701373] kasan_save_stack+0x3c/0x68 [ 29.701412] kasan_save_track+0x20/0x40 [ 29.701450] kasan_save_free_info+0x4c/0x78 [ 29.701487] __kasan_slab_free+0x6c/0x98 [ 29.701642] kfree+0x214/0x3c8 [ 29.701684] kfree_sensitive+0x80/0xb0 [ 29.701729] kmalloc_double_kzfree+0x11c/0x308 [ 29.701919] kunit_try_run_case+0x170/0x3f0 [ 29.702154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.702207] kthread+0x328/0x630 [ 29.702239] ret_from_fork+0x10/0x20 [ 29.702276] [ 29.702297] The buggy address belongs to the object at fff00000c5a48a40 [ 29.702297] which belongs to the cache kmalloc-16 of size 16 [ 29.702380] The buggy address is located 0 bytes inside of [ 29.702380] 16-byte region [fff00000c5a48a40, fff00000c5a48a50) [ 29.702479] [ 29.702691] The buggy address belongs to the physical page: [ 29.702755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.702855] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.703048] page_type: f5(slab) [ 29.703125] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.703199] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.703309] page dumped because: kasan: bad access detected [ 29.703387] [ 29.703522] Memory state around the buggy address: [ 29.703557] fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.703617] fff00000c5a48980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.703800] >fff00000c5a48a00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 29.704088] ^ [ 29.704197] fff00000c5a48a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.704281] fff00000c5a48b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.704410] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 29.693138] ================================================================== [ 29.693252] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 29.693325] Read of size 1 at addr fff00000c5a48a40 by task kunit_try_catch/225 [ 29.693419] [ 29.693511] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.693599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.693624] Hardware name: linux,dummy-virt (DT) [ 29.693751] Call trace: [ 29.693805] show_stack+0x20/0x38 (C) [ 29.693858] dump_stack_lvl+0x8c/0xd0 [ 29.693925] print_report+0x118/0x608 [ 29.694001] kasan_report+0xdc/0x128 [ 29.694240] __kasan_check_byte+0x54/0x70 [ 29.694298] kfree_sensitive+0x30/0xb0 [ 29.694371] kmalloc_double_kzfree+0x168/0x308 [ 29.694422] kunit_try_run_case+0x170/0x3f0 [ 29.694482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.694538] kthread+0x328/0x630 [ 29.694590] ret_from_fork+0x10/0x20 [ 29.694638] [ 29.694671] Allocated by task 225: [ 29.694701] kasan_save_stack+0x3c/0x68 [ 29.694742] kasan_save_track+0x20/0x40 [ 29.694780] kasan_save_alloc_info+0x40/0x58 [ 29.694828] __kasan_kmalloc+0xd4/0xd8 [ 29.694887] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.694950] kmalloc_double_kzfree+0xb8/0x308 [ 29.694999] kunit_try_run_case+0x170/0x3f0 [ 29.695040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.695109] kthread+0x328/0x630 [ 29.695144] ret_from_fork+0x10/0x20 [ 29.695190] [ 29.695221] Freed by task 225: [ 29.695248] kasan_save_stack+0x3c/0x68 [ 29.695298] kasan_save_track+0x20/0x40 [ 29.695348] kasan_save_free_info+0x4c/0x78 [ 29.695384] __kasan_slab_free+0x6c/0x98 [ 29.695422] kfree+0x214/0x3c8 [ 29.695466] kfree_sensitive+0x80/0xb0 [ 29.695503] kmalloc_double_kzfree+0x11c/0x308 [ 29.695559] kunit_try_run_case+0x170/0x3f0 [ 29.695599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.695650] kthread+0x328/0x630 [ 29.695683] ret_from_fork+0x10/0x20 [ 29.695719] [ 29.695739] The buggy address belongs to the object at fff00000c5a48a40 [ 29.695739] which belongs to the cache kmalloc-16 of size 16 [ 29.695796] The buggy address is located 0 bytes inside of [ 29.695796] freed 16-byte region [fff00000c5a48a40, fff00000c5a48a50) [ 29.695857] [ 29.696171] The buggy address belongs to the physical page: [ 29.696261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.696360] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.696790] page_type: f5(slab) [ 29.696840] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.697214] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.697283] page dumped because: kasan: bad access detected [ 29.697378] [ 29.697441] Memory state around the buggy address: [ 29.697508] fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.697576] fff00000c5a48980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.697651] >fff00000c5a48a00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 29.697690] ^ [ 29.697753] fff00000c5a48a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697796] fff00000c5a48b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.698040] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 29.674577] ================================================================== [ 29.674762] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 29.674883] Read of size 1 at addr fff00000c9b70ba8 by task kunit_try_catch/221 [ 29.675027] [ 29.675085] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.675171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.675239] Hardware name: linux,dummy-virt (DT) [ 29.675277] Call trace: [ 29.675345] show_stack+0x20/0x38 (C) [ 29.675435] dump_stack_lvl+0x8c/0xd0 [ 29.675482] print_report+0x118/0x608 [ 29.675567] kasan_report+0xdc/0x128 [ 29.675614] __asan_report_load1_noabort+0x20/0x30 [ 29.675662] kmalloc_uaf2+0x3f4/0x468 [ 29.675815] kunit_try_run_case+0x170/0x3f0 [ 29.675869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.676024] kthread+0x328/0x630 [ 29.676066] ret_from_fork+0x10/0x20 [ 29.676113] [ 29.676130] Allocated by task 221: [ 29.676159] kasan_save_stack+0x3c/0x68 [ 29.676206] kasan_save_track+0x20/0x40 [ 29.676243] kasan_save_alloc_info+0x40/0x58 [ 29.676280] __kasan_kmalloc+0xd4/0xd8 [ 29.676318] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.676355] kmalloc_uaf2+0xc4/0x468 [ 29.676391] kunit_try_run_case+0x170/0x3f0 [ 29.676430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.676474] kthread+0x328/0x630 [ 29.676506] ret_from_fork+0x10/0x20 [ 29.676540] [ 29.676559] Freed by task 221: [ 29.676585] kasan_save_stack+0x3c/0x68 [ 29.676623] kasan_save_track+0x20/0x40 [ 29.676659] kasan_save_free_info+0x4c/0x78 [ 29.676696] __kasan_slab_free+0x6c/0x98 [ 29.676733] kfree+0x214/0x3c8 [ 29.676767] kmalloc_uaf2+0x134/0x468 [ 29.677762] kunit_try_run_case+0x170/0x3f0 [ 29.677812] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.677857] kthread+0x328/0x630 [ 29.677888] ret_from_fork+0x10/0x20 [ 29.677934] [ 29.677953] The buggy address belongs to the object at fff00000c9b70b80 [ 29.677953] which belongs to the cache kmalloc-64 of size 64 [ 29.678012] The buggy address is located 40 bytes inside of [ 29.678012] freed 64-byte region [fff00000c9b70b80, fff00000c9b70bc0) [ 29.678073] [ 29.678093] The buggy address belongs to the physical page: [ 29.678123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b70 [ 29.678174] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.678221] page_type: f5(slab) [ 29.678257] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.678308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.678348] page dumped because: kasan: bad access detected [ 29.678379] [ 29.678396] Memory state around the buggy address: [ 29.678427] fff00000c9b70a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.678469] fff00000c9b70b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.678513] >fff00000c9b70b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.678551] ^ [ 29.678583] fff00000c9b70c00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 29.678624] fff00000c9b70c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.678663] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 29.663192] ================================================================== [ 29.663261] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 29.663315] Write of size 33 at addr fff00000c9b70a00 by task kunit_try_catch/219 [ 29.663368] [ 29.663426] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.663549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.663605] Hardware name: linux,dummy-virt (DT) [ 29.663639] Call trace: [ 29.663660] show_stack+0x20/0x38 (C) [ 29.663707] dump_stack_lvl+0x8c/0xd0 [ 29.663754] print_report+0x118/0x608 [ 29.663799] kasan_report+0xdc/0x128 [ 29.664049] kasan_check_range+0x100/0x1a8 [ 29.664148] __asan_memset+0x34/0x78 [ 29.664191] kmalloc_uaf_memset+0x170/0x310 [ 29.664336] kunit_try_run_case+0x170/0x3f0 [ 29.664424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.664483] kthread+0x328/0x630 [ 29.664576] ret_from_fork+0x10/0x20 [ 29.664709] [ 29.664757] Allocated by task 219: [ 29.664818] kasan_save_stack+0x3c/0x68 [ 29.664859] kasan_save_track+0x20/0x40 [ 29.664909] kasan_save_alloc_info+0x40/0x58 [ 29.664946] __kasan_kmalloc+0xd4/0xd8 [ 29.665003] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.665067] kmalloc_uaf_memset+0xb8/0x310 [ 29.665180] kunit_try_run_case+0x170/0x3f0 [ 29.665220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.665302] kthread+0x328/0x630 [ 29.665337] ret_from_fork+0x10/0x20 [ 29.665420] [ 29.665457] Freed by task 219: [ 29.665485] kasan_save_stack+0x3c/0x68 [ 29.665525] kasan_save_track+0x20/0x40 [ 29.665561] kasan_save_free_info+0x4c/0x78 [ 29.665598] __kasan_slab_free+0x6c/0x98 [ 29.665658] kfree+0x214/0x3c8 [ 29.665739] kmalloc_uaf_memset+0x11c/0x310 [ 29.665876] kunit_try_run_case+0x170/0x3f0 [ 29.666040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.666231] kthread+0x328/0x630 [ 29.666376] ret_from_fork+0x10/0x20 [ 29.666515] [ 29.666564] The buggy address belongs to the object at fff00000c9b70a00 [ 29.666564] which belongs to the cache kmalloc-64 of size 64 [ 29.666624] The buggy address is located 0 bytes inside of [ 29.666624] freed 64-byte region [fff00000c9b70a00, fff00000c9b70a40) [ 29.666814] [ 29.666834] The buggy address belongs to the physical page: [ 29.666865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b70 [ 29.666928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.666975] page_type: f5(slab) [ 29.667012] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.667061] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.667174] page dumped because: kasan: bad access detected [ 29.667333] [ 29.667502] Memory state around the buggy address: [ 29.667630] fff00000c9b70900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.667792] fff00000c9b70980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.667842] >fff00000c9b70a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.668040] ^ [ 29.668070] fff00000c9b70a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.668113] fff00000c9b70b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.668151] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 29.656152] ================================================================== [ 29.656212] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 29.656262] Read of size 1 at addr fff00000c5a48a28 by task kunit_try_catch/217 [ 29.656311] [ 29.656341] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.656426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.656452] Hardware name: linux,dummy-virt (DT) [ 29.656484] Call trace: [ 29.656507] show_stack+0x20/0x38 (C) [ 29.656554] dump_stack_lvl+0x8c/0xd0 [ 29.656597] print_report+0x118/0x608 [ 29.656644] kasan_report+0xdc/0x128 [ 29.656688] __asan_report_load1_noabort+0x20/0x30 [ 29.656735] kmalloc_uaf+0x300/0x338 [ 29.656779] kunit_try_run_case+0x170/0x3f0 [ 29.656833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.656886] kthread+0x328/0x630 [ 29.656940] ret_from_fork+0x10/0x20 [ 29.656988] [ 29.657040] Allocated by task 217: [ 29.657080] kasan_save_stack+0x3c/0x68 [ 29.657133] kasan_save_track+0x20/0x40 [ 29.657172] kasan_save_alloc_info+0x40/0x58 [ 29.657210] __kasan_kmalloc+0xd4/0xd8 [ 29.657246] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.657286] kmalloc_uaf+0xb8/0x338 [ 29.657322] kunit_try_run_case+0x170/0x3f0 [ 29.657359] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.657414] kthread+0x328/0x630 [ 29.657446] ret_from_fork+0x10/0x20 [ 29.657486] [ 29.657507] Freed by task 217: [ 29.657533] kasan_save_stack+0x3c/0x68 [ 29.657571] kasan_save_track+0x20/0x40 [ 29.657608] kasan_save_free_info+0x4c/0x78 [ 29.657645] __kasan_slab_free+0x6c/0x98 [ 29.657683] kfree+0x214/0x3c8 [ 29.657716] kmalloc_uaf+0x11c/0x338 [ 29.657752] kunit_try_run_case+0x170/0x3f0 [ 29.657790] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.657835] kthread+0x328/0x630 [ 29.657869] ret_from_fork+0x10/0x20 [ 29.657915] [ 29.657933] The buggy address belongs to the object at fff00000c5a48a20 [ 29.657933] which belongs to the cache kmalloc-16 of size 16 [ 29.657990] The buggy address is located 8 bytes inside of [ 29.657990] freed 16-byte region [fff00000c5a48a20, fff00000c5a48a30) [ 29.658050] [ 29.658071] The buggy address belongs to the physical page: [ 29.658111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.658163] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.658216] page_type: f5(slab) [ 29.658253] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.658302] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.658343] page dumped because: kasan: bad access detected [ 29.658375] [ 29.658408] Memory state around the buggy address: [ 29.658441] fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.658484] fff00000c5a48980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.658526] >fff00000c5a48a00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.658564] ^ [ 29.658595] fff00000c5a48a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.658637] fff00000c5a48b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.658674] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 29.645422] ================================================================== [ 29.645518] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.645572] Read of size 64 at addr fff00000c9b70784 by