Date
July 9, 2025, 1:08 p.m.
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 32.122482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xca0/0x4858 [ 31.856973] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x40a8/0x4858 [ 32.104223] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc08/0x4858 [ 31.948693] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4e4/0x4858
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 31.774842] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0
Failure - log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 31.709644] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0
Failure - log-parser-boot/internal-error-oops-oops-smp
[ 108.083686] Internal error: Oops: 0000000096000005 [#1] SMP [ 108.087932] Modules linked in: [ 108.088363] CPU: 1 UID: 0 PID: 564 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 108.089200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 108.089611] Hardware name: linux,dummy-virt (DT) [ 108.090403] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 108.091584] pc : kunit_test_null_dereference+0x70/0x170 [ 108.092465] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 108.093106] sp : ffff800082197d30 [ 108.093590] x29: ffff800082197d90 x28: 0000000000000000 x27: 0000000000000000 [ 108.094555] x26: 1ffe000018caee21 x25: 0000000000000000 x24: 0000000000000004 [ 108.095107] x23: fff00000c657710c x22: ffff9ae31f6330b0 x21: fff00000c0b1d588 [ 108.095990] x20: 1ffff00010432fa6 x19: ffff800080087990 x18: 0000000098ac6a46 [ 108.096696] x17: 0000000000000000 x16: fff00000c92ecc3c x15: fff00000ff616b48 [ 108.097409] x14: 0000000000018fff x13: 1ffe00001b48bbdd x12: fffd800018ed83a4 [ 108.098111] x11: 1ffe000018ed83a3 x10: fffd800018ed83a3 x9 : ffff9ae31f62a840 [ 108.098876] x8 : ffff800082197c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 108.099596] x5 : ffff700010432fa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 108.100369] x2 : dfff800000000000 x1 : fff00000c76c1440 x0 : ffff800080087990 [ 108.101299] Call trace: [ 108.101593] kunit_test_null_dereference+0x70/0x170 (P) [ 108.102186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 108.102773] kthread+0x328/0x630 [ 108.103230] ret_from_fork+0x10/0x20 [ 108.104366] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 108.105209] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.944667] ================================================================== [ 63.944731] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 63.944731] [ 63.944815] Use-after-free read at 0x00000000df1318f7 (in kfence-#198): [ 63.944868] test_krealloc+0x51c/0x830 [ 63.944913] kunit_try_run_case+0x170/0x3f0 [ 63.944961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.945006] kthread+0x328/0x630 [ 63.945046] ret_from_fork+0x10/0x20 [ 63.945106] [ 63.945131] kfence-#198: 0x00000000df1318f7-0x0000000090a37180, size=32, cache=kmalloc-32 [ 63.945131] [ 63.945185] allocated by task 369 on cpu 1 at 63.944012s (0.001169s ago): [ 63.945254] test_alloc+0x29c/0x628 [ 63.945297] test_krealloc+0xc0/0x830 [ 63.945337] kunit_try_run_case+0x170/0x3f0 [ 63.945379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.945424] kthread+0x328/0x630 [ 63.945460] ret_from_fork+0x10/0x20 [ 63.945498] [ 63.945523] freed by task 369 on cpu 1 at 63.944274s (0.001245s ago): [ 63.945586] krealloc_noprof+0x148/0x360 [ 63.945627] test_krealloc+0x1dc/0x830 [ 63.945667] kunit_try_run_case+0x170/0x3f0 [ 63.945709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.945756] kthread+0x328/0x630 [ 63.945792] ret_from_fork+0x10/0x20 [ 63.945829] [ 63.945874] CPU: 1 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 63.945953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.945985] Hardware name: linux,dummy-virt (DT) [ 63.946021] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.872351] ================================================================== [ 63.872444] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.872444] [ 63.872552] Use-after-free read at 0x00000000be40133b (in kfence-#197): [ 63.872609] test_memcache_typesafe_by_rcu+0x280/0x560 [ 63.872660] kunit_try_run_case+0x170/0x3f0 [ 63.872706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.872751] kthread+0x328/0x630 [ 63.872791] ret_from_fork+0x10/0x20 [ 63.872834] [ 63.872860] kfence-#197: 0x00000000be40133b-0x00000000c75ba7c0, size=32, cache=test [ 63.872860] [ 63.872911] allocated by task 367 on cpu 0 at 63.836449s (0.036458s ago): [ 63.872980] test_alloc+0x230/0x628 [ 63.873021] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 63.873087] kunit_try_run_case+0x170/0x3f0 [ 63.873129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.873171] kthread+0x328/0x630 [ 63.873208] ret_from_fork+0x10/0x20 [ 63.873245] [ 63.873268] freed by task 367 on cpu 0 at 63.836556s (0.036708s ago): [ 63.873324] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 63.873368] kunit_try_run_case+0x170/0x3f0 [ 63.873409] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 63.873453] kthread+0x328/0x630 [ 63.873488] ret_from_fork+0x10/0x20 [ 63.873525] [ 63.873572] CPU: 0 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 63.873650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.873680] Hardware name: linux,dummy-virt (DT) [ 63.873715] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 41.084610] ================================================================== [ 41.084771] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 41.084771] [ 41.084879] Invalid read at 0x0000000090196856: [ 41.084942] test_invalid_access+0xdc/0x1f0 [ 41.085246] kunit_try_run_case+0x170/0x3f0 [ 41.085345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.085397] kthread+0x328/0x630 [ 41.085763] ret_from_fork+0x10/0x20 [ 41.085915] [ 41.086251] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 41.086717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.086783] Hardware name: linux,dummy-virt (DT) [ 41.087236] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 40.852367] ================================================================== [ 40.852466] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.852466] [ 40.852534] Corrupted memory at 0x000000000a6de091 [ ! . . . . . . . . . . . . . . . ] (in kfence-#193): [ 40.852847] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.852897] kunit_try_run_case+0x170/0x3f0 [ 40.852943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.852988] kthread+0x328/0x630 [ 40.853027] ret_from_fork+0x10/0x20 [ 40.853086] [ 40.853111] kfence-#193: 0x000000002439b7a2-0x00000000b694b061, size=73, cache=kmalloc-96 [ 40.853111] [ 40.853166] allocated by task 357 on cpu 0 at 40.852114s (0.001048s ago): [ 40.853232] test_alloc+0x29c/0x628 [ 40.853273] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 40.853315] kunit_try_run_case+0x170/0x3f0 [ 40.853357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.853401] kthread+0x328/0x630 [ 40.853439] ret_from_fork+0x10/0x20 [ 40.853479] [ 40.853502] freed by task 357 on cpu 0 at 40.852261s (0.001237s ago): [ 40.853565] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 40.853609] kunit_try_run_case+0x170/0x3f0 [ 40.853650] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.853694] kthread+0x328/0x630 [ 40.853730] ret_from_fork+0x10/0x20 [ 40.853770] [ 40.853819] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 40.853902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.853932] Hardware name: linux,dummy-virt (DT) [ 40.853968] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 40.644365] ================================================================== [ 40.644465] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 40.644465] [ 40.644570] Out-of-bounds read at 0x00000000b728b0f1 (105B right of kfence-#191): [ 40.644632] test_kmalloc_aligned_oob_read+0x238/0x468 [ 40.644685] kunit_try_run_case+0x170/0x3f0 [ 40.644732] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.644779] kthread+0x328/0x630 [ 40.644820] ret_from_fork+0x10/0x20 [ 40.644862] [ 40.644888] kfence-#191: 0x00000000e0c8d5c5-0x000000006cf5bc39, size=73, cache=kmalloc-96 [ 40.644888] [ 40.644941] allocated by task 355 on cpu 1 at 40.644119s (0.000819s ago): [ 40.645012] test_alloc+0x29c/0x628 [ 40.645068] test_kmalloc_aligned_oob_read+0x100/0x468 [ 40.645121] kunit_try_run_case+0x170/0x3f0 [ 40.645163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.645207] kthread+0x328/0x630 [ 40.645244] ret_from_fork+0x10/0x20 [ 40.645283] [ 40.645333] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 40.645417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.645446] Hardware name: linux,dummy-virt (DT) [ 40.645483] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 35.028373] ================================================================== [ 35.028461] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 35.028461] [ 35.028524] Corrupted memory at 0x000000002d46e351 [ ! ] (in kfence-#137): [ 