task kunit_try_catch/215 [ 29.645621] [ 29.645650] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.645887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.645970] Hardware name: linux,dummy-virt (DT) [ 29.646002] Call trace: [ 29.646026] show_stack+0x20/0x38 (C) [ 29.646207] dump_stack_lvl+0x8c/0xd0 [ 29.646258] print_report+0x118/0x608 [ 29.646303] kasan_report+0xdc/0x128 [ 29.646348] kasan_check_range+0x100/0x1a8 [ 29.646393] __asan_memmove+0x3c/0x98 [ 29.646436] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.646600] kunit_try_run_case+0x170/0x3f0 [ 29.646708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.646812] kthread+0x328/0x630 [ 29.646895] ret_from_fork+0x10/0x20 [ 29.647047] [ 29.647166] Allocated by task 215: [ 29.647194] kasan_save_stack+0x3c/0x68 [ 29.647259] kasan_save_track+0x20/0x40 [ 29.647301] kasan_save_alloc_info+0x40/0x58 [ 29.647341] __kasan_kmalloc+0xd4/0xd8 [ 29.647584] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.647682] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 29.647771] kunit_try_run_case+0x170/0x3f0 [ 29.647862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.648006] kthread+0x328/0x630 [ 29.648109] ret_from_fork+0x10/0x20 [ 29.648148] [ 29.648168] The buggy address belongs to the object at fff00000c9b70780 [ 29.648168] which belongs to the cache kmalloc-64 of size 64 [ 29.648226] The buggy address is located 4 bytes inside of [ 29.648226] allocated 64-byte region [fff00000c9b70780, fff00000c9b707c0) [ 29.648288] [ 29.648319] The buggy address belongs to the physical page: [ 29.648364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b70 [ 29.648433] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.648481] page_type: f5(slab) [ 29.648520] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.648580] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.648622] page dumped because: kasan: bad access detected [ 29.648655] [ 29.648673] Memory state around the buggy address: [ 29.648720] fff00000c9b70680: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.648773] fff00000c9b70700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.648820] >fff00000c9b70780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.648866] ^ [ 29.648912] fff00000c9b70800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.648953] fff00000c9b70880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.648991] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 29.636000] ================================================================== [ 29.636066] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 29.636118] Read of size 18446744073709551614 at addr fff00000c9b70584 by task kunit_try_catch/213 [ 29.636479] [ 29.636561] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.636650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.636676] Hardware name: linux,dummy-virt (DT) [ 29.636707] Call trace: [ 29.636729] show_stack+0x20/0x38 (C) [ 29.636783] dump_stack_lvl+0x8c/0xd0 [ 29.637073] print_report+0x118/0x608 [ 29.637131] kasan_report+0xdc/0x128 [ 29.637177] kasan_check_range+0x100/0x1a8 [ 29.637222] __asan_memmove+0x3c/0x98 [ 29.637264] kmalloc_memmove_negative_size+0x154/0x2e0 [ 29.637351] kunit_try_run_case+0x170/0x3f0 [ 29.637400] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.637455] kthread+0x328/0x630 [ 29.637497] ret_from_fork+0x10/0x20 [ 29.637591] [ 29.637640] Allocated by task 213: [ 29.637668] kasan_save_stack+0x3c/0x68 [ 29.637710] kasan_save_track+0x20/0x40 [ 29.637749] kasan_save_alloc_info+0x40/0x58 [ 29.637785] __kasan_kmalloc+0xd4/0xd8 [ 29.637823] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.637947] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 29.638178] kunit_try_run_case+0x170/0x3f0 [ 29.638417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.638465] kthread+0x328/0x630 [ 29.638498] ret_from_fork+0x10/0x20 [ 29.638558] [ 29.638577] The buggy address belongs to the object at fff00000c9b70580 [ 29.638577] which belongs to the cache kmalloc-64 of size 64 [ 29.638672] The buggy address is located 4 bytes inside of [ 29.638672] 64-byte region [fff00000c9b70580, fff00000c9b705c0) [ 29.638731] [ 29.638751] The buggy address belongs to the physical page: [ 29.638783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b70 [ 29.638836] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.639010] page_type: f5(slab) [ 29.639147] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.639224] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.639338] page dumped because: kasan: bad access detected [ 29.639421] [ 29.639441] Memory state around the buggy address: [ 29.639477] fff00000c9b70480: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 29.639560] fff00000c9b70500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.639603] >fff00000c9b70580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.639660] ^ [ 29.639690] fff00000c9b70600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.639732] fff00000c9b70680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.639884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 29.627251] ================================================================== [ 29.627320] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 29.627418] Write of size 16 at addr fff00000c5a97e69 by task kunit_try_catch/211 [ 29.627499] [ 29.627576] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.627684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.627711] Hardware name: linux,dummy-virt (DT) [ 29.627779] Call trace: [ 29.627828] show_stack+0x20/0x38 (C) [ 29.628050] dump_stack_lvl+0x8c/0xd0 [ 29.628152] print_report+0x118/0x608 [ 29.628206] kasan_report+0xdc/0x128 [ 29.628252] kasan_check_range+0x100/0x1a8 [ 29.628297] __asan_memset+0x34/0x78 [ 29.628466] kmalloc_oob_memset_16+0x150/0x2f8 [ 29.628613] kunit_try_run_case+0x170/0x3f0 [ 29.628753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.628810] kthread+0x328/0x630 [ 29.628851] ret_from_fork+0x10/0x20 [ 29.628895] [ 29.628968] Allocated by task 211: [ 29.629003] kasan_save_stack+0x3c/0x68 [ 29.629093] kasan_save_track+0x20/0x40 [ 29.629185] kasan_save_alloc_info+0x40/0x58 [ 29.629262] __kasan_kmalloc+0xd4/0xd8 [ 29.629347] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.629387] kmalloc_oob_memset_16+0xb0/0x2f8 [ 29.629483] kunit_try_run_case+0x170/0x3f0 [ 29.629571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.629618] kthread+0x328/0x630 [ 29.629652] ret_from_fork+0x10/0x20 [ 29.629687] [ 29.629717] The buggy address belongs to the object at fff00000c5a97e00 [ 29.629717] which belongs to the cache kmalloc-128 of size 128 [ 29.629776] The buggy address is located 105 bytes inside of [ 29.629776] allocated 120-byte region [fff00000c5a97e00, fff00000c5a97e78) [ 29.629837] [ 29.629858] The buggy address belongs to the physical page: [ 29.629922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.629995] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.630255] page_type: f5(slab) [ 29.630311] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.630466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.630626] page dumped because: kasan: bad access detected [ 29.630658] [ 29.630683] Memory state around the buggy address: [ 29.630715] fff00000c5a97d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.630912] fff00000c5a97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.630956] >fff00000c5a97e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.630993] ^ [ 29.631033] fff00000c5a97e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.631158] fff00000c5a97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.631288] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 29.617570] ================================================================== [ 29.617625] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 29.617673] Write of size 8 at addr fff00000c5a97d71 by task kunit_try_catch/209 [ 29.617728] [ 29.617850] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.618025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.618181] Hardware name: linux,dummy-virt (DT) [ 29.618211] Call trace: [ 29.618233] show_stack+0x20/0x38 (C) [ 29.618281] dump_stack_lvl+0x8c/0xd0 [ 29.618324] print_report+0x118/0x608 [ 29.618369] kasan_report+0xdc/0x128 [ 29.618414] kasan_check_range+0x100/0x1a8 [ 29.618457] __asan_memset+0x34/0x78 [ 29.618498] kmalloc_oob_memset_8+0x150/0x2f8 [ 29.618624] kunit_try_run_case+0x170/0x3f0 [ 29.618810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.618875] kthread+0x328/0x630 [ 29.619047] ret_from_fork+0x10/0x20 [ 29.619094] [ 29.619113] Allocated by task 209: [ 29.619139] kasan_save_stack+0x3c/0x68 [ 29.619179] kasan_save_track+0x20/0x40 [ 29.619216] kasan_save_alloc_info+0x40/0x58 [ 29.619322] __kasan_kmalloc+0xd4/0xd8 [ 29.619380] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.619509] kmalloc_oob_memset_8+0xb0/0x2f8 [ 29.619566] kunit_try_run_case+0x170/0x3f0 [ 29.619747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.619894] kthread+0x328/0x630 [ 29.619936] ret_from_fork+0x10/0x20 [ 29.619971] [ 29.619990] The buggy address belongs to the object at fff00000c5a97d00 [ 29.619990] which belongs to the cache kmalloc-128 of size 128 [ 29.620045] The buggy address is located 113 bytes inside of [ 29.620045] allocated 120-byte region [fff00000c5a97d00, fff00000c5a97d78) [ 29.620317] [ 29.620600] The buggy address belongs to the physical page: [ 29.620697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.620761] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.620905] page_type: f5(slab) [ 29.621018] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.621106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.621270] page dumped because: kasan: bad access detected [ 29.621301] [ 29.621355] Memory state around the buggy address: [ 29.621385] fff00000c5a97c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.621813] fff00000c5a97c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.622137] >fff00000c5a97d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.622218] ^ [ 29.622325] fff00000c5a97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.622511] fff00000c5a97e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.622790] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 29.610814] ================================================================== [ 29.610961] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 29.611014] Write of size 4 at addr fff00000c5a97c75 by task kunit_try_catch/207 [ 29.611062] [ 29.611092] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.611250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.611279] Hardware name: linux,dummy-virt (DT) [ 29.611336] Call trace: [ 29.611478] show_stack+0x20/0x38 (C) [ 29.611526] dump_stack_lvl+0x8c/0xd0 [ 29.611569] print_report+0x118/0x608 [ 29.611641] kasan_report+0xdc/0x128 [ 29.611686] kasan_check_range+0x100/0x1a8 [ 29.611729] __asan_memset+0x34/0x78 [ 29.611777] kmalloc_oob_memset_4+0x150/0x300 [ 29.611828] kunit_try_run_case+0x170/0x3f0 [ 29.611876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.611939] kthread+0x328/0x630 [ 29.611980] ret_from_fork+0x10/0x20 [ 29.612215] [ 29.612243] Allocated by task 207: [ 29.612284] kasan_save_stack+0x3c/0x68 [ 29.612326] kasan_save_track+0x20/0x40 [ 29.612562] kasan_save_alloc_info+0x40/0x58 [ 29.612612] __kasan_kmalloc+0xd4/0xd8 [ 29.612649] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.612714] kmalloc_oob_memset_4+0xb0/0x300 [ 29.612808] kunit_try_run_case+0x170/0x3f0 [ 29.612847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.613107] kthread+0x328/0x630 [ 29.613145] ret_from_fork+0x10/0x20 [ 29.613180] [ 29.613200] The buggy address belongs to the object at fff00000c5a97c00 [ 29.613200] which belongs to the cache kmalloc-128 of size 128 [ 29.613256] The buggy address is located 117 bytes inside of [ 29.613256] allocated 120-byte region [fff00000c5a97c00, fff00000c5a97c78) [ 29.613315] [ 29.613335] The buggy address belongs to the physical page: [ 29.613365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.613413] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.613458] page_type: f5(slab) [ 29.613494] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.613541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.613581] page dumped because: kasan: bad access detected [ 29.613611] [ 29.613629] Memory state around the buggy address: [ 29.613658] fff00000c5a97b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.613699] fff00000c5a97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614343] >fff00000c5a97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.614384] ^ [ 29.614423] fff00000c5a97c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614463] fff00000c5a97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614499] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 29.601319] ================================================================== [ 29.601378] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 29.601427] Write of size 2 at addr fff00000c5a97b77 by task kunit_try_catch/205 [ 29.601475] [ 29.601547] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.601684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.601877] Hardware name: linux,dummy-virt (DT) [ 29.601965] Call trace: [ 29.602088] show_stack+0x20/0x38 (C) [ 29.602137] dump_stack_lvl+0x8c/0xd0 [ 29.602209] print_report+0x118/0x608 [ 29.602255] kasan_report+0xdc/0x128 [ 29.602300] kasan_check_range+0x100/0x1a8 [ 29.602575] __asan_memset+0x34/0x78 [ 29.602720] kmalloc_oob_memset_2+0x150/0x2f8 [ 29.602786] kunit_try_run_case+0x170/0x3f0 [ 29.602998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.603215] kthread+0x328/0x630 [ 29.603359] ret_from_fork+0x10/0x20 [ 29.603435] [ 29.603454] Allocated by task 205: [ 29.603480] kasan_save_stack+0x3c/0x68 [ 29.603521] kasan_save_track+0x20/0x40 [ 29.603693] kasan_save_alloc_info+0x40/0x58 [ 29.603827] __kasan_kmalloc+0xd4/0xd8 [ 