35.028652] test_corruption+0x284/0x378 [ 35.028699] kunit_try_run_case+0x170/0x3f0 [ 35.028744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.028790] kthread+0x328/0x630 [ 35.028827] ret_from_fork+0x10/0x20 [ 35.028868] [ 35.028891] kfence-#137: 0x00000000c59d3033-0x00000000b9eec435, size=32, cache=kmalloc-32 [ 35.028891] [ 35.028947] allocated by task 343 on cpu 0 at 35.028082s (0.000861s ago): [ 35.029007] test_alloc+0x29c/0x628 [ 35.029049] test_corruption+0x198/0x378 [ 35.029110] kunit_try_run_case+0x170/0x3f0 [ 35.029152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.029196] kthread+0x328/0x630 [ 35.029231] ret_from_fork+0x10/0x20 [ 35.029270] [ 35.029293] freed by task 343 on cpu 0 at 35.028189s (0.001100s ago): [ 35.029355] test_corruption+0x284/0x378 [ 35.029394] kunit_try_run_case+0x170/0x3f0 [ 35.029433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.029477] kthread+0x328/0x630 [ 35.029513] ret_from_fork+0x10/0x20 [ 35.029550] [ 35.029593] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 35.029670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.029701] Hardware name: linux,dummy-virt (DT) [ 35.029735] ================================================================== [ 35.652123] ================================================================== [ 35.652233] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 35.652233] [ 35.652297] Corrupted memory at 0x0000000090134b78 [ ! . . . . . . . . . . . . . . . ] (in kfence-#143): [ 35.652614] test_corruption+0x120/0x378 [ 35.652661] kunit_try_run_case+0x170/0x3f0 [ 35.652707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.652753] kthread+0x328/0x630 [ 35.652792] ret_from_fork+0x10/0x20 [ 35.652833] [ 35.652857] kfence-#143: 0x000000008d89b55d-0x00000000dde9e133, size=32, cache=test [ 35.652857] [ 35.652912] allocated by task 345 on cpu 0 at 35.651960s (0.000949s ago): [ 35.652975] test_alloc+0x230/0x628 [ 35.653015] test_corruption+0xdc/0x378 [ 35.653067] kunit_try_run_case+0x170/0x3f0 [ 35.653114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.653159] kthread+0x328/0x630 [ 35.653196] ret_from_fork+0x10/0x20 [ 35.653234] [ 35.653258] freed by task 345 on cpu 0 at 35.652018s (0.001236s ago): [ 35.653320] test_corruption+0x120/0x378 [ 35.653361] kunit_try_run_case+0x170/0x3f0 [ 35.653402] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.653446] kthread+0x328/0x630 [ 35.653481] ret_from_fork+0x10/0x20 [ 35.653518] [ 35.653561] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 35.653640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.653670] Hardware name: linux,dummy-virt (DT) [ 35.653704] ================================================================== [ 35.756238] ================================================================== [ 35.756326] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 35.756326] [ 35.756388] Corrupted memory at 0x00000000a2d54c91 [ ! ] (in kfence-#144): [ 35.756499] test_corruption+0x1d8/0x378 [ 35.756547] kunit_try_run_case+0x170/0x3f0 [ 35.756592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.756639] kthread+0x328/0x630 [ 35.756675] ret_from_fork+0x10/0x20 [ 35.756717] [ 35.756743] kfence-#144: 0x000000001de8e573-0x00000000f6a55984, size=32, cache=test [ 35.756743] [ 35.756800] allocated by task 345 on cpu 0 at 35.756098s (0.000699s ago): [ 35.756861] test_alloc+0x230/0x628 [ 35.756902] test_corruption+0x198/0x378 [ 35.756944] kunit_try_run_case+0x170/0x3f0 [ 35.756985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.757030] kthread+0x328/0x630 [ 35.757081] ret_from_fork+0x10/0x20 [ 35.757120] [ 35.757145] freed by task 345 on cpu 0 at 35.756156s (0.000985s ago): [ 35.757207] test_corruption+0x1d8/0x378 [ 35.757247] kunit_try_run_case+0x170/0x3f0 [ 35.757288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.757333] kthread+0x328/0x630 [ 35.757368] ret_from_fork+0x10/0x20 [ 35.757408] [ 35.757447] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 35.757525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.757555] Hardware name: linux,dummy-virt (DT) [ 35.757589] ================================================================== [ 34.924279] ================================================================== [ 34.924364] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 34.924364] [ 34.924428] Corrupted memory at 0x000000000c6f6538 [ ! . . . . . . . . . . . . . . . ] (in kfence-#136): [ 34.924768] test_corruption+0x278/0x378 [ 34.924817] kunit_try_run_case+0x170/0x3f0 [ 34.924862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.924908] kthread+0x328/0x630 [ 34.924947] ret_from_fork+0x10/0x20 [ 34.924989] [ 34.925013] kfence-#136: 0x0000000087fc5400-0x00000000d4bd72d3, size=32, cache=kmalloc-32 [ 34.925013] [ 34.925091] allocated by task 343 on cpu 0 at 34.924061s (0.001026s ago): [ 34.925156] test_alloc+0x29c/0x628 [ 34.925198] test_corruption+0xdc/0x378 [ 34.925239] kunit_try_run_case+0x170/0x3f0 [ 34.925280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.925325] kthread+0x328/0x630 [ 34.925360] ret_from_fork+0x10/0x20 [ 34.925400] [ 34.925423] freed by task 343 on cpu 0 at 34.924193s (0.001226s ago): [ 34.925486] test_corruption+0x278/0x378 [ 34.925525] kunit_try_run_case+0x170/0x3f0 [ 34.925564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.925609] kthread+0x328/0x630 [ 34.925645] ret_from_fork+0x10/0x20 [ 34.925682] [ 34.925725] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.925803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.925833] Hardware name: linux,dummy-virt (DT) [ 34.925866] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 34.716183] ================================================================== [ 34.716278] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 34.716278] [ 34.716342] Invalid free of 0x000000005aec47be (in kfence-#134): [ 34.716398] test_invalid_addr_free+0x1ac/0x238 [ 34.716446] kunit_try_run_case+0x170/0x3f0 [ 34.716493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.716538] kthread+0x328/0x630 [ 34.716579] ret_from_fork+0x10/0x20 [ 34.716620] [ 34.716645] kfence-#134: 0x0000000077ea0043-0x00000000f117cec1, size=32, cache=kmalloc-32 [ 34.716645] [ 34.716700] allocated by task 339 on cpu 0 at 34.716015s (0.000682s ago): [ 34.716765] test_alloc+0x29c/0x628 [ 34.716807] test_invalid_addr_free+0xd4/0x238 [ 34.716850] kunit_try_run_case+0x170/0x3f0 [ 34.716893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.716938] kthread+0x328/0x630 [ 34.716974] ret_from_fork+0x10/0x20 [ 34.717014] [ 34.717073] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.717159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.717188] Hardware name: linux,dummy-virt (DT) [ 34.717223] ================================================================== [ 34.820183] ================================================================== [ 34.820274] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 34.820274] [ 34.820337] Invalid free of 0x00000000066d1b55 (in kfence-#135): [ 34.820393] test_invalid_addr_free+0xec/0x238 [ 34.820440] kunit_try_run_case+0x170/0x3f0 [ 34.820487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.820533] kthread+0x328/0x630 [ 34.820573] ret_from_fork+0x10/0x20 [ 34.820614] [ 34.820639] kfence-#135: 0x000000008e91f4d9-0x00000000160f87ee, size=32, cache=test [ 34.820639] [ 34.820692] allocated by task 341 on cpu 1 at 34.820043s (0.000645s ago): [ 34.820755] test_alloc+0x230/0x628 [ 34.820797] test_invalid_addr_free+0xd4/0x238 [ 34.820838] kunit_try_run_case+0x170/0x3f0 [ 34.820880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.820924] kthread+0x328/0x630 [ 34.820960] ret_from_fork+0x10/0x20 [ 34.820999] [ 34.821047] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.821145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.821179] Hardware name: linux,dummy-virt (DT) [ 34.821212] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 34.612274] ================================================================== [ 34.612368] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 34.612368] [ 34.612433] Invalid free of 0x000000002a5d2104 (in kfence-#133): [ 34.612483] test_double_free+0x100/0x238 [ 34.612532] kunit_try_run_case+0x170/0x3f0 [ 34.612578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.612623] kthread+0x328/0x630 [ 34.612663] ret_from_fork+0x10/0x20 [ 34.612704] [ 34.612731] kfence-#133: 0x000000002a5d2104-0x0000000024bf7588, size=32, cache=test [ 34.612731] [ 34.612787] allocated by task 337 on cpu 1 at 34.612046s (0.000737s ago): [ 34.612849] test_alloc+0x230/0x628 [ 34.612892] test_double_free+0xd4/0x238 [ 34.612932] kunit_try_run_case+0x170/0x3f0 [ 34.612974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.613019] kthread+0x328/0x630 [ 34.613068] ret_from_fork+0x10/0x20 [ 34.613115] [ 34.613139] freed by task 337 on cpu 1 at 34.612121s (0.001014s ago): [ 34.613203] test_double_free+0xf0/0x238 [ 34.613244] kunit_try_run_case+0x170/0x3f0 [ 34.613284] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.613329] kthread+0x328/0x630 [ 34.613363] ret_from_fork+0x10/0x20 [ 34.613403] [ 34.613445] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.613525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.613554] Hardware name: linux,dummy-virt (DT) [ 34.613588] ================================================================== [ 34.508349] ================================================================== [ 34.508481] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 34.508481] [ 34.508553] Invalid free of 0x00000000c16e226c (in kfence-#132): [ 34.508620] test_double_free+0x1bc/0x238 [ 34.508670] kunit_try_run_case+0x170/0x3f0 [ 34.508720] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.508766] kthread+0x328/0x630 [ 34.508809] ret_from_fork+0x10/0x20 [ 34.508851] [ 34.508879] kfence-#132: 0x00000000c16e226c-0x00000000d928712a, size=32, cache=kmalloc-32 [ 34.508879] [ 34.508934] allocated by task 335 on cpu 1 at 34.508089s (0.000841s ago): [ 34.508998] test_alloc+0x29c/0x628 [ 34.509043] test_double_free+0xd4/0x238 [ 34.509105] kunit_try_run_case+0x170/0x3f0 [ 34.509147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.509194] kthread+0x328/0x630 [ 34.509231] ret_from_fork+0x10/0x20 [ 34.509272] [ 34.509297] freed by task 335 on cpu 1 at 34.508168s (0.001125s ago): [ 34.509363] test_double_free+0x1ac/0x238 [ 34.509404] kunit_try_run_case+0x170/0x3f0 [ 34.509447] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.509492] kthread+0x328/0x630 [ 34.509529] ret_from_fork+0x10/0x20 [ 34.509568] [ 34.509614] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.509697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.509727] Hardware name: linux,dummy-virt (DT) [ 34.509761] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 34.094602] ================================================================== [ 34.094743] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 34.094743] [ 34.094844] Use-after-free read at 0x000000007314f1fc (in kfence-#128): [ 34.094896] test_use_after_free_read+0x114/0x248 [ 34.094998] kunit_try_run_case+0x170/0x3f0 [ 34.095045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.095266] kthread+0x328/0x630 [ 34.095388] ret_from_fork+0x10/0x20 [ 34.095434] [ 34.095671] kfence-#128: 0x000000007314f1fc-0x0000000094af55f6, size=32, cache=kmalloc-32 [ 34.095671] [ 34.095872] allocated by task 327 on cpu 1 at 34.093964s (0.001819s ago): [ 34.096126] test_alloc+0x29c/0x628 [ 34.096225] test_use_after_free_read+0xd0/0x248 [ 34.096344] kunit_try_run_case+0x170/0x3f0 [ 34.096385] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.096582] kthread+0x328/0x630 [ 34.096735] ret_from_fork+0x10/0x20 [ 34.096778] [ 34.096953] freed by task 327 on cpu 1 at 34.094041s (0.002792s ago): [ 34.097296] test_use_after_free_read+0x1c0/0x248 [ 34.097434] kunit_try_run_case+0x170/0x3f0 [ 34.097595] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.097693] kthread+0x328/0x630 [ 34.097846] ret_from_fork+0x10/0x20 [ 34.097977] [ 34.098121] CPU: 1 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.098296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.098346] Hardware name: linux,dummy-virt (DT) [ 34.098381] ================================================================== [ 34.198164] ================================================================== [ 34.198453] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 34.198453] [ 34.198570] Use-after-free read at 0x000000005da92860 (in kfence-#129): [ 34.198624] test_use_after_free_read+0x114/0x248 [ 34.199094] kunit_try_run_case+0x170/0x3f0 [ 34.199173] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.199783] kthread+0x328/0x630 [ 34.199939] ret_from_fork+0x10/0x20 [ 34.200008] [ 34.200308] kfence-#129: 0x000000005da92860-0x000000006fdc1fa5, size=32, cache=test [ 34.200308] [ 34.200406] allocated by task 329 on cpu 1 at 34.197805s (0.002570s ago): [ 34.200484] test_alloc+0x230/0x628 [ 34.200986] test_use_after_free_read+0xd0/0x248 [ 34.201181] kunit_try_run_case+0x170/0x3f0 [ 34.201304] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.201458] kthread+0x328/0x630 [ 34.201514] ret_from_fork+0x10/0x20 [ 34.201881] [ 34.202031] freed by task 329 on cpu 1 at 34.197906s (0.004032s ago): [ 34.202960] test_use_after_free_read+0xf0/0x248 [ 34.203168] kunit_try_run_case+0x170/0x3f0 [ 34.203230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.203277] kthread+0x328/0x630 [ 34.203316] ret_from_fork+0x10/0x20 [ 34.203383] [ 34.203430] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 34.203543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.203600] Hardware name: linux,dummy-virt (DT) [ 34.203869] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 33.882343] ================================================================== [ 33.882433] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 33.882433] [ 33.882684] Out-of-bounds write at 0x00000000cb1dd661 (1B left of kfence-#126): [ 33.882975] test_out_of_bounds_write+0x100/0x240 [ 33.883044] kunit_try_run_case+0x170/0x3f0 [ 33.883110] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.883156] kthread+0x328/0x630 [ 33.883197] ret_from_fork+0x10/0x20 [ 33.883393] [ 33.883437] kfence-#126: 0x000000008941b12e-0x000000009eec54e7, size=32, cache=kmalloc-32 [ 33.883437] [ 33.883639] allocated by task 323 on cpu 1 at 33.882141s (0.001350s ago): [ 33.884019] test_alloc+0x29c/0x628 [ 33.884089] test_out_of_bounds_write+0xc8/0x240 [ 33.884302] kunit_try_run_case+0x170/0x3f0 [ 33.884506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.884783] kthread+0x328/0x630 [ 33.884924] ret_from_fork+0x10/0x20 [ 33.885014] [ 33.885132] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.885409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.885581] Hardware name: linux,dummy-virt (DT) [ 33.885740] ================================================================== [ 33.985778] ================================================================== [ 33.986121] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 33.986121] [ 33.986491] Out-of-bounds write at 0x000000008d47373e (1B left of kfence-#127): [ 33.986586] test_out_of_bounds_write+0x100/0x240 [ 33.986766] kunit_try_run_case+0x170/0x3f0 [ 33.986834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.987143] kthread+0x328/0x630 [ 33.987205] ret_from_fork+0x10/0x20 [ 33.987508] [ 33.987652] kfence-#127: 0x0000000028b701d3-0x00000000b59be776, size=32, cache=test [ 33.987652] [ 33.987778] allocated by task 325 on cpu 1 at 33.985590s (0.002175s ago): [ 33.987858] test_alloc+0x230/0x628 [ 33.988209] test_out_of_bounds_write+0xc8/0x240 [ 33.988372] kunit_try_run_case+0x170/0x3f0 [ 33.988418] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.988725] kthread+0x328/0x630 [ 33.988859] ret_from_fork+0x10/0x20 [ 33.989145] [ 33.989365] CPU: 1 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.989939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.990036] Hardware name: linux,dummy-virt (DT) [ 33.990243] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 33.461398] ================================================================== [ 33.461482] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 33.461482] [ 33.461572] Out-of-bounds read at 0x0000000037fa845a (1B left of kfence-#122): [ 33.461628] test_out_of_bounds_read+0x114/0x3e0 [ 33.461676] kunit_try_run_case+0x170/0x3f0 [ 33.461722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.461767] kthread+0x328/0x630 [ 33.461806] ret_from_fork+0x10/0x20 [ 33.461846] [ 33.461872] kfence-#122: 0x00000000b2d59c74-0x000000000602afce, size=32, cache=test [ 33.461872] [ 33.461922] allocated by task 321 on cpu 1 at 33.461312s (0.000606s ago): [ 33.462901] test_alloc+0x230/0x628 [ 33.463296] test_out_of_bounds_read+0xdc/0x3e0 [ 33.463499] kunit_try_run_case+0x170/0x3f0 [ 33.463550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.463603] kthread+0x328/0x630 [ 33.463676] ret_from_fork+0x10/0x20 [ 33.463818] [ 33.464281] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.464495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.464529] Hardware name: linux,dummy-virt (DT) [ 33.464563] ================================================================== [ 33.569197] ================================================================== [ 33.569318] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 33.569318] [ 33.569532] Out-of-bounds read at 0x000000007f995cdd (32B right of kfence-#123): [ 33.569594] test_out_of_bounds_read+0x1c8/0x3e0 [ 33.569781] kunit_try_run_case+0x170/0x3f0 [ 33.570009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.570159] kthread+0x328/0x630 [ 33.570207] ret_from_fork+0x10/0x20 [ 33.570247] [ 33.570543] kfence-#123: 0x000000004dcfffa5-0x000000000f6a9578, size=32, cache=test [ 33.570543] [ 33.570660] allocated by task 321 on cpu 1 at 33.568993s (0.001603s ago): [ 33.570738] test_alloc+0x230/0x628 [ 33.570780] test_out_of_bounds_read+0x198/0x3e0 [ 33.570880] kunit_try_run_case+0x170/0x3f0 [ 33.570925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.571039] kthread+0x328/0x630 [ 33.571089] ret_from_fork+0x10/0x20 [ 33.571390] [ 33.571479] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.571565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.571653] Hardware name: linux,dummy-virt (DT) [ 33.571827] ================================================================== [ 33.245287] ================================================================== [ 33.245426] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 33.245426] [ 33.245540] Out-of-bounds read at 0x000000000e62061e (32B right of kfence-#120): [ 33.245882] test_out_of_bounds_read+0x1c8/0x3e0 [ 33.246109] kunit_try_run_case+0x170/0x3f0 [ 33.246400] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.246465] kthread+0x328/0x630 [ 33.246574] ret_from_fork+0x10/0x20 [ 33.246651] [ 33.246708] kfence-#120: 0x000000000b599ac7-0x00000000292f35dc, size=32, cache=kmalloc-32 [ 33.246708] [ 33.246859] allocated by task 319 on cpu 1 at 33.244672s (0.002154s ago): [ 33.246960] test_alloc+0x29c/0x628 [ 33.247013] test_out_of_bounds_read+0x198/0x3e0 [ 33.247187] kunit_try_run_case+0x170/0x3f0 [ 33.247241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.247554] kthread+0x328/0x630 [ 33.247613] ret_from_fork+0x10/0x20 [ 33.247770] [ 33.248072] CPU: 1 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.248174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.248527] Hardware name: linux,dummy-virt (DT) [ 33.248633] ================================================================== [ 33.141835] ================================================================== [ 33.141992] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 33.141992] [ 33.142144] Out-of-bounds read at 0x00000000e00c5836 (1B left of kfence-#119): [ 33.142224] test_out_of_bounds_read+0x114/0x3e0 [ 33.142278] kunit_try_run_case+0x170/0x3f0 [ 33.142324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.142369] kthread+0x328/0x630 [ 33.142899] ret_from_fork+0x10/0x20 [ 33.142969] [ 33.143016] kfence-#119: 0x0000000076612269-0x00000000d9cb5105, size=32, cache=kmalloc-32 [ 33.143016] [ 33.143420] allocated by task 319 on cpu 1 at 33.140739s (0.002571s ago): [ 33.143509] test_alloc+0x29c/0x628 [ 33.143554] test_out_of_bounds_read+0xdc/0x3e0 [ 33.143760] kunit_try_run_case+0x170/0x3f0 [ 33.144169] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.144264] kthread+0x328/0x630 [ 33.144360] ret_from_fork+0x10/0x20 [ 33.144626] [ 33.144745] CPU: 1 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 33.145169] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.145206] Hardware name: linux,dummy-virt (DT) [ 33.145274] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_oob_in_memset
[ 29.320026] ================================================================== [ 29.320105] BUG: KFENCE: memory corruption in kmalloc_oob_in_memset+0x160/0x2d0 [ 29.320105] [ 29.320163] Corrupted memory at 0x00000000e52bc929 [ ! ! ! ! ! ! ! ! ] (in kfence-#92): [ 29.323150] kmalloc_oob_in_memset+0x160/0x2d0 [ 29.323200] kunit_try_run_case+0x170/0x3f0 [ 29.323646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.323702] kthread+0x328/0x630 [ 29.323738] ret_from_fork+0x10/0x20 [ 29.323836] [ 29.324024] kfence-#92: 0x0000000098005bf0-0x00000000aa59b270, size=120, cache=kmalloc-128 [ 29.324024] [ 29.325388] allocated by task 202 on cpu 0 at 29.318788s (0.005750s ago): [ 29.326360] kmalloc_oob_in_memset+0xb0/0x2d0 [ 29.326726] kunit_try_run_case+0x170/0x3f0 [ 29.327454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.327508] kthread+0x328/0x630 [ 29.327774] ret_from_fork+0x10/0x20 [ 29.327974] [ 29.329024] freed by task 202 on cpu 0 at 29.319462s (0.008556s ago): [ 29.329814] kmalloc_oob_in_memset+0x160/0x2d0 [ 29.330082] kunit_try_run_case+0x170/0x3f0 [ 29.330574] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.330672] kthread+0x328/0x630 [ 29.330705] ret_from_fork+0x10/0x20 [ 29.331442] [ 29.331973] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.332474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.332888] Hardware name: linux,dummy-virt (DT) [ 29.333152] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 32.617931] ================================================================== [ 32.617993] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 32.618218] Write of size 1 at addr fff00000c9c2a378 by task kunit_try_catch/317 [ 32.618287] [ 32.618322] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.618411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618439] Hardware name: linux,dummy-virt (DT) [ 32.618606] Call trace: [ 32.618640] show_stack+0x20/0x38 (C) [ 32.618774] dump_stack_lvl+0x8c/0xd0 [ 32.618838] print_report+0x118/0x5d0 [ 32.618885] kasan_report+0xdc/0x128 [ 32.619198] __asan_report_store1_noabort+0x20/0x30 [ 32.619404] strncpy_from_user+0x270/0x2a0 [ 32.619622] copy_user_test_oob+0x5c0/0xec8 [ 32.619799] kunit_try_run_case+0x170/0x3f0 [ 32.619977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.620161] kthread+0x328/0x630 [ 32.620204] ret_from_fork+0x10/0x20 [ 32.620633] [ 32.620689] Allocated by task 317: [ 32.620909] kasan_save_stack+0x3c/0x68 [ 32.621071] kasan_save_track+0x20/0x40 [ 32.621199] kasan_save_alloc_info+0x40/0x58 [ 32.621332] __kasan_kmalloc+0xd4/0xd8 [ 32.621551] __kmalloc_noprof+0x198/0x4c8 [ 32.621741] kunit_kmalloc_array+0x34/0x88 [ 32.621825] copy_user_test_oob+0xac/0xec8 [ 32.622175] kunit_try_run_case+0x170/0x3f0 [ 32.622254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.622368] kthread+0x328/0x630 [ 32.622532] ret_from_fork+0x10/0x20 [ 32.622973] [ 32.623035] The buggy address belongs to the object at fff00000c9c2a300 [ 32.623035] which belongs to the cache kmalloc-128 of size 128 [ 32.623203] The buggy address is located 0 bytes to the right of [ 32.623203] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.623273] [ 32.623296] The buggy address belongs to the physical page: [ 32.623665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.623902] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.624039] page_type: f5(slab) [ 32.624198] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.624305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.624350] page dumped because: kasan: bad access detected [ 32.624399] [ 32.624434] Memory state around the buggy address: [ 32.624468] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.624675] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.624724] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.624765] ^ [ 32.624807] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.624852] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.625015] ================================================================== [ 32.608465] ================================================================== [ 32.608525] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 32.608736] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.608798] [ 32.608855] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.609106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.609395] Hardware name: linux,dummy-virt (DT) [ 32.609572] Call trace: [ 32.609608] show_stack+0x20/0x38 (C) [ 32.609698] dump_stack_lvl+0x8c/0xd0 [ 32.609752] print_report+0x118/0x5d0 [ 32.609797] kasan_report+0xdc/0x128 [ 32.609876] kasan_check_range+0x100/0x1a8 [ 32.609952] __kasan_check_write+0x20/0x30 [ 32.610008] strncpy_from_user+0x3c/0x2a0 [ 32.610121] copy_user_test_oob+0x5c0/0xec8 [ 32.610172] kunit_try_run_case+0x170/0x3f0 [ 32.610460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.610614] kthread+0x328/0x630 [ 32.610667] ret_from_fork+0x10/0x20 [ 32.610875] [ 32.611003] Allocated by task 317: [ 32.611108] kasan_save_stack+0x3c/0x68 [ 32.611183] kasan_save_track+0x20/0x40 [ 32.611251] kasan_save_alloc_info+0x40/0x58 [ 32.611318] __kasan_kmalloc+0xd4/0xd8 [ 32.611656] __kmalloc_noprof+0x198/0x4c8 [ 32.611814] kunit_kmalloc_array+0x34/0x88 [ 32.612035] copy_user_test_oob+0xac/0xec8 [ 32.612103] kunit_try_run_case+0x170/0x3f0 [ 32.612323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.612416] kthread+0x328/0x630 [ 32.612750] ret_from_fork+0x10/0x20 [ 32.612822] [ 32.612942] The buggy address belongs to the object at fff00000c9c2a300 [ 32.612942] which belongs to the cache kmalloc-128 of size 128 [ 32.613030] The buggy address is located 0 bytes inside of [ 32.613030] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.613352] [ 32.613490] The buggy address belongs to the physical page: [ 32.613556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.613772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.614079] page_type: f5(slab) [ 32.614189] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.614282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.614600] page dumped because: kasan: bad access detected [ 32.614674] [ 