29.603925] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.603966] kmalloc_oob_memset_2+0xb0/0x2f8 [ 29.604003] kunit_try_run_case+0x170/0x3f0 [ 29.604053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.604106] kthread+0x328/0x630 [ 29.604138] ret_from_fork+0x10/0x20 [ 29.604189] [ 29.604208] The buggy address belongs to the object at fff00000c5a97b00 [ 29.604208] which belongs to the cache kmalloc-128 of size 128 [ 29.604264] The buggy address is located 119 bytes inside of [ 29.604264] allocated 120-byte region [fff00000c5a97b00, fff00000c5a97b78) [ 29.604324] [ 29.604345] The buggy address belongs to the physical page: [ 29.604394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.604454] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.604507] page_type: f5(slab) [ 29.604545] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.604592] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.604631] page dumped because: kasan: bad access detected [ 29.604670] [ 29.604688] Memory state around the buggy address: [ 29.604718] fff00000c5a97a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.604760] fff00000c5a97a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.604805] >fff00000c5a97b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.604842] ^ [ 29.604891] fff00000c5a97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.604942] fff00000c5a97c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.604978] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 29.581505] ================================================================== [ 29.581644] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 29.581732] Write of size 128 at addr fff00000c5a97a00 by task kunit_try_catch/203 [ 29.581955] [ 29.582090] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.582436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.582545] Hardware name: linux,dummy-virt (DT) [ 29.582620] Call trace: [ 29.582645] show_stack+0x20/0x38 (C) [ 29.582742] dump_stack_lvl+0x8c/0xd0 [ 29.582788] print_report+0x118/0x608 [ 29.582835] kasan_report+0xdc/0x128 [ 29.582887] kasan_check_range+0x100/0x1a8 [ 29.582941] __asan_memset+0x34/0x78 [ 29.585721] kmalloc_oob_in_memset+0x144/0x2d0 [ 29.585824] kunit_try_run_case+0x170/0x3f0 [ 29.586159] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.586283] kthread+0x328/0x630 [ 29.588172] ret_from_fork+0x10/0x20 [ 29.588918] [ 29.588947] Allocated by task 203: [ 29.588977] kasan_save_stack+0x3c/0x68 [ 29.589021] kasan_save_track+0x20/0x40 [ 29.589059] kasan_save_alloc_info+0x40/0x58 [ 29.589098] __kasan_kmalloc+0xd4/0xd8 [ 29.589136] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.589177] kmalloc_oob_in_memset+0xb0/0x2d0 [ 29.589215] kunit_try_run_case+0x170/0x3f0 [ 29.590681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.592342] kthread+0x328/0x630 [ 29.592440] ret_from_fork+0x10/0x20 [ 29.592655] [ 29.592728] The buggy address belongs to the object at fff00000c5a97a00 [ 29.592728] which belongs to the cache kmalloc-128 of size 128 [ 29.592882] The buggy address is located 0 bytes inside of [ 29.592882] allocated 120-byte region [fff00000c5a97a00, fff00000c5a97a78) [ 29.593032] [ 29.593135] The buggy address belongs to the physical page: [ 29.593166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.593241] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.593498] page_type: f5(slab) [ 29.594088] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.594195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.594316] page dumped because: kasan: bad access detected [ 29.594603] [ 29.594623] Memory state around the buggy address: [ 29.594654] fff00000c5a97900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.594708] fff00000c5a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.594749] >fff00000c5a97a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.594925] ^ [ 29.594966] fff00000c5a97a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.595007] fff00000c5a97b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.595165] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 29.568412] ================================================================== [ 29.568537] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 29.568592] Read of size 16 at addr fff00000c5a48a00 by task kunit_try_catch/201 [ 29.568855] [ 29.568947] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.569050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.569142] Hardware name: linux,dummy-virt (DT) [ 29.569222] Call trace: [ 29.569247] show_stack+0x20/0x38 (C) [ 29.569331] dump_stack_lvl+0x8c/0xd0 [ 29.569377] print_report+0x118/0x608 [ 29.569423] kasan_report+0xdc/0x128 [ 29.569611] __asan_report_load16_noabort+0x20/0x30 [ 29.569693] kmalloc_uaf_16+0x3bc/0x438 [ 29.569876] kunit_try_run_case+0x170/0x3f0 [ 29.570022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.570076] kthread+0x328/0x630 [ 29.570126] ret_from_fork+0x10/0x20 [ 29.570173] [ 29.570192] Allocated by task 201: [ 29.570220] kasan_save_stack+0x3c/0x68 [ 29.570418] kasan_save_track+0x20/0x40 [ 29.570492] kasan_save_alloc_info+0x40/0x58 [ 29.570623] __kasan_kmalloc+0xd4/0xd8 [ 29.570829] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.570909] kmalloc_uaf_16+0x140/0x438 [ 29.571103] kunit_try_run_case+0x170/0x3f0 [ 29.571294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.571348] kthread+0x328/0x630 [ 29.571524] ret_from_fork+0x10/0x20 [ 29.571683] [ 29.571787] Freed by task 201: [ 29.571916] kasan_save_stack+0x3c/0x68 [ 29.572011] kasan_save_track+0x20/0x40 [ 29.572076] kasan_save_free_info+0x4c/0x78 [ 29.572182] __kasan_slab_free+0x6c/0x98 [ 29.572223] kfree+0x214/0x3c8 [ 29.572294] kmalloc_uaf_16+0x190/0x438 [ 29.572561] kunit_try_run_case+0x170/0x3f0 [ 29.572692] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.572788] kthread+0x328/0x630 [ 29.572950] ret_from_fork+0x10/0x20 [ 29.573181] [ 29.573231] The buggy address belongs to the object at fff00000c5a48a00 [ 29.573231] which belongs to the cache kmalloc-16 of size 16 [ 29.573297] The buggy address is located 0 bytes inside of [ 29.573297] freed 16-byte region [fff00000c5a48a00, fff00000c5a48a10) [ 29.573362] [ 29.573383] The buggy address belongs to the physical page: [ 29.573591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.573768] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.573882] page_type: f5(slab) [ 29.574049] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.574204] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.574302] page dumped because: kasan: bad access detected [ 29.574461] [ 29.574481] Memory state around the buggy address: [ 29.574512] fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.574697] fff00000c5a48980: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 29.574868] >fff00000c5a48a00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.574975] ^ [ 29.575082] fff00000c5a48a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.575169] fff00000c5a48b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.575282] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 29.555667] ================================================================== [ 29.555799] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 29.555852] Write of size 16 at addr fff00000c5a489a0 by task kunit_try_catch/199 [ 29.555915] [ 29.556139] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.556356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.556424] Hardware name: linux,dummy-virt (DT) [ 29.556642] Call trace: [ 29.556699] show_stack+0x20/0x38 (C) [ 29.556942] dump_stack_lvl+0x8c/0xd0 [ 29.556996] print_report+0x118/0x608 [ 29.557049] kasan_report+0xdc/0x128 [ 29.557278] __asan_report_store16_noabort+0x20/0x30 [ 29.557671] kmalloc_oob_16+0x3a0/0x3f8 [ 29.557739] kunit_try_run_case+0x170/0x3f0 [ 29.557869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.557935] kthread+0x328/0x630 [ 29.557977] ret_from_fork+0x10/0x20 [ 29.558024] [ 29.558042] Allocated by task 199: [ 29.558069] kasan_save_stack+0x3c/0x68 [ 29.558109] kasan_save_track+0x20/0x40 [ 29.558146] kasan_save_alloc_info+0x40/0x58 [ 29.558181] __kasan_kmalloc+0xd4/0xd8 [ 29.558218] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.558546] kmalloc_oob_16+0xb4/0x3f8 [ 29.558613] kunit_try_run_case+0x170/0x3f0 [ 29.558741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.558906] kthread+0x328/0x630 [ 29.558984] ret_from_fork+0x10/0x20 [ 29.559150] [ 29.559233] The buggy address belongs to the object at fff00000c5a489a0 [ 29.559233] which belongs to the cache kmalloc-16 of size 16 [ 29.559312] The buggy address is located 0 bytes inside of [ 29.559312] allocated 13-byte region [fff00000c5a489a0, fff00000c5a489ad) [ 29.559653] [ 29.559747] The buggy address belongs to the physical page: [ 29.559885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.560281] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.560376] page_type: f5(slab) [ 29.560446] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.560610] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.560802] page dumped because: kasan: bad access detected [ 29.560875] [ 29.560981] Memory state around the buggy address: [ 29.561062] fff00000c5a48880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.561193] fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.561292] >fff00000c5a48980: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 29.561413] ^ [ 29.561541] fff00000c5a48a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.561615] fff00000c5a48a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.561654] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 29.532512] ================================================================== [ 29.532605] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 29.532658] Read of size 1 at addr fff00000c907f200 by task kunit_try_catch/197 [ 29.532707] [ 29.532739] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.532829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.532855] Hardware name: linux,dummy-virt (DT) [ 29.532885] Call trace: [ 29.533217] show_stack+0x20/0x38 (C) [ 29.533378] dump_stack_lvl+0x8c/0xd0 [ 29.533425] print_report+0x118/0x608 [ 29.533679] kasan_report+0xdc/0x128 [ 29.533818] __kasan_check_byte+0x54/0x70 [ 29.533868] krealloc_noprof+0x44/0x360 [ 29.534043] krealloc_uaf+0x180/0x520 [ 29.534093] kunit_try_run_case+0x170/0x3f0 [ 29.534153] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.534407] kthread+0x328/0x630 [ 29.534591] ret_from_fork+0x10/0x20 [ 29.534804] [ 29.534906] Allocated by task 197: [ 29.534980] kasan_save_stack+0x3c/0x68 [ 29.535268] kasan_save_track+0x20/0x40 [ 29.535370] kasan_save_alloc_info+0x40/0x58 [ 29.535498] __kasan_kmalloc+0xd4/0xd8 [ 29.535654] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.535784] krealloc_uaf+0xc8/0x520 [ 29.535846] kunit_try_run_case+0x170/0x3f0 [ 29.536137] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.536243] kthread+0x328/0x630 [ 29.536342] ret_from_fork+0x10/0x20 [ 29.536413] [ 29.536643] Freed by task 197: [ 29.536999] kasan_save_stack+0x3c/0x68 [ 29.537147] kasan_save_track+0x20/0x40 [ 29.537308] kasan_save_free_info+0x4c/0x78 [ 29.537471] __kasan_slab_free+0x6c/0x98 [ 29.537550] kfree+0x214/0x3c8 [ 29.537641] krealloc_uaf+0x12c/0x520 [ 29.537691] kunit_try_run_case+0x170/0x3f0 [ 29.537830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.537882] kthread+0x328/0x630 [ 29.537926] ret_from_fork+0x10/0x20 [ 29.537980] [ 29.538004] The buggy address belongs to the object at fff00000c907f200 [ 29.538004] which belongs to the cache kmalloc-256 of size 256 [ 29.538241] The buggy address is located 0 bytes inside of [ 29.538241] freed 256-byte region [fff00000c907f200, fff00000c907f300) [ 29.538531] [ 29.538655] The buggy address belongs to the physical page: [ 29.538815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.538890] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.538976] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.539068] page_type: f5(slab) [ 29.539116] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.539175] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.539229] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.539285] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.539333] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.539389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.539428] page dumped because: kasan: bad access detected [ 29.539487] [ 29.539526] Memory state around the buggy address: [ 29.539557] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539598] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539639] >fff00000c907f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.539683] ^ [ 29.539711] fff00000c907f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.539763] fff00000c907f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539801] ================================================================== [ 29.541492] ================================================================== [ 29.541752] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 29.541814] Read of size 1 at addr fff00000c907f200 by task kunit_try_catch/197 [ 29.541959] [ 29.541990] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.542216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.542422] Hardware name: linux,dummy-virt (DT) [ 29.542546] Call trace: [ 29.542637] show_stack+0x20/0x38 (C) [ 29.542728] dump_stack_lvl+0x8c/0xd0 [ 29.542916] print_report+0x118/0x608 [ 29.543089] kasan_report+0xdc/0x128 [ 29.543227] __asan_report_load1_noabort+0x20/0x30 [ 29.543485] krealloc_uaf+0x4c8/0x520 [ 29.543664] kunit_try_run_case+0x170/0x3f0 [ 29.543841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.543992] kthread+0x328/0x630 [ 29.544212] ret_from_fork+0x10/0x20 [ 29.544373] [ 29.544394] Allocated by task 197: [ 29.544422] kasan_save_stack+0x3c/0x68 [ 29.544651] kasan_save_track+0x20/0x40 [ 29.544821] kasan_save_alloc_info+0x40/0x58 [ 