32.614722] Memory state around the buggy address: [ 32.615007] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.615084] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.615279] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.615438] ^ [ 32.615660] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.615822] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.616027] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 32.534808] ================================================================== [ 32.535852] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.536118] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.536189] [ 32.536482] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.537140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.537232] Hardware name: linux,dummy-virt (DT) [ 32.537382] Call trace: [ 32.537429] show_stack+0x20/0x38 (C) [ 32.537861] dump_stack_lvl+0x8c/0xd0 [ 32.538279] print_report+0x118/0x5d0 [ 32.538459] kasan_report+0xdc/0x128 [ 32.538782] kasan_check_range+0x100/0x1a8 [ 32.539117] __kasan_check_write+0x20/0x30 [ 32.539277] copy_user_test_oob+0x234/0xec8 [ 32.539365] kunit_try_run_case+0x170/0x3f0 [ 32.539539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.539657] kthread+0x328/0x630 [ 32.539971] ret_from_fork+0x10/0x20 [ 32.540095] [ 32.540276] Allocated by task 317: [ 32.540328] kasan_save_stack+0x3c/0x68 [ 32.540379] kasan_save_track+0x20/0x40 [ 32.540425] kasan_save_alloc_info+0x40/0x58 [ 32.540715] __kasan_kmalloc+0xd4/0xd8 [ 32.540851] __kmalloc_noprof+0x198/0x4c8 [ 32.541003] kunit_kmalloc_array+0x34/0x88 [ 32.541142] copy_user_test_oob+0xac/0xec8 [ 32.541465] kunit_try_run_case+0x170/0x3f0 [ 32.541540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.541679] kthread+0x328/0x630 [ 32.541857] ret_from_fork+0x10/0x20 [ 32.541941] [ 32.541972] The buggy address belongs to the object at fff00000c9c2a300 [ 32.541972] which belongs to the cache kmalloc-128 of size 128 [ 32.542044] The buggy address is located 0 bytes inside of [ 32.542044] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.542541] [ 32.542685] The buggy address belongs to the physical page: [ 32.542769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.542979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.543202] page_type: f5(slab) [ 32.543265] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.543515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.543669] page dumped because: kasan: bad access detected [ 32.543767] [ 32.543837] Memory state around the buggy address: [ 32.543973] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.544031] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544270] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.544467] ^ [ 32.544641] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544726] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544871] ================================================================== [ 32.575094] ================================================================== [ 32.575148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.575202] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.575254] [ 32.575466] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.575998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.576040] Hardware name: linux,dummy-virt (DT) [ 32.576096] Call trace: [ 32.576126] show_stack+0x20/0x38 (C) [ 32.576187] dump_stack_lvl+0x8c/0xd0 [ 32.576236] print_report+0x118/0x5d0 [ 32.576285] kasan_report+0xdc/0x128 [ 32.576330] kasan_check_range+0x100/0x1a8 [ 32.576941] __kasan_check_read+0x20/0x30 [ 32.577018] copy_user_test_oob+0x3c8/0xec8 [ 32.577164] kunit_try_run_case+0x170/0x3f0 [ 32.577366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.577524] kthread+0x328/0x630 [ 32.577572] ret_from_fork+0x10/0x20 [ 32.577911] [ 32.578077] Allocated by task 317: [ 32.578129] kasan_save_stack+0x3c/0x68 [ 32.578350] kasan_save_track+0x20/0x40 [ 32.578527] kasan_save_alloc_info+0x40/0x58 [ 32.578667] __kasan_kmalloc+0xd4/0xd8 [ 32.578786] __kmalloc_noprof+0x198/0x4c8 [ 32.579186] kunit_kmalloc_array+0x34/0x88 [ 32.579272] copy_user_test_oob+0xac/0xec8 [ 32.579506] kunit_try_run_case+0x170/0x3f0 [ 32.579778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.579914] kthread+0x328/0x630 [ 32.580012] ret_from_fork+0x10/0x20 [ 32.580177] [ 32.580212] The buggy address belongs to the object at fff00000c9c2a300 [ 32.580212] which belongs to the cache kmalloc-128 of size 128 [ 32.580290] The buggy address is located 0 bytes inside of [ 32.580290] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.580355] [ 32.580714] The buggy address belongs to the physical page: [ 32.581090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.581228] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.581284] page_type: f5(slab) [ 32.581326] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.581832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.582146] page dumped because: kasan: bad access detected [ 32.582245] [ 32.582326] Memory state around the buggy address: [ 32.582732] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.583086] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583256] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.583300] ^ [ 32.583690] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583743] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583785] ================================================================== [ 32.568797] ================================================================== [ 32.569218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.569287] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.569400] [ 32.569456] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.569553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.569581] Hardware name: linux,dummy-virt (DT) [ 32.569676] Call trace: [ 32.569703] show_stack+0x20/0x38 (C) [ 32.569783] dump_stack_lvl+0x8c/0xd0 [ 32.570106] print_report+0x118/0x5d0 [ 32.570209] kasan_report+0xdc/0x128 [ 32.570260] kasan_check_range+0x100/0x1a8 [ 32.570307] __kasan_check_write+0x20/0x30 [ 32.570374] copy_user_test_oob+0x35c/0xec8 [ 32.570427] kunit_try_run_case+0x170/0x3f0 [ 32.570482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.570832] kthread+0x328/0x630 [ 32.570902] ret_from_fork+0x10/0x20 [ 32.571086] [ 32.571113] Allocated by task 317: [ 32.571319] kasan_save_stack+0x3c/0x68 [ 32.571455] kasan_save_track+0x20/0x40 [ 32.571544] kasan_save_alloc_info+0x40/0x58 [ 32.571584] __kasan_kmalloc+0xd4/0xd8 [ 32.571624] __kmalloc_noprof+0x198/0x4c8 [ 32.571779] kunit_kmalloc_array+0x34/0x88 [ 32.571825] copy_user_test_oob+0xac/0xec8 [ 32.571871] kunit_try_run_case+0x170/0x3f0 [ 32.571912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.571959] kthread+0x328/0x630 [ 32.571995] ret_from_fork+0x10/0x20 [ 32.572032] [ 32.572064] The buggy address belongs to the object at fff00000c9c2a300 [ 32.572064] which belongs to the cache kmalloc-128 of size 128 [ 32.572367] The buggy address is located 0 bytes inside of [ 32.572367] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.572804] [ 32.572840] The buggy address belongs to the physical page: [ 32.572876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.572931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.573034] page_type: f5(slab) [ 32.573116] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.573170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.573216] page dumped because: kasan: bad access detected [ 32.573260] [ 32.573287] Memory state around the buggy address: [ 32.573326] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.573375] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573421] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.573461] ^ [ 32.573515] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573578] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573628] ================================================================== [ 32.585334] ================================================================== [ 32.585389] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.585440] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.585496] [ 32.585806] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.586158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.586188] Hardware name: linux,dummy-virt (DT) [ 32.586365] Call trace: [ 32.586542] show_stack+0x20/0x38 (C) [ 32.586626] dump_stack_lvl+0x8c/0xd0 [ 32.586830] print_report+0x118/0x5d0 [ 32.586995] kasan_report+0xdc/0x128 [ 32.587205] kasan_check_range+0x100/0x1a8 [ 32.587375] __kasan_check_write+0x20/0x30 [ 32.587436] copy_user_test_oob+0x434/0xec8 [ 32.587622] kunit_try_run_case+0x170/0x3f0 [ 32.587959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.588018] kthread+0x328/0x630 [ 32.588074] ret_from_fork+0x10/0x20 [ 32.588174] [ 32.588299] Allocated by task 317: [ 32.588506] kasan_save_stack+0x3c/0x68 [ 32.588641] kasan_save_track+0x20/0x40 [ 32.588794] kasan_save_alloc_info+0x40/0x58 [ 32.588992] __kasan_kmalloc+0xd4/0xd8 [ 32.589127] __kmalloc_noprof+0x198/0x4c8 [ 32.589230] kunit_kmalloc_array+0x34/0x88 [ 32.589327] copy_user_test_oob+0xac/0xec8 [ 32.589502] kunit_try_run_case+0x170/0x3f0 [ 32.589547] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.589592] kthread+0x328/0x630 [ 32.589803] ret_from_fork+0x10/0x20 [ 32.589973] [ 32.590196] The buggy address belongs to the object at fff00000c9c2a300 [ 32.590196] which belongs to the cache kmalloc-128 of size 128 [ 32.590411] The buggy address is located 0 bytes inside of [ 32.590411] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.590482] [ 32.590504] The buggy address belongs to the physical page: [ 32.590985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.591378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.591464] page_type: f5(slab) [ 32.591520] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.591597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.591879] page dumped because: kasan: bad access detected [ 32.592001] [ 32.592064] Memory state around the buggy address: [ 32.592383] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.592452] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592666] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.592779] ^ [ 32.593192] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.593275] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.593407] ================================================================== [ 32.598030] ================================================================== [ 32.598096] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.598150] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.598204] [ 32.598236] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.598345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.598376] Hardware name: linux,dummy-virt (DT) [ 32.598410] Call trace: [ 32.598434] show_stack+0x20/0x38 (C) [ 32.598484] dump_stack_lvl+0x8c/0xd0 [ 32.598546] print_report+0x118/0x5d0 [ 32.598592] kasan_report+0xdc/0x128 [ 32.598636] kasan_check_range+0x100/0x1a8 [ 32.598683] __kasan_check_read+0x20/0x30 [ 32.598730] copy_user_test_oob+0x4a0/0xec8 [ 32.598782] kunit_try_run_case+0x170/0x3f0 [ 32.598832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.598887] kthread+0x328/0x630 [ 32.598929] ret_from_fork+0x10/0x20 [ 32.598978] [ 32.598998] Allocated by task 317: [ 32.599037] kasan_save_stack+0x3c/0x68 [ 32.600772] kasan_save_track+0x20/0x40 [ 32.600945] kasan_save_alloc_info+0x40/0x58 [ 32.601143] __kasan_kmalloc+0xd4/0xd8 [ 32.601658] __kmalloc_noprof+0x198/0x4c8 [ 32.601767] kunit_kmalloc_array+0x34/0x88 [ 32.602038] copy_user_test_oob+0xac/0xec8 [ 32.602384] kunit_try_run_case+0x170/0x3f0 [ 32.602490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.602648] kthread+0x328/0x630 [ 32.602761] ret_from_fork+0x10/0x20 [ 32.602849] [ 32.602934] The buggy address belongs to the object at fff00000c9c2a300 [ 32.602934] which belongs to the cache kmalloc-128 of size 128 [ 32.603097] The buggy address is located 0 bytes inside of [ 32.603097] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.603224] [ 32.603302] The buggy address belongs to the physical page: [ 32.603427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.603492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.603548] page_type: f5(slab) [ 32.603896] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.603989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.604317] page dumped because: kasan: bad access detected [ 32.604400] [ 32.604424] Memory state around the buggy address: [ 32.604461] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.604532] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.604578] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.604889] ^ [ 32.605015] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.605339] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.605608] ================================================================== [ 32.551662] ================================================================== [ 32.551764] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.552233] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.552288] [ 32.552796] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.553040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.553121] Hardware name: linux,dummy-virt (DT) [ 32.553285] Call trace: [ 32.553347] show_stack+0x20/0x38 (C) [ 32.553753] dump_stack_lvl+0x8c/0xd0 [ 32.553879] print_report+0x118/0x5d0 [ 32.553987] kasan_report+0xdc/0x128 [ 32.554089] kasan_check_range+0x100/0x1a8 [ 32.554267] __kasan_check_read+0x20/0x30 [ 32.554350] copy_user_test_oob+0x728/0xec8 [ 32.554727] kunit_try_run_case+0x170/0x3f0 [ 32.554843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.555220] kthread+0x328/0x630 [ 32.555304] ret_from_fork+0x10/0x20 [ 32.555772] [ 32.556144] Allocated by task 317: [ 32.556194] kasan_save_stack+0x3c/0x68 [ 32.556248] kasan_save_track+0x20/0x40 [ 32.556289] kasan_save_alloc_info+0x40/0x58 [ 32.556442] __kasan_kmalloc+0xd4/0xd8 [ 32.556692] __kmalloc_noprof+0x198/0x4c8 [ 32.557003] kunit_kmalloc_array+0x34/0x88 [ 32.557215] copy_user_test_oob+0xac/0xec8 [ 32.557289] kunit_try_run_case+0x170/0x3f0 [ 32.557556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.557795] kthread+0x328/0x630 [ 32.557932] ret_from_fork+0x10/0x20 [ 32.558040] [ 32.558160] The buggy address belongs to the object at fff00000c9c2a300 [ 32.558160] which belongs to the cache kmalloc-128 of size 128 [ 32.558257] The buggy address is located 0 bytes inside of [ 32.558257] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.558428] [ 32.558526] The buggy address belongs to the physical page: [ 32.558585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.558702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.558848] page_type: f5(slab) [ 32.559273] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.559634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.559736] page dumped because: kasan: bad access detected [ 32.559901] [ 32.559934] Memory state around the buggy address: [ 32.559972] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.560164] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560352] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.560425] ^ [ 32.560501] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560737] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560873] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 32.498653] ================================================================== [ 32.498975] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 32.499146] Write of size 8 at addr fff00000c9c2a278 by task kunit_try_catch/313 [ 32.499242] [ 32.499297] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.499479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.499510] Hardware name: linux,dummy-virt (DT) [ 32.499561] Call trace: [ 32.499893] show_stack+0x20/0x38 (C) [ 32.499979] dump_stack_lvl+0x8c/0xd0 [ 32.500206] print_report+0x118/0x5d0 [ 32.500472] kasan_report+0xdc/0x128 [ 32.500538] kasan_check_range+0x100/0x1a8 [ 32.500587] __kasan_check_write+0x20/0x30 [ 32.501174] copy_to_kernel_nofault+0x8c/0x250 [ 32.501440] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 32.501652] kunit_try_run_case+0x170/0x3f0 [ 32.501966] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.502184] kthread+0x328/0x630 [ 32.502235] ret_from_fork+0x10/0x20 [ 32.502464] [ 32.502491] Allocated by task 313: [ 32.502837] kasan_save_stack+0x3c/0x68 [ 32.503009] kasan_save_track+0x20/0x40 [ 32.503161] kasan_save_alloc_info+0x40/0x58 [ 32.503276] __kasan_kmalloc+0xd4/0xd8 [ 32.503389] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.503464] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.503520] kunit_try_run_case+0x170/0x3f0 [ 32.503572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.503756] kthread+0x328/0x630 [ 32.503912] ret_from_fork+0x10/0x20 [ 32.503997] [ 32.504155] The buggy address belongs to the object at fff00000c9c2a200 [ 32.504155] which belongs to the cache kmalloc-128 of size 128 [ 32.504340] The buggy address is located 0 bytes to the right of [ 32.504340] allocated 120-byte region [fff00000c9c2a200, fff00000c9c2a278) [ 32.504622] [ 32.504723] The buggy address belongs to the physical page: [ 32.504858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.504916] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.505122] page_type: f5(slab) [ 32.505336] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.505414] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.505594] page dumped because: kasan: bad access detected [ 32.506013] [ 32.506163] Memory state around the buggy address: [ 32.506403] fff00000c9c2a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.506500] fff00000c9c2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.506878] >fff00000c9c2a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.507247] ^ [ 32.507353] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.507402] fff00000c9c2a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.507455] ================================================================== [ 32.490330] ================================================================== [ 32.490467] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 32.490537] Read of size 8 at addr fff00000c9c2a278 by task kunit_try_catch/313 [ 32.490590] [ 32.490740] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.490839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.491167] Hardware name: linux,dummy-virt (DT) [ 32.491224] Call trace: [ 32.491263] show_stack+0x20/0x38 (C) [ 32.491374] dump_stack_lvl+0x8c/0xd0 [ 32.491434] print_report+0x118/0x5d0 [ 32.491511] kasan_report+0xdc/0x128 [ 32.491636] __asan_report_load8_noabort+0x20/0x30 [ 32.491712] copy_to_kernel_nofault+0x204/0x250 [ 32.491880] copy_to_kernel_nofault_oob+0x158/0x418 [ 32.491934] kunit_try_run_case+0x170/0x3f0 [ 32.491987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.492290] kthread+0x328/0x630 [ 32.492469] ret_from_fork+0x10/0x20 [ 32.492715] [ 32.492740] Allocated by task 313: [ 32.492817] kasan_save_stack+0x3c/0x68 [ 32.493070] kasan_save_track+0x20/0x40 [ 32.493354] kasan_save_alloc_info+0x40/0x58 [ 32.493463] __kasan_kmalloc+0xd4/0xd8 [ 32.493589] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.493635] copy_to_kernel_nofault_oob+0xc8/0x418 [ 32.493905] kunit_try_run_case+0x170/0x3f0 [ 32.494098] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.494277] kthread+0x328/0x630 [ 32.494419] ret_from_fork+0x10/0x20 [ 32.494773] [ 32.494830] The buggy address belongs to the object at fff00000c9c2a200 [ 32.494830] which belongs to the cache kmalloc-128 of size 128 [ 32.495046] The buggy address is located 0 bytes to the right of [ 32.495046] allocated 120-byte region [fff00000c9c2a200, fff00000c9c2a278) [ 32.495145] [ 32.495192] The buggy address belongs to the physical page: [ 32.495227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.495354] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.495419] page_type: f5(slab) [ 32.495466] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.495529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.495572] page dumped because: kasan: bad access detected [ 32.495608] [ 32.495627] Memory state around the buggy address: [ 32.495920] fff00000c9c2a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.495974] fff00000c9c2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.496021] >fff00000c9c2a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.496312] ^ [ 32.496487] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.496593] fff00000c9c2a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.496654] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 32.434732] ================================================================== [ 32.435084] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 32.435313] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/301 [ 32.435382] [ 32.435453] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.435923] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.436028] Hardware name: linux,dummy-virt (DT) [ 32.436315] Call trace: [ 32.436384] show_stack+0x20/0x38 (C) [ 32.436534] dump_stack_lvl+0x8c/0xd0 [ 32.436664] print_report+0x310/0x5d0 [ 32.436739] kasan_report+0xdc/0x128 [ 32.436787] __asan_report_load1_noabort+0x20/0x30 [ 32.436984] vmalloc_oob+0x578/0x5d0 [ 32.437230] kunit_try_run_case+0x170/0x3f0 [ 32.437364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.437752] kthread+0x328/0x630 [ 32.437811] ret_from_fork+0x10/0x20 [ 32.438162] [ 32.438216] The buggy address ffff8000800fe7f3 belongs to a vmalloc virtual mapping [ 32.438384] The buggy address belongs to the physical page: [ 32.438686] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1092f5 [ 32.438883] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.438967] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 32.439041] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.439108] page dumped because: kasan: bad access detected [ 32.439145] [ 32.439165] Memory state around the buggy address: [ 32.439201] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.439261] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.439308] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 32.439349] ^ [ 32.439402] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.439455] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.439497] ================================================================== [ 32.440876] ================================================================== [ 32.440937] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 32.440989] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/301 [ 32.441117] [ 32.441152] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.441398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.441578] Hardware name: linux,dummy-virt (DT) [ 32.441660] Call trace: [ 32.441699] show_stack+0x20/0x38 (C) [ 32.441837] dump_stack_lvl+0x8c/0xd0 [ 32.441897] print_report+0x310/0x5d0 [ 32.441942] kasan_report+0xdc/0x128 [ 32.442087] __asan_report_load1_noabort+0x20/0x30 [ 32.442141] vmalloc_oob+0x51c/0x5d0 [ 32.442189] kunit_try_run_case+0x170/0x3f0 [ 32.442239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.442306] kthread+0x328/0x630 [ 32.442349] ret_from_fork+0x10/0x20 [ 32.442426] [ 32.442812] The buggy address ffff8000800fe7f8 belongs to a vmalloc virtual mapping [ 32.442961] The buggy address belongs to the physical page: [ 32.443017] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1092f5 [ 32.443089] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.443153] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 32.443205] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 32.443671] page dumped because: kasan: bad access detected [ 32.443729] [ 32.443915] Memory state around the buggy address: [ 32.444035] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.444276] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.444497] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 32.444706] ^ [ 32.444772] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.445005] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 32.445184] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 32.062879] ================================================================== [ 32.062936] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa6c/0x4858 [ 32.063259] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.063591] [ 32.063705] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.063810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.064191] Hardware name: linux,dummy-virt (DT) [ 32.064260] Call trace: [ 32.064376] show_stack+0x20/0x38 (C) [ 32.064487] dump_stack_lvl+0x8c/0xd0 [ 32.064540] print_report+0x118/0x5d0 [ 32.064695] kasan_report+0xdc/0x128 [ 32.064885] kasan_check_range+0x100/0x1a8 [ 32.064999] __kasan_check_write+0x20/0x30 [ 32.065249] kasan_atomics_helper+0xa6c/0x4858 [ 32.065479] kasan_atomics+0x198/0x2e0 [ 32.065576] kunit_try_run_case+0x170/0x3f0 [ 32.065963] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.066203] kthread+0x328/0x630 [ 32.066322] ret_from_fork+0x10/0x20 [ 32.066374] [ 32.066395] Allocated by task 297: [ 32.066631] kasan_save_stack+0x3c/0x68 [ 32.066856] kasan_save_track+0x20/0x40 [ 32.067208] kasan_save_alloc_info+0x40/0x58 [ 32.067295] __kasan_kmalloc+0xd4/0xd8 [ 32.067372] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.067619] kasan_atomics+0xb8/0x2e0 [ 32.067858] kunit_try_run_case+0x170/0x3f0 [ 32.068001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.068198] kthread+0x328/0x630 [ 32.068399] ret_from_fork+0x10/0x20 [ 32.068454] [ 32.068634] The buggy address belongs to the object at fff00000c9c2c400 [ 32.068634] which belongs to the cache kmalloc-64 of size 64 [ 32.068721] The buggy address is located 0 bytes to the right of [ 32.068721] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.068905] [ 32.068931] The buggy address belongs to the physical page: [ 32.069304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.069387] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.069439] page_type: f5(slab) [ 32.069637] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.069696] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.070106] page dumped because: kasan: bad access detected [ 32.070149] [ 32.070170] Memory state around the buggy address: [ 32.070224] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.070479] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.070806] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.070963] ^ [ 32.071140] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.071503] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.071656] ================================================================== [ 