29.544932] __kasan_kmalloc+0xd4/0xd8 [ 29.545095] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.545257] krealloc_uaf+0xc8/0x520 [ 29.545356] kunit_try_run_case+0x170/0x3f0 [ 29.545439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.545802] kthread+0x328/0x630 [ 29.545966] ret_from_fork+0x10/0x20 [ 29.546054] [ 29.546143] Freed by task 197: [ 29.546274] kasan_save_stack+0x3c/0x68 [ 29.546380] kasan_save_track+0x20/0x40 [ 29.546506] kasan_save_free_info+0x4c/0x78 [ 29.546780] __kasan_slab_free+0x6c/0x98 [ 29.546834] kfree+0x214/0x3c8 [ 29.546867] krealloc_uaf+0x12c/0x520 [ 29.546915] kunit_try_run_case+0x170/0x3f0 [ 29.546953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.547023] kthread+0x328/0x630 [ 29.547171] ret_from_fork+0x10/0x20 [ 29.547296] [ 29.547470] The buggy address belongs to the object at fff00000c907f200 [ 29.547470] which belongs to the cache kmalloc-256 of size 256 [ 29.547670] The buggy address is located 0 bytes inside of [ 29.547670] freed 256-byte region [fff00000c907f200, fff00000c907f300) [ 29.547842] [ 29.548272] The buggy address belongs to the physical page: [ 29.548342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.548471] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.548518] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.548568] page_type: f5(slab) [ 29.548615] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.548663] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.548712] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.548759] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.548823] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.548879] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.548948] page dumped because: kasan: bad access detected [ 29.549233] [ 29.549280] Memory state around the buggy address: [ 29.549376] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.549420] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.549766] >fff00000c907f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.549810] ^ [ 29.549840] fff00000c907f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.550026] fff00000c907f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.550069] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 29.416116] ================================================================== [ 29.416267] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.416503] Write of size 1 at addr fff00000c907f0ea by task kunit_try_catch/191 [ 29.416558] [ 29.416596] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.416678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.416703] Hardware name: linux,dummy-virt (DT) [ 29.416733] Call trace: [ 29.416963] show_stack+0x20/0x38 (C) [ 29.417092] dump_stack_lvl+0x8c/0xd0 [ 29.417170] print_report+0x118/0x608 [ 29.417244] kasan_report+0xdc/0x128 [ 29.417380] __asan_report_store1_noabort+0x20/0x30 [ 29.417436] krealloc_less_oob_helper+0xae4/0xc50 [ 29.417503] krealloc_less_oob+0x20/0x38 [ 29.417556] kunit_try_run_case+0x170/0x3f0 [ 29.417723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.418004] kthread+0x328/0x630 [ 29.418292] ret_from_fork+0x10/0x20 [ 29.418389] [ 29.418539] Allocated by task 191: [ 29.418626] kasan_save_stack+0x3c/0x68 [ 29.418751] kasan_save_track+0x20/0x40 [ 29.418851] kasan_save_alloc_info+0x40/0x58 [ 29.419027] __kasan_krealloc+0x118/0x178 [ 29.419066] krealloc_noprof+0x128/0x360 [ 29.419133] krealloc_less_oob_helper+0x168/0xc50 [ 29.419326] krealloc_less_oob+0x20/0x38 [ 29.419512] kunit_try_run_case+0x170/0x3f0 [ 29.419675] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.419744] kthread+0x328/0x630 [ 29.419875] ret_from_fork+0x10/0x20 [ 29.419982] [ 29.420096] The buggy address belongs to the object at fff00000c907f000 [ 29.420096] which belongs to the cache kmalloc-256 of size 256 [ 29.420538] The buggy address is located 33 bytes to the right of [ 29.420538] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.420716] [ 29.420777] The buggy address belongs to the physical page: [ 29.420849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.420995] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.421094] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.421157] page_type: f5(slab) [ 29.421412] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.421492] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.421661] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.421830] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.421908] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.421966] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.422015] page dumped because: kasan: bad access detected [ 29.422047] [ 29.422065] Memory state around the buggy address: [ 29.422112] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422169] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.422220] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.422256] ^ [ 29.422293] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422340] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422378] ================================================================== [ 29.487405] ================================================================== [ 29.487461] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.487515] Write of size 1 at addr fff00000c9a5a0c9 by task kunit_try_catch/195 [ 29.487564] [ 29.488131] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.488229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.488255] Hardware name: linux,dummy-virt (DT) [ 29.488456] Call trace: [ 29.488484] show_stack+0x20/0x38 (C) [ 29.488537] dump_stack_lvl+0x8c/0xd0 [ 29.488629] print_report+0x118/0x608 [ 29.488706] kasan_report+0xdc/0x128 [ 29.488752] __asan_report_store1_noabort+0x20/0x30 [ 29.489154] krealloc_less_oob_helper+0xa48/0xc50 [ 29.489205] krealloc_large_less_oob+0x20/0x38 [ 29.489625] kunit_try_run_case+0x170/0x3f0 [ 29.489702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.489805] kthread+0x328/0x630 [ 29.489846] ret_from_fork+0x10/0x20 [ 29.490350] [ 29.490387] The buggy address belongs to the physical page: [ 29.490419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.490473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.490520] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.490570] page_type: f8(unknown) [ 29.490609] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.490968] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.491021] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.491068] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.491247] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.491632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.491688] page dumped because: kasan: bad access detected [ 29.492049] [ 29.492189] Memory state around the buggy address: [ 29.492332] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.492378] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.492421] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.492960] ^ [ 29.493033] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.493508] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.493651] ================================================================== [ 29.422824] ================================================================== [ 29.422869] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.423259] Write of size 1 at addr fff00000c907f0eb by task kunit_try_catch/191 [ 29.423645] [ 29.423689] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.423772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.423807] Hardware name: linux,dummy-virt (DT) [ 29.423910] Call trace: [ 29.424063] show_stack+0x20/0x38 (C) [ 29.424117] dump_stack_lvl+0x8c/0xd0 [ 29.424161] print_report+0x118/0x608 [ 29.424214] kasan_report+0xdc/0x128 [ 29.424260] __asan_report_store1_noabort+0x20/0x30 [ 29.424306] krealloc_less_oob_helper+0xa58/0xc50 [ 29.424496] krealloc_less_oob+0x20/0x38 [ 29.424583] kunit_try_run_case+0x170/0x3f0 [ 29.424681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.424767] kthread+0x328/0x630 [ 29.424978] ret_from_fork+0x10/0x20 [ 29.425035] [ 29.425219] Allocated by task 191: [ 29.425314] kasan_save_stack+0x3c/0x68 [ 29.425367] kasan_save_track+0x20/0x40 [ 29.425463] kasan_save_alloc_info+0x40/0x58 [ 29.425504] __kasan_krealloc+0x118/0x178 [ 29.425542] krealloc_noprof+0x128/0x360 [ 29.425580] krealloc_less_oob_helper+0x168/0xc50 [ 29.425781] krealloc_less_oob+0x20/0x38 [ 29.425933] kunit_try_run_case+0x170/0x3f0 [ 29.426002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.426241] kthread+0x328/0x630 [ 29.426560] ret_from_fork+0x10/0x20 [ 29.426706] [ 29.426777] The buggy address belongs to the object at fff00000c907f000 [ 29.426777] which belongs to the cache kmalloc-256 of size 256 [ 29.426972] The buggy address is located 34 bytes to the right of [ 29.426972] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.427042] [ 29.427063] The buggy address belongs to the physical page: [ 29.427094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.427268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.427565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.427739] page_type: f5(slab) [ 29.427982] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.428086] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.428194] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.428347] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.428481] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.428621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.428777] page dumped because: kasan: bad access detected [ 29.429022] [ 29.429112] Memory state around the buggy address: [ 29.429273] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.429440] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.429581] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.429620] ^ [ 29.429808] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.432793] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.433748] ================================================================== [ 29.411018] ================================================================== [ 29.411260] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.411345] Write of size 1 at addr fff00000c907f0da by task kunit_try_catch/191 [ 29.411439] [ 29.411486] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.411576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.411602] Hardware name: linux,dummy-virt (DT) [ 29.411632] Call trace: [ 29.411654] show_stack+0x20/0x38 (C) [ 29.411723] dump_stack_lvl+0x8c/0xd0 [ 29.411768] print_report+0x118/0x608 [ 29.411814] kasan_report+0xdc/0x128 [ 29.411858] __asan_report_store1_noabort+0x20/0x30 [ 29.411972] krealloc_less_oob_helper+0xa80/0xc50 [ 29.412051] krealloc_less_oob+0x20/0x38 [ 29.412135] kunit_try_run_case+0x170/0x3f0 [ 29.412221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.412274] kthread+0x328/0x630 [ 29.412374] ret_from_fork+0x10/0x20 [ 29.412470] [ 29.412489] Allocated by task 191: [ 29.412589] kasan_save_stack+0x3c/0x68 [ 29.412646] kasan_save_track+0x20/0x40 [ 29.412703] kasan_save_alloc_info+0x40/0x58 [ 29.412840] __kasan_krealloc+0x118/0x178 [ 29.412916] krealloc_noprof+0x128/0x360 [ 29.412982] krealloc_less_oob_helper+0x168/0xc50 [ 29.413071] krealloc_less_oob+0x20/0x38 [ 29.413108] kunit_try_run_case+0x170/0x3f0 [ 29.413171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.413235] kthread+0x328/0x630 [ 29.413472] ret_from_fork+0x10/0x20 [ 29.413548] [ 29.413596] The buggy address belongs to the object at fff00000c907f000 [ 29.413596] which belongs to the cache kmalloc-256 of size 256 [ 29.413653] The buggy address is located 17 bytes to the right of [ 29.413653] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.414003] [ 29.414036] The buggy address belongs to the physical page: [ 29.414106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.414281] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.414375] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.414432] page_type: f5(slab) [ 29.414469] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.414517] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.414964] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.415060] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.415175] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.415226] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.415265] page dumped because: kasan: bad access detected [ 29.415305] [ 29.415323] Memory state around the buggy address: [ 29.415355] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415405] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.415460] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.415498] ^ [ 29.415535] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415577] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.415626] ================================================================== [ 29.502475] ================================================================== [ 29.502524] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.502832] Write of size 1 at addr fff00000c9a5a0da by task kunit_try_catch/195 [ 29.503116] [ 29.503388] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.503571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.503598] Hardware name: linux,dummy-virt (DT) [ 29.503627] Call trace: [ 29.503648] show_stack+0x20/0x38 (C) [ 29.503697] dump_stack_lvl+0x8c/0xd0 [ 29.504226] print_report+0x118/0x608 [ 29.504292] kasan_report+0xdc/0x128 [ 29.504339] __asan_report_store1_noabort+0x20/0x30 [ 29.504398] krealloc_less_oob_helper+0xa80/0xc50 [ 29.504791] krealloc_large_less_oob+0x20/0x38 [ 29.505086] kunit_try_run_case+0x170/0x3f0 [ 29.505142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.505201] kthread+0x328/0x630 [ 29.505518] ret_from_fork+0x10/0x20 [ 29.505781] [ 29.505814] The buggy address belongs to the physical page: [ 29.505844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.505913] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.505968] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.506018] page_type: f8(unknown) [ 29.506055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.506646] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.506997] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.507047] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.507275] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.507328] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.507389] page dumped because: kasan: bad access detected [ 29.507542] [ 29.507561] Memory state around the buggy address: [ 29.507917] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.508190] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.508235] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.508272] ^ [ 29.508376] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.508418] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.508456] ================================================================== [ 29.510111] ================================================================== [ 29.510167] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.510215] Write of size 1 at addr fff00000c9a5a0ea by task kunit_try_catch/195 [ 29.510263] [ 29.510378] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.510529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.510838] Hardware name: linux,dummy-virt (DT) [ 29.511018] Call trace: [ 29.511074] show_stack+0x20/0x38 (C) [ 29.511262] dump_stack_lvl+0x8c/0xd0 [ 29.511312] print_report+0x118/0x608 [ 29.511604] kasan_report+0xdc/0x128 [ 29.511653] __asan_report_store1_noabort+0x20/0x30 [ 29.511700] krealloc_less_oob_helper+0xae4/0xc50 [ 29.511749] krealloc_large_less_oob+0x20/0x38 [ 29.511795] kunit_try_run_case+0x170/0x3f0 [ 29.511845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.512246] kthread+0x328/0x630 [ 29.512307] ret_from_fork+0x10/0x20 [ 29.512355] [ 29.512375] The buggy address belongs to the physical page: [ 29.512539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.513075] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.513122] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.513659] page_type: f8(unknown) [ 29.513845] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.513905] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.514038] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.514099] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.514147] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.514661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.514744] page dumped because: kasan: bad access detected [ 29.514775] [ 29.514793] Memory state around the buggy address: [ 29.514823] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.514865] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.514915] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.514954] ^ [ 29.514991] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.515031] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.515408] ================================================================== [ 29.399214] ================================================================== [ 29.399293] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.399381] Write of size 1 at addr fff00000c907f0c9 by task kunit_try_catch/191 [ 29.399432] [ 29.399461] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.399570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.399598] Hardware name: linux,dummy-virt (DT) [ 29.399627] Call trace: [ 29.399649] show_stack+0x20/0x38 (C) [ 29.399697] dump_stack_lvl+0x8c/0xd0 [ 29.399741] print_report+0x118/0x608 [ 29.399808] kasan_report+0xdc/0x128 [ 29.399853] __asan_report_store1_noabort+0x20/0x30 [ 29.399969] krealloc_less_oob_helper+0xa48/0xc50 [ 29.400056] krealloc_less_oob+0x20/0x38 [ 29.400103] kunit_try_run_case+0x170/0x3f0 [ 29.400176] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.400230] kthread+0x328/0x630 [ 29.400309] ret_from_fork+0x10/0x20 [ 29.400355] [ 29.400373] Allocated by task 191: [ 29.400400] kasan_save_stack+0x3c/0x68 [ 29.400593] kasan_save_track+0x20/0x40 [ 29.400698] kasan_save_alloc_info+0x40/0x58 [ 29.400850] __kasan_krealloc+0x118/0x178 [ 29.400888] krealloc_noprof+0x128/0x360 [ 29.400936] krealloc_less_oob_helper+0x168/0xc50 [ 29.401029] krealloc_less_oob+0x20/0x38 [ 29.401105] kunit_try_run_case+0x170/0x3f0 [ 29.401143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.401185] kthread+0x328/0x630 [ 29.401310] ret_from_fork+0x10/0x20 [ 29.401347] [ 29.401373] The buggy address belongs to the object at fff00000c907f000 [ 29.401373] which belongs to the cache kmalloc-256 of size 256 [ 29.401448] The buggy address is located 0 bytes to the right of [ 29.401448] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.401577] [ 29.401657] The buggy address belongs to the physical page: [ 29.401947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.402008] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.402072] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.402121] page_type: f5(slab) [ 29.402351] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.402526] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.402729] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.402829] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.403096] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.403196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.403320] page dumped because: kasan: bad access detected [ 29.403412] [ 29.403465] Memory state around the buggy address: [ 29.403549] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.403643] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.403732] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.403785] ^ [ 29.403913] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.403962] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.404146] ================================================================== [ 29.406065] ================================================================== [ 29.406112] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.406398] Write of size 1 at addr fff00000c907f0d0 by task kunit_try_catch/191 [ 29.406462] [ 29.406492] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.406595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.406621] Hardware name: linux,dummy-virt (DT) [ 29.406650] Call trace: [ 29.406672] show_stack+0x20/0x38 (C) [ 29.406720] dump_stack_lvl+0x8c/0xd0 [ 29.406955] print_report+0x118/0x608 [ 29.407035] kasan_report+0xdc/0x128 [ 29.407142] __asan_report_store1_noabort+0x20/0x30 [ 29.407208] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.407321] krealloc_less_oob+0x20/0x38 [ 29.407396] kunit_try_run_case+0x170/0x3f0 [ 29.407509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.407562] kthread+0x328/0x630 [ 29.407609] ret_from_fork+0x10/0x20 [ 29.407655] [ 29.407673] Allocated by task 191: [ 29.407709] kasan_save_stack+0x3c/0x68 [ 29.407749] kasan_save_track+0x20/0x40 [ 29.407823] kasan_save_alloc_info+0x40/0x58 [ 29.407974] __kasan_krealloc+0x118/0x178 [ 29.408017] krealloc_noprof+0x128/0x360 [ 29.408054] krealloc_less_oob_helper+0x168/0xc50 [ 29.408092] krealloc_less_oob+0x20/0x38 [ 29.408152] kunit_try_run_case+0x170/0x3f0 [ 29.408257] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.408301] kthread+0x328/0x630 [ 29.408333] ret_from_fork+0x10/0x20 [ 29.408367] [ 29.408385] The buggy address belongs to the object at fff00000c907f000 [ 29.408385] which belongs to the cache kmalloc-256 of size 256 [ 29.408478] The buggy address is located 7 bytes to the right of [ 29.408478] allocated 201-byte region [fff00000c907f000, fff00000c907f0c9) [ 29.408586] [ 29.408634] The buggy address belongs to the physical page: [ 29.408672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.408727] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.408772] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.408979] page_type: f5(slab) [ 29.409016] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.409090] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.409139] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.409201] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.409287] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.409337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.409376] page dumped because: kasan: bad access detected [ 29.409624] [ 29.409663] Memory state around the buggy address: [ 29.409789] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.409859] fff00000c907f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.410004] >fff00000c907f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.410085] ^ [ 29.410190] fff00000c907f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.410313] fff00000c907f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.410398] ================================================================== [ 29.516531] ================================================================== [ 29.516578] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.516626] Write of size 1 at addr fff00000c9a5a0eb by task kunit_try_catch/195 [ 29.516675] [ 29.516703] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.517050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.517685] Hardware name: linux,dummy-virt (DT) [ 29.517736] Call trace: [ 29.517758] show_stack+0x20/0x38 (C) [ 29.517816] dump_stack_lvl+0x8c/0xd0 [ 29.517861] print_report+0x118/0x608 [ 29.518238] kasan_report+0xdc/0x128 [ 29.518510] __asan_report_store1_noabort+0x20/0x30 [ 29.518559] krealloc_less_oob_helper+0xa58/0xc50 [ 29.519079] krealloc_large_less_oob+0x20/0x38 [ 29.519251] kunit_try_run_case+0x170/0x3f0 [ 29.519301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.519353] kthread+0x328/0x630 [ 29.519394] ret_from_fork+0x10/0x20 [ 29.519944] [ 29.520209] The buggy address belongs to the physical page: [ 29.520241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.520547] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.520594] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.520646] page_type: f8(unknown) [ 29.520683] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.521188] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.521663] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.521933] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.522199] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.522250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.522289] page dumped because: kasan: bad access detected [ 29.522319] [ 29.522446] Memory state around the buggy address: [ 29.522489] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.522532] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.522847] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.523110] ^ [ 29.523253] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.523554] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.523603] ================================================================== [ 29.495562] ================================================================== [ 29.495609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.495658] Write of size 1 at addr fff00000c9a5a0d0 by task kunit_try_catch/195 [ 29.495705] [ 29.495734] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.495814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.495841] Hardware name: linux,dummy-virt (DT) [ 29.496331] Call trace: [ 29.496518] show_stack+0x20/0x38 (C) [ 29.496570] dump_stack_lvl+0x8c/0xd0 [ 29.497005] print_report+0x118/0x608 [ 29.497063] kasan_report+0xdc/0x128 [ 29.497337] __asan_report_store1_noabort+0x20/0x30 [ 29.497406] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.497454] krealloc_large_less_oob+0x20/0x38 [ 29.497501] kunit_try_run_case+0x170/0x3f0 [ 29.497550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.497809] kthread+0x328/0x630 [ 29.497868] ret_from_fork+0x10/0x20 [ 29.497929] [ 29.497951] The buggy address belongs to the physical page: [ 29.498023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58 [ 29.498093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.498139] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.498188] page_type: f8(unknown) [ 29.498398] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.498884] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.498947] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.498994] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.499506] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff [ 29.499975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.500026] page dumped because: kasan: bad access detected [ 29.500352] [ 29.500372] Memory state around the buggy address: [ 29.500533] fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.500686] fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.500728] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.500766] ^ [ 29.500809] fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.500851] fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.501430] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 29.468282] ================================================================== [ 29.468335] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 29.468792] Write of size 1 at addr fff00000c9a560f0 by task kunit_try_catch/193 [ 29.468862] [ 29.468893] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.469486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.469526] Hardware name: linux,dummy-virt (DT) [ 29.469556] Call trace: [ 29.469578] show_stack+0x20/0x38 (C) [ 29.469751] dump_stack_lvl+0x8c/0xd0 [ 29.469996] print_report+0x118/0x608 [ 29.470065] kasan_report+0xdc/0x128 [ 29.470110] __asan_report_store1_noabort+0x20/0x30 [ 29.470157] krealloc_more_oob_helper+0x5c0/0x678 [ 29.470205] krealloc_large_more_oob+0x20/0x38 [ 29.470252] kunit_try_run_case+0x170/0x3f0 [ 29.470685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.470860] kthread+0x328/0x630 [ 29.470917] ret_from_fork+0x10/0x20 [ 29.471073] [ 29.471221] The buggy address belongs to the physical page: [ 29.471252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54 [ 29.471548] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.471593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.472017] page_type: f8(unknown) [ 29.472065] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.472493] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.472546] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.472942] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.473207] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff [ 29.473260] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.473681] page dumped because: kasan: bad access detected [ 29.474090] [ 29.474120] Memory state around the buggy address: [ 29.474175] fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.474218] fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.474420] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 29.474461] ^ [ 29.474500] fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.474562] fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.474599] ================================================================== [ 29.389662] ================================================================== [ 29.389781] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 29.389936] Write of size 1 at addr fff00000c907eef0 by task kunit_try_catch/189 [ 29.389997] [ 29.390026] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.390127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.390153] Hardware name: linux,dummy-virt (DT) [ 29.390207] Call trace: [ 29.390230] show_stack+0x20/0x38 (C) [ 29.390279] dump_stack_lvl+0x8c/0xd0 [ 29.390324] print_report+0x118/0x608 [ 29.390370] kasan_report+0xdc/0x128 [ 29.390555] __asan_report_store1_noabort+0x20/0x30 [ 29.390686] krealloc_more_oob_helper+0x5c0/0x678 [ 29.390736] krealloc_more_oob+0x20/0x38 [ 29.390781] kunit_try_run_case+0x170/0x3f0 [ 29.390828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.391090] kthread+0x328/0x630 [ 29.391190] ret_from_fork+0x10/0x20 [ 29.391289] [ 29.391396] Allocated by task 189: [ 29.391458] kasan_save_stack+0x3c/0x68 [ 29.391539] kasan_save_track+0x20/0x40 [ 29.391576] kasan_save_alloc_info+0x40/0x58 [ 29.391614] __kasan_krealloc+0x118/0x178 [ 29.391670] krealloc_noprof+0x128/0x360 [ 29.391707] krealloc_more_oob_helper+0x168/0x678 [ 29.391747] krealloc_more_oob+0x20/0x38 [ 29.391782] kunit_try_run_case+0x170/0x3f0 [ 29.391819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.391862] kthread+0x328/0x630 [ 29.391967] ret_from_fork+0x10/0x20 [ 29.392052] [ 29.392071] The buggy address belongs to the object at fff00000c907ee00 [ 29.392071] which belongs to the cache kmalloc-256 of size 256 [ 29.392167] The buggy address is located 5 bytes to the right of [ 29.392167] allocated 235-byte region [fff00000c907ee00, fff00000c907eeeb) [ 29.392320] [ 29.392399] The buggy address belongs to the physical page: [ 29.392446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.392639] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.392844] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.392993] page_type: f5(slab) [ 29.393059] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.393178] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.393280] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.393340] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.393485] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.393600] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.393732] page dumped because: kasan: bad access detected [ 29.393798] [ 29.393815] Memory state around the buggy address: [ 29.394004] fff00000c907ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.394069] fff00000c907ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.394148] >fff00000c907ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 29.394278] ^ [ 29.394332] fff00000c907ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.394372] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.394419] ================================================================== [ 29.385205] ================================================================== [ 29.385308] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 29.385372] Write of size 1 at addr fff00000c907eeeb by task kunit_try_catch/189 [ 29.385421] [ 29.385565] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.385694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.385857] Hardware name: linux,dummy-virt (DT) [ 29.385932] Call trace: [ 29.386012] show_stack+0x20/0x38 (C) [ 29.386144] dump_stack_lvl+0x8c/0xd0 [ 29.386201] print_report+0x118/0x608 [ 29.386344] kasan_report+0xdc/0x128 [ 29.386436] __asan_report_store1_noabort+0x20/0x30 [ 29.386484] krealloc_more_oob_helper+0x60c/0x678 [ 29.386549] krealloc_more_oob+0x20/0x38 [ 29.386594] kunit_try_run_case+0x170/0x3f0 [ 29.386642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.386694] kthread+0x328/0x630 [ 29.386851] ret_from_fork+0x10/0x20 [ 29.387131] [ 29.387247] Allocated by task 189: [ 29.387325] kasan_save_stack+0x3c/0x68 [ 29.387431] kasan_save_track+0x20/0x40 [ 29.387498] kasan_save_alloc_info+0x40/0x58 [ 29.387533] __kasan_krealloc+0x118/0x178 [ 29.387570] krealloc_noprof+0x128/0x360 [ 29.387625] krealloc_more_oob_helper+0x168/0x678 [ 29.387665] krealloc_more_oob+0x20/0x38 [ 29.387720] kunit_try_run_case+0x170/0x3f0 [ 29.387885] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.387994] kthread+0x328/0x630 [ 29.388109] ret_from_fork+0x10/0x20 [ 29.388152] [ 29.388171] The buggy address belongs to the object at fff00000c907ee00 [ 29.388171] which belongs to the cache kmalloc-256 of size 256 [ 29.388228] The buggy address is located 0 bytes to the right of [ 29.388228] allocated 235-byte region [fff00000c907ee00, fff00000c907eeeb) [ 29.388289] [ 29.388327] The buggy address belongs to the physical page: [ 29.388359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e [ 29.388429] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.388482] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.388545] page_type: f5(slab) [ 29.388582] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.388631] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.388679] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.388727] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000 [ 29.388774] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff [ 29.388853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.388891] page dumped because: kasan: bad access detected [ 29.388929] [ 29.388947] Memory state around the buggy address: [ 29.388977] fff00000c907ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.389040] fff00000c907ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.389096] >fff00000c907ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 29.389146] ^ [ 29.389182] fff00000c907ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.389222] fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.389258] ================================================================== [ 29.458451] ================================================================== [ 29.458519] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 29.458573] Write of size 1 at addr fff00000c9a560eb by task kunit_try_catch/193 [ 29.458665] [ 29.458697] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.458830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.460163] Hardware name: linux,dummy-virt (DT) [ 29.460451] Call trace: [ 29.460750] show_stack+0x20/0x38 (C) [ 29.460844] dump_stack_lvl+0x8c/0xd0 [ 29.461312] print_report+0x118/0x608 [ 29.461436] kasan_report+0xdc/0x128 [ 29.461662] __asan_report_store1_noabort+0x20/0x30 [ 29.462062] krealloc_more_oob_helper+0x60c/0x678 [ 29.462123] krealloc_large_more_oob+0x20/0x38 [ 29.462171] kunit_try_run_case+0x170/0x3f0 [ 29.462482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.462544] kthread+0x328/0x630 [ 29.462587] ret_from_fork+0x10/0x20 [ 29.462643] [ 29.462664] The buggy address belongs to the physical page: [ 29.463015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54 [ 29.463295] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.463346] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.463398] page_type: f8(unknown) [ 29.463948] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.464044] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.464563] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.465014] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.465494] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff [ 29.465840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.466180] page dumped because: kasan: bad access detected [ 29.466214] [ 29.466233] Memory state around the buggy address: [ 29.466356] fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.466403] fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.466445] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 29.466582] ^ [ 29.466626] fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.467054] fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.467276] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 29.379017] ================================================================== [ 29.379113] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 29.379165] Read of size 1 at addr fff00000c9b60000 by task kunit_try_catch/187 [ 29.379214] [ 29.379244] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.379324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.379350] Hardware name: linux,dummy-virt (DT) [ 29.379427] Call trace: [ 29.379450] show_stack+0x20/0x38 (C) [ 29.379498] dump_stack_lvl+0x8c/0xd0 [ 29.379544] print_report+0x118/0x608 [ 29.379590] kasan_report+0xdc/0x128 [ 29.379634] __asan_report_load1_noabort+0x20/0x30 [ 29.379682] page_alloc_uaf+0x328/0x350 [ 29.379763] kunit_try_run_case+0x170/0x3f0 [ 29.379818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.379872] kthread+0x328/0x630 [ 29.379971] ret_from_fork+0x10/0x20 [ 29.380032] [ 29.380071] The buggy address belongs to the physical page: [ 29.380177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b60 [ 29.380245] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.380291] page_type: f0(buddy) [ 29.380328] raw: 0bfffe0000000000 fff00000ff616148 fff00000ff616148 0000000000000000 [ 29.380457] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 29.380586] page dumped because: kasan: bad access detected [ 29.380617] [ 29.380688] Memory state around the buggy address: [ 29.380769] fff00000c9b5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.380821] fff00000c9b5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.380914] >fff00000c9b60000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.380969] ^ [ 29.380998] fff00000c9b60080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.381076] fff00000c9b60100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.381115] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 29.365447] ================================================================== [ 29.365529] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 29.365587] Free of addr fff00000c9a54001 by task kunit_try_catch/183 [ 29.365631] [ 29.365662] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.365802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.366057] Hardware name: linux,dummy-virt (DT) [ 29.366165] Call trace: [ 29.366281] show_stack+0x20/0x38 (C) [ 29.366446] dump_stack_lvl+0x8c/0xd0 [ 29.366561] print_report+0x118/0x608 [ 29.366707] kasan_report_invalid_free+0xc0/0xe8 [ 29.366778] __kasan_kfree_large+0x5c/0xa8 [ 29.366827] free_large_kmalloc+0x68/0x150 [ 29.366873] kfree+0x270/0x3c8 [ 29.366926] kmalloc_large_invalid_free+0x108/0x270 [ 29.366975] kunit_try_run_case+0x170/0x3f0 [ 29.367023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.367075] kthread+0x328/0x630 [ 29.367147] ret_from_fork+0x10/0x20 [ 29.367195] [ 29.367216] The buggy address belongs to the physical page: [ 29.367246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54 [ 29.367346] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.367427] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.367488] page_type: f8(unknown) [ 29.367542] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.367629] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.367757] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.367844] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.367917] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff [ 29.368015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.368065] page dumped because: kasan: bad access detected [ 29.368131] [ 29.368211] Memory state around the buggy address: [ 29.368328] fff00000c9a53f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.368391] fff00000c9a53f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.368432] >fff00000c9a54000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.368468] ^ [ 29.368495] fff00000c9a54080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.368535] fff00000c9a54100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.368581] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 29.358075] ================================================================== [ 29.358138] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 29.358187] Read of size 1 at addr fff00000c9a50000 by task kunit_try_catch/181 [ 29.358235] [ 29.358265] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.358349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.358391] Hardware name: linux,dummy-virt (DT) [ 29.358441] Call trace: [ 29.358542] show_stack+0x20/0x38 (C) [ 29.358629] dump_stack_lvl+0x8c/0xd0 [ 29.358674] print_report+0x118/0x608 [ 29.358745] kasan_report+0xdc/0x128 [ 29.358811] __asan_report_load1_noabort+0x20/0x30 [ 29.358867] kmalloc_large_uaf+0x2cc/0x2f8 [ 29.359004] kunit_try_run_case+0x170/0x3f0 [ 29.359063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.359116] kthread+0x328/0x630 [ 29.359175] ret_from_fork+0x10/0x20 [ 29.359288] [ 29.359336] The buggy address belongs to the physical page: [ 29.359413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a50 [ 29.359463] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.359521] raw: 0bfffe0000000000 ffffc1ffc3269508 fff00000da45cc40 0000000000000000 [ 29.359569] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.359607] page dumped because: kasan: bad access detected [ 29.359637] [ 29.359654] Memory state around the buggy address: [ 29.361713] fff00000c9a4ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.361767] fff00000c9a4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.361809] >fff00000c9a50000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.361845] ^ [ 29.361873] fff00000c9a50080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.361923] fff00000c9a50100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.361959] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 29.351150] ================================================================== [ 29.351245] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 29.351307] Write of size 1 at addr fff00000c9a5200a by task kunit_try_catch/179 [ 29.351373] [ 29.351430] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.351541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.351567] Hardware name: linux,dummy-virt (DT) [ 29.351597] Call trace: [ 29.351618] show_stack+0x20/0x38 (C) [ 29.351763] dump_stack_lvl+0x8c/0xd0 [ 29.351930] print_report+0x118/0x608 [ 29.352011] kasan_report+0xdc/0x128 [ 29.352063] __asan_report_store1_noabort+0x20/0x30 [ 29.352150] kmalloc_large_oob_right+0x278/0x2b8 [ 29.352217] kunit_try_run_case+0x170/0x3f0 [ 29.352292] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.352391] kthread+0x328/0x630 [ 29.352433] ret_from_fork+0x10/0x20 [ 29.352478] [ 29.352566] The buggy address belongs to the physical page: [ 29.352735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a50 [ 29.352807] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.352880] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.352964] page_type: f8(unknown) [ 29.353003] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.353159] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.353237] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.353330] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.353419] head: 0bfffe0000000002 ffffc1ffc3269401 00000000ffffffff 00000000ffffffff [ 29.353466] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.353554] page dumped because: kasan: bad access detected [ 29.353631] [ 29.353670] Memory state around the buggy address: [ 29.353701] fff00000c9a51f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.353784] fff00000c9a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.353878] >fff00000c9a52000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.353981] ^ [ 29.354040] fff00000c9a52080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.354141] fff00000c9a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.354266] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 29.341382] ================================================================== [ 29.341443] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 29.341493] Write of size 1 at addr fff00000c65edf00 by task kunit_try_catch/177 [ 29.341572] [ 29.341610] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.341695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.341741] Hardware name: linux,dummy-virt (DT) [ 29.341772] Call trace: [ 29.341955] show_stack+0x20/0x38 (C) [ 29.342009] dump_stack_lvl+0x8c/0xd0 [ 29.342053] print_report+0x118/0x608 [ 29.342098] kasan_report+0xdc/0x128 [ 29.342142] __asan_report_store1_noabort+0x20/0x30 [ 29.342189] kmalloc_big_oob_right+0x2a4/0x2f0 [ 29.342234] kunit_try_run_case+0x170/0x3f0 [ 29.342281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.342360] kthread+0x328/0x630 [ 29.342484] ret_from_fork+0x10/0x20 [ 29.342588] [ 29.342697] Allocated by task 177: [ 29.342796] kasan_save_stack+0x3c/0x68 [ 29.342838] kasan_save_track+0x20/0x40 [ 29.342877] kasan_save_alloc_info+0x40/0x58 [ 29.342924] __kasan_kmalloc+0xd4/0xd8 [ 29.342961] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.343158] kmalloc_big_oob_right+0xb8/0x2f0 [ 29.343271] kunit_try_run_case+0x170/0x3f0 [ 29.343398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.343524] kthread+0x328/0x630 [ 29.343639] ret_from_fork+0x10/0x20 [ 29.343677] [ 29.343697] The buggy address belongs to the object at fff00000c65ec000 [ 29.343697] which belongs to the cache kmalloc-8k of size 8192 [ 29.343875] The buggy address is located 0 bytes to the right of [ 29.343875] allocated 7936-byte region [fff00000c65ec000, fff00000c65edf00) [ 29.343948] [ 29.343969] The buggy address belongs to the physical page: [ 29.344000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8 [ 29.344068] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.344166] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.344250] page_type: f5(slab) [ 29.344288] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 29.344372] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 29.344420] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 29.344467] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 29.344703] head: 0bfffe0000000003 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff [ 29.344772] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 29.344892] page dumped because: kasan: bad access detected [ 29.345044] [ 29.345073] Memory state around the buggy address: [ 29.345104] fff00000c65ede00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.345208] fff00000c65ede80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.345371] >fff00000c65edf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.345509] ^ [ 29.345662] fff00000c65edf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.345784] fff00000c65ee000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.345878] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 29.310029] ================================================================== [ 29.310092] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.310146] Write of size 1 at addr fff00000c5a97878 by task kunit_try_catch/175 [ 29.310196] [ 29.310228] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.310311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.310337] Hardware name: linux,dummy-virt (DT) [ 29.310369] Call trace: [ 29.310482] show_stack+0x20/0x38 (C) [ 29.310532] dump_stack_lvl+0x8c/0xd0 [ 29.310577] print_report+0x118/0x608 [ 29.310632] kasan_report+0xdc/0x128 [ 29.310679] __asan_report_store1_noabort+0x20/0x30 [ 29.311106] kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.311550] kunit_try_run_case+0x170/0x3f0 [ 29.311630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.311684] kthread+0x328/0x630 [ 29.311726] ret_from_fork+0x10/0x20 [ 29.311784] [ 29.311804] Allocated by task 175: [ 29.311832] kasan_save_stack+0x3c/0x68 [ 29.312020] kasan_save_track+0x20/0x40 [ 29.312217] kasan_save_alloc_info+0x40/0x58 [ 29.312253] __kasan_kmalloc+0xd4/0xd8 [ 29.312704] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.312981] kmalloc_track_caller_oob_right+0xa8/0x488 [ 29.313141] kunit_try_run_case+0x170/0x3f0 [ 29.313283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.313349] kthread+0x328/0x630 [ 29.313381] ret_from_fork+0x10/0x20 [ 29.313416] [ 29.313436] The buggy address belongs to the object at fff00000c5a97800 [ 29.313436] which belongs to the cache kmalloc-128 of size 128 [ 29.313627] The buggy address is located 0 bytes to the right of [ 29.313627] allocated 120-byte region [fff00000c5a97800, fff00000c5a97878) [ 29.313866] [ 29.313888] The buggy address belongs to the physical page: [ 29.313928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.313979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.314286] page_type: f5(slab) [ 29.314393] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.314521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.314561] page dumped because: kasan: bad access detected [ 29.314592] [ 29.314610] Memory state around the buggy address: [ 29.314650] fff00000c5a97700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.314692] fff00000c5a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315119] >fff00000c5a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.315159] ^ [ 29.315199] fff00000c5a97880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315881] fff00000c5a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315953] ================================================================== [ 29.317012] ================================================================== [ 29.317063] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 29.317115] Write of size 1 at addr fff00000c5a97978 by task kunit_try_catch/175 [ 29.319529] [ 29.319632] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.322422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.322506] Hardware name: linux,dummy-virt (DT) [ 29.322655] Call trace: [ 29.322681] show_stack+0x20/0x38 (C) [ 29.322741] dump_stack_lvl+0x8c/0xd0 [ 29.322849] print_report+0x118/0x608 [ 29.322974] kasan_report+0xdc/0x128 [ 29.323096] __asan_report_store1_noabort+0x20/0x30 [ 29.323213] kmalloc_track_caller_oob_right+0x418/0x488 [ 29.323264] kunit_try_run_case+0x170/0x3f0 [ 29.323316] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.323369] kthread+0x328/0x630 [ 29.323411] ret_from_fork+0x10/0x20 [ 29.323748] [ 29.323774] Allocated by task 175: [ 29.323804] kasan_save_stack+0x3c/0x68 [ 29.323848] kasan_save_track+0x20/0x40 [ 29.324542] kasan_save_alloc_info+0x40/0x58 [ 29.325156] __kasan_kmalloc+0xd4/0xd8 [ 29.326956] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.327021] kmalloc_track_caller_oob_right+0x184/0x488 [ 29.327063] kunit_try_run_case+0x170/0x3f0 [ 29.327101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.327145] kthread+0x328/0x630 [ 29.327177] ret_from_fork+0x10/0x20 [ 29.327213] [ 29.327233] The buggy address belongs to the object at fff00000c5a97900 [ 29.327233] which belongs to the cache kmalloc-128 of size 128 [ 29.327294] The buggy address is located 0 bytes to the right of [ 29.327294] allocated 120-byte region [fff00000c5a97900, fff00000c5a97978) [ 29.327356] [ 29.327377] The buggy address belongs to the physical page: [ 29.327407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.327457] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.327503] page_type: f5(slab) [ 29.327539] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.327588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.327628] page dumped because: kasan: bad access detected [ 29.327658] [ 29.327676] Memory state around the buggy address: [ 29.327706] fff00000c5a97800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.327746] fff00000c5a97880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327787] >fff00000c5a97900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.327822] ^ [ 29.327860] fff00000c5a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327913] fff00000c5a97a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327950] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 29.292443] ================================================================== [ 29.292504] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 29.292556] Read of size 1 at addr fff00000c99c9000 by task kunit_try_catch/173 [ 29.292607] [ 29.292636] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.292886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.292931] Hardware name: linux,dummy-virt (DT) [ 29.292973] Call trace: [ 29.292997] show_stack+0x20/0x38 (C) [ 29.293137] dump_stack_lvl+0x8c/0xd0 [ 29.293211] print_report+0x118/0x608 [ 29.293336] kasan_report+0xdc/0x128 [ 29.293381] __asan_report_load1_noabort+0x20/0x30 [ 29.293428] kmalloc_node_oob_right+0x2f4/0x330 [ 29.293516] kunit_try_run_case+0x170/0x3f0 [ 29.293569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.293733] kthread+0x328/0x630 [ 29.293905] ret_from_fork+0x10/0x20 [ 29.293962] [ 29.294038] Allocated by task 173: [ 29.294066] kasan_save_stack+0x3c/0x68 [ 29.294197] kasan_save_track+0x20/0x40 [ 29.294316] kasan_save_alloc_info+0x40/0x58 [ 29.294413] __kasan_kmalloc+0xd4/0xd8 [ 29.294449] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 29.294490] kmalloc_node_oob_right+0xbc/0x330 [ 29.294527] kunit_try_run_case+0x170/0x3f0 [ 29.294564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.294607] kthread+0x328/0x630 [ 29.294638] ret_from_fork+0x10/0x20 [ 29.294672] [ 29.294690] The buggy address belongs to the object at fff00000c99c8000 [ 29.294690] which belongs to the cache kmalloc-4k of size 4096 [ 29.294746] The buggy address is located 0 bytes to the right of [ 29.294746] allocated 4096-byte region [fff00000c99c8000, fff00000c99c9000) [ 29.294808] [ 29.294827] The buggy address belongs to the physical page: [ 29.294894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099c8 [ 29.295160] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.295290] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.295370] page_type: f5(slab) [ 29.295519] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 29.295581] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 29.295797] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 29.295926] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 29.296017] head: 0bfffe0000000003 ffffc1ffc3267201 00000000ffffffff 00000000ffffffff [ 29.296065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 29.296361] page dumped because: kasan: bad access detected [ 29.296395] [ 29.296413] Memory state around the buggy address: [ 29.296511] fff00000c99c8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.296708] fff00000c99c8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.296789] >fff00000c99c9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.296826] ^ [ 29.296853] fff00000c99c9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.296893] fff00000c99c9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.296940] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 29.282480] ================================================================== [ 29.282572] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 29.282624] Read of size 1 at addr fff00000c5a4897f by task kunit_try_catch/171 [ 29.282673] [ 29.282706] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.282799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.282826] Hardware name: linux,dummy-virt (DT) [ 29.282856] Call trace: [ 29.282998] show_stack+0x20/0x38 (C) [ 29.283145] dump_stack_lvl+0x8c/0xd0 [ 29.283204] print_report+0x118/0x608 [ 29.283257] kasan_report+0xdc/0x128 [ 29.283406] __asan_report_load1_noabort+0x20/0x30 [ 29.283453] kmalloc_oob_left+0x2ec/0x320 [ 29.283498] kunit_try_run_case+0x170/0x3f0 [ 29.283598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.283663] kthread+0x328/0x630 [ 29.283704] ret_from_fork+0x10/0x20 [ 29.283750] [ 29.283767] Allocated by task 10: [ 29.283795] kasan_save_stack+0x3c/0x68 [ 29.283837] kasan_save_track+0x20/0x40 [ 29.283874] kasan_save_alloc_info+0x40/0x58 [ 29.283920] __kasan_kmalloc+0xd4/0xd8 [ 29.283956] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.283999] kvasprintf+0xe0/0x180 [ 29.284035] __kthread_create_on_node+0x16c/0x350 [ 29.284074] kthread_create_on_node+0xe4/0x130 [ 29.284109] create_worker+0x380/0x6b8 [ 29.284161] worker_thread+0x808/0xf38 [ 29.284287] kthread+0x328/0x630 [ 29.284320] ret_from_fork+0x10/0x20 [ 29.284354] [ 29.284373] The buggy address belongs to the object at fff00000c5a48960 [ 29.284373] which belongs to the cache kmalloc-16 of size 16 [ 29.284428] The buggy address is located 19 bytes to the right of [ 29.284428] allocated 12-byte region [fff00000c5a48960, fff00000c5a4896c) [ 29.284489] [ 29.284508] The buggy address belongs to the physical page: [ 29.284547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a48 [ 29.284597] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.284642] page_type: f5(slab) [ 29.284968] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.285019] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.285058] page dumped because: kasan: bad access detected [ 29.285087] [ 29.285105] Memory state around the buggy address: [ 29.285144] fff00000c5a48800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.285186] fff00000c5a48880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.285228] >fff00000c5a48900: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 29.285495] ^ [ 29.285538] fff00000c5a48980: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.285580] fff00000c5a48a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.285669] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 29.270186] ================================================================== [ 29.270226] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 29.270274] Write of size 1 at addr fff00000c5a97778 by task kunit_try_catch/169 [ 29.270323] [ 29.270356] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.270437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.270463] Hardware name: linux,dummy-virt (DT) [ 29.270494] Call trace: [ 29.270516] show_stack+0x20/0x38 (C) [ 29.270564] dump_stack_lvl+0x8c/0xd0 [ 29.270609] print_report+0x118/0x608 [ 29.270656] kasan_report+0xdc/0x128 [ 29.270702] __asan_report_store1_noabort+0x20/0x30 [ 29.270750] kmalloc_oob_right+0x538/0x660 [ 29.270796] kunit_try_run_case+0x170/0x3f0 [ 29.270844] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.270910] kthread+0x328/0x630 [ 29.270953] ret_from_fork+0x10/0x20 [ 29.271000] [ 29.271098] Allocated by task 169: [ 29.271131] kasan_save_stack+0x3c/0x68 [ 29.271278] kasan_save_track+0x20/0x40 [ 29.271318] kasan_save_alloc_info+0x40/0x58 [ 29.271355] __kasan_kmalloc+0xd4/0xd8 [ 29.271392] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.271430] kmalloc_oob_right+0xb0/0x660 [ 29.271466] kunit_try_run_case+0x170/0x3f0 [ 29.271631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.271701] kthread+0x328/0x630 [ 29.271849] ret_from_fork+0x10/0x20 [ 29.271926] [ 29.271962] The buggy address belongs to the object at fff00000c5a97700 [ 29.271962] which belongs to the cache kmalloc-128 of size 128 [ 29.272029] The buggy address is located 5 bytes to the right of [ 29.272029] allocated 115-byte region [fff00000c5a97700, fff00000c5a97773) [ 29.272091] [ 29.272111] The buggy address belongs to the physical page: [ 29.272269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.272320] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.272401] page_type: f5(slab) [ 29.272441] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.272502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.272541] page dumped because: kasan: bad access detected [ 29.272571] [ 29.272588] Memory state around the buggy address: [ 29.272635] fff00000c5a97600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.272837] fff00000c5a97680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.272880] >fff00000c5a97700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.272926] ^ [ 29.272964] fff00000c5a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273004] fff00000c5a97800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273040] ================================================================== [ 29.255953] ================================================================== [ 29.256339] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 29.258152] Write of size 1 at addr fff00000c5a97773 by task kunit_try_catch/169 [ 29.258332] [ 29.259780] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.260193] Tainted: [N]=TEST [ 29.260332] Hardware name: linux,dummy-virt (DT) [ 29.260679] Call trace: [ 29.261149] show_stack+0x20/0x38 (C) [ 29.261292] dump_stack_lvl+0x8c/0xd0 [ 29.261346] print_report+0x118/0x608 [ 29.261394] kasan_report+0xdc/0x128 [ 29.261441] __asan_report_store1_noabort+0x20/0x30 [ 29.261828] kmalloc_oob_right+0x5a4/0x660 [ 29.261876] kunit_try_run_case+0x170/0x3f0 [ 29.261963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.262074] kthread+0x328/0x630 [ 29.262365] ret_from_fork+0x10/0x20 [ 29.262645] [ 29.262688] Allocated by task 169: [ 29.262876] kasan_save_stack+0x3c/0x68 [ 29.262976] kasan_save_track+0x20/0x40 [ 29.263017] kasan_save_alloc_info+0x40/0x58 [ 29.263109] __kasan_kmalloc+0xd4/0xd8 [ 29.263193] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.263237] kmalloc_oob_right+0xb0/0x660 [ 29.263283] kunit_try_run_case+0x170/0x3f0 [ 29.263364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.263655] kthread+0x328/0x630 [ 29.263702] ret_from_fork+0x10/0x20 [ 29.263848] [ 29.264017] The buggy address belongs to the object at fff00000c5a97700 [ 29.264017] which belongs to the cache kmalloc-128 of size 128 [ 29.264154] The buggy address is located 0 bytes to the right of [ 29.264154] allocated 115-byte region [fff00000c5a97700, fff00000c5a97773) [ 29.264410] [ 29.264703] The buggy address belongs to the physical page: [ 29.265149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.265450] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.266046] page_type: f5(slab) [ 29.266797] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.266956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.267310] page dumped because: kasan: bad access detected [ 29.267361] [ 29.267439] Memory state around the buggy address: [ 29.267780] fff00000c5a97600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.267864] fff00000c5a97680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.268159] >fff00000c5a97700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.268285] ^ [ 29.268738] fff00000c5a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.268851] fff00000c5a97800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.268946] ================================================================== [ 29.273182] ================================================================== [ 29.273222] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 29.273382] Read of size 1 at addr fff00000c5a97780 by task kunit_try_catch/169 [ 29.273480] [ 29.273621] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.273803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.273829] Hardware name: linux,dummy-virt (DT) [ 29.273858] Call trace: [ 29.273879] show_stack+0x20/0x38 (C) [ 29.274009] dump_stack_lvl+0x8c/0xd0 [ 29.274077] print_report+0x118/0x608 [ 29.274123] kasan_report+0xdc/0x128 [ 29.274215] __asan_report_load1_noabort+0x20/0x30 [ 29.274277] kmalloc_oob_right+0x5d0/0x660 [ 29.274325] kunit_try_run_case+0x170/0x3f0 [ 29.274371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.274443] kthread+0x328/0x630 [ 29.274484] ret_from_fork+0x10/0x20 [ 29.274531] [ 29.274548] Allocated by task 169: [ 29.274575] kasan_save_stack+0x3c/0x68 [ 29.274613] kasan_save_track+0x20/0x40 [ 29.274650] kasan_save_alloc_info+0x40/0x58 [ 29.274685] __kasan_kmalloc+0xd4/0xd8 [ 29.274721] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.274759] kmalloc_oob_right+0xb0/0x660 [ 29.274794] kunit_try_run_case+0x170/0x3f0 [ 29.274831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.274875] kthread+0x328/0x630 [ 29.274915] ret_from_fork+0x10/0x20 [ 29.275070] [ 29.275172] The buggy address belongs to the object at fff00000c5a97700 [ 29.275172] which belongs to the cache kmalloc-128 of size 128 [ 29.275337] The buggy address is located 13 bytes to the right of [ 29.275337] allocated 115-byte region [fff00000c5a97700, fff00000c5a97773) [ 29.275464] [ 29.275483] The buggy address belongs to the physical page: [ 29.275511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.275606] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.275676] page_type: f5(slab) [ 29.275868] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.276019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.276058] page dumped because: kasan: bad access detected [ 29.276088] [ 29.276125] Memory state around the buggy address: [ 29.276268] fff00000c5a97680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.276459] fff00000c5a97700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.276563] >fff00000c5a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.276601] ^ [ 29.276628] fff00000c5a97800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.276739] fff00000c5a97880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.276850] ==================================================================
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 107.862589] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#0: kunit_try_catch/691 [ 107.865689] Modules linked in: [ 107.866315] CPU: 0 UID: 0 PID: 691 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 107.867595] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 107.868324] Hardware name: linux,dummy-virt (DT) [ 107.868933] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 107.869761] pc : intlog10+0x38/0x48 [ 107.870346] lr : intlog10_test+0xe4/0x200 [ 107.870734] sp : ffff8000823f7c10 [ 107.870922] x29: ffff8000823f7c90 x28: 0000000000000000 x27: 0000000000000000 [ 107.871287] x26: 1ffe0000190bd701 x25: 0000000000000000 x24: ffff8000823f7ce0 [ 107.871637] x23: ffff8000823f7d00 x22: 0000000000000000 x21: 1ffff0001047ef82 [ 107.872414] x20: ffffa0286e20e140 x19: ffff800080087990 x18: 00000000c6e3a724 [ 107.873405] x17: 00000000ab67c537 x16: fff00000c60be03c x15: fff00000ff616b48 [ 107.874518] x14: 0000000000018fff x13: 1ffe00001b48f5c5 x12: ffff74050e41b981 [ 107.875542] x11: 1ffff4050e41b980 x10: ffff74050e41b980 x9 : ffffa0286b8448cc [ 107.876538] x8 : ffffa028720dcc03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 107.877498] x5 : ffff70001047ef82 x4 : 1ffff00010010f3b x3 : 1ffff4050dc41c28 [ 107.878599] x2 : 1ffff4050dc41c28 x1 : 0000000000000003 x0 : 0000000000000000 [ 107.879662] Call trace: [ 107.880024] intlog10+0x38/0x48 (P) [ 107.880560] kunit_try_run_case+0x170/0x3f0 [ 107.881166] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 107.881432] kthread+0x328/0x630 [ 107.881612] ret_from_fork+0x10/0x20 [ 107.881875] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 107.802821] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#0: kunit_try_catch/673 [ 107.806387] Modules linked in: [ 107.807016] CPU: 0 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 107.808265] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 107.808917] Hardware name: linux,dummy-virt (DT) [ 107.809547] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 107.810494] pc : intlog2+0xd8/0xf8 [ 107.811096] lr : intlog2_test+0xe4/0x200 [ 107.811714] sp : ffff8000821b7c10 [ 107.812104] x29: ffff8000821b7c90 x28: 0000000000000000 x27: 0000000000000000 [ 107.812481] x26: 1ffe0000190c18e1 x25: 0000000000000000 x24: ffff8000821b7ce0 [ 107.812841] x23: ffff8000821b7d00 x22: 0000000000000000 x21: 1ffff00010436f82 [ 107.813208] x20: ffffa0286e20e040 x19: ffff800080087990 x18: 000000007711b90c [ 107.813555] x17: 0000000000000001 x16: fff00000c60be03c x15: 000000004a59e136 [ 107.814634] x14: 00000000f1f1f1f1 x13: 1ffe00001b48f5c5 x12: ffff74050e41b981 [ 107.815640] x11: 1ffff4050e41b980 x10: ffff74050e41b980 x9 : ffffa0286b844acc [ 107.816656] x8 : ffffa028720dcc03 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 107.817661] x5 : ffff700010436f82 x4 : 1ffff00010010f3b x3 : 1ffff4050dc41c08 [ 107.818825] x2 : 1ffff4050dc41c08 x1 : 0000000000000003 x0 : 0000000000000000 [ 107.819830] Call trace: [ 107.820286] intlog2+0xd8/0xf8 (P) [ 107.820829] kunit_try_run_case+0x170/0x3f0 [ 107.821437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 107.822207] kthread+0x328/0x630 [ 107.822758] ret_from_fork+0x10/0x20 [ 107.823348] ---[ end trace 0000000000000000 ]---