32.405714] ================================================================== [ 32.405777] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x17ec/0x4858 [ 32.406077] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.406195] [ 32.406233] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.406519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.406648] Hardware name: linux,dummy-virt (DT) [ 32.406811] Call trace: [ 32.406848] show_stack+0x20/0x38 (C) [ 32.407017] dump_stack_lvl+0x8c/0xd0 [ 32.407121] print_report+0x118/0x5d0 [ 32.407259] kasan_report+0xdc/0x128 [ 32.407337] kasan_check_range+0x100/0x1a8 [ 32.407392] __kasan_check_write+0x20/0x30 [ 32.407447] kasan_atomics_helper+0x17ec/0x4858 [ 32.407778] kasan_atomics+0x198/0x2e0 [ 32.407898] kunit_try_run_case+0x170/0x3f0 [ 32.407951] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.408422] kthread+0x328/0x630 [ 32.408705] ret_from_fork+0x10/0x20 [ 32.408970] [ 32.409042] Allocated by task 297: [ 32.409094] kasan_save_stack+0x3c/0x68 [ 32.410138] kasan_save_track+0x20/0x40 [ 32.410213] kasan_save_alloc_info+0x40/0x58 [ 32.410548] __kasan_kmalloc+0xd4/0xd8 [ 32.410756] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.410852] kasan_atomics+0xb8/0x2e0 [ 32.411090] kunit_try_run_case+0x170/0x3f0 [ 32.411145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.411197] kthread+0x328/0x630 [ 32.411444] ret_from_fork+0x10/0x20 [ 32.411876] [ 32.411932] The buggy address belongs to the object at fff00000c9c2c400 [ 32.411932] which belongs to the cache kmalloc-64 of size 64 [ 32.411997] The buggy address is located 0 bytes to the right of [ 32.411997] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.412082] [ 32.412105] The buggy address belongs to the physical page: [ 32.412138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.412565] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.412782] page_type: f5(slab) [ 32.413066] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.413352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.413617] page dumped because: kasan: bad access detected [ 32.413811] [ 32.413902] Memory state around the buggy address: [ 32.414266] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.414415] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.414576] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.414740] ^ [ 32.414949] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.415259] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.415484] ================================================================== [ 32.385970] ================================================================== [ 32.386020] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x175c/0x4858 [ 32.386085] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.386137] [ 32.386168] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.386256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.386287] Hardware name: linux,dummy-virt (DT) [ 32.386320] Call trace: [ 32.386346] show_stack+0x20/0x38 (C) [ 32.386394] dump_stack_lvl+0x8c/0xd0 [ 32.386444] print_report+0x118/0x5d0 [ 32.386488] kasan_report+0xdc/0x128 [ 32.386534] kasan_check_range+0x100/0x1a8 [ 32.386580] __kasan_check_write+0x20/0x30 [ 32.386647] kasan_atomics_helper+0x175c/0x4858 [ 32.386698] kasan_atomics+0x198/0x2e0 [ 32.386744] kunit_try_run_case+0x170/0x3f0 [ 32.386796] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.386852] kthread+0x328/0x630 [ 32.386896] ret_from_fork+0x10/0x20 [ 32.386946] [ 32.386969] Allocated by task 297: [ 32.387016] kasan_save_stack+0x3c/0x68 [ 32.387512] kasan_save_track+0x20/0x40 [ 32.387567] kasan_save_alloc_info+0x40/0x58 [ 32.387609] __kasan_kmalloc+0xd4/0xd8 [ 32.387945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.388668] kasan_atomics+0xb8/0x2e0 [ 32.388736] kunit_try_run_case+0x170/0x3f0 [ 32.388806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.389065] kthread+0x328/0x630 [ 32.389620] ret_from_fork+0x10/0x20 [ 32.389983] [ 32.390122] The buggy address belongs to the object at fff00000c9c2c400 [ 32.390122] which belongs to the cache kmalloc-64 of size 64 [ 32.390340] The buggy address is located 0 bytes to the right of [ 32.390340] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.390738] [ 32.390870] The buggy address belongs to the physical page: [ 32.390906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.391307] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.391604] page_type: f5(slab) [ 32.391759] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.392142] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.392218] page dumped because: kasan: bad access detected [ 32.392438] [ 32.392556] Memory state around the buggy address: [ 32.392644] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.392726] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.392869] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.393296] ^ [ 32.393375] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.393506] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.393663] ================================================================== [ 32.156261] ================================================================== [ 32.156613] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xdd4/0x4858 [ 32.156718] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.156842] [ 32.156876] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.156966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.157112] Hardware name: linux,dummy-virt (DT) [ 32.157148] Call trace: [ 32.157172] show_stack+0x20/0x38 (C) [ 32.157483] dump_stack_lvl+0x8c/0xd0 [ 32.157794] print_report+0x118/0x5d0 [ 32.157873] kasan_report+0xdc/0x128 [ 32.157920] kasan_check_range+0x100/0x1a8 [ 32.158217] __kasan_check_read+0x20/0x30 [ 32.158356] kasan_atomics_helper+0xdd4/0x4858 [ 32.158415] kasan_atomics+0x198/0x2e0 [ 32.158649] kunit_try_run_case+0x170/0x3f0 [ 32.158828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.158896] kthread+0x328/0x630 [ 32.158940] ret_from_fork+0x10/0x20 [ 32.159318] [ 32.159515] Allocated by task 297: [ 32.159558] kasan_save_stack+0x3c/0x68 [ 32.159622] kasan_save_track+0x20/0x40 [ 32.159748] kasan_save_alloc_info+0x40/0x58 [ 32.159792] __kasan_kmalloc+0xd4/0xd8 [ 32.159833] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.159877] kasan_atomics+0xb8/0x2e0 [ 32.160226] kunit_try_run_case+0x170/0x3f0 [ 32.160322] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.160412] kthread+0x328/0x630 [ 32.160744] ret_from_fork+0x10/0x20 [ 32.160807] [ 32.160830] The buggy address belongs to the object at fff00000c9c2c400 [ 32.160830] which belongs to the cache kmalloc-64 of size 64 [ 32.161228] The buggy address is located 0 bytes to the right of [ 32.161228] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.161470] [ 32.161500] The buggy address belongs to the physical page: [ 32.161649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.161764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.162127] page_type: f5(slab) [ 32.162183] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.162432] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.162636] page dumped because: kasan: bad access detected [ 32.162698] [ 32.162836] Memory state around the buggy address: [ 32.162931] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.163118] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.163217] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.163261] ^ [ 32.163295] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.163925] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.164127] ================================================================== [ 32.320659] ================================================================== [ 32.320900] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x14e4/0x4858 [ 32.321316] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.321397] [ 32.321432] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.321520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.321548] Hardware name: linux,dummy-virt (DT) [ 32.321582] Call trace: [ 32.321772] show_stack+0x20/0x38 (C) [ 32.321836] dump_stack_lvl+0x8c/0xd0 [ 32.322202] print_report+0x118/0x5d0 [ 32.322273] kasan_report+0xdc/0x128 [ 32.322320] kasan_check_range+0x100/0x1a8 [ 32.322597] __kasan_check_write+0x20/0x30 [ 32.322843] kasan_atomics_helper+0x14e4/0x4858 [ 32.323229] kasan_atomics+0x198/0x2e0 [ 32.323302] kunit_try_run_case+0x170/0x3f0 [ 32.323592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.323886] kthread+0x328/0x630 [ 32.323940] ret_from_fork+0x10/0x20 [ 32.323990] [ 32.324329] Allocated by task 297: [ 32.324483] kasan_save_stack+0x3c/0x68 [ 32.324570] kasan_save_track+0x20/0x40 [ 32.325102] kasan_save_alloc_info+0x40/0x58 [ 32.325203] __kasan_kmalloc+0xd4/0xd8 [ 32.325640] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.325721] kasan_atomics+0xb8/0x2e0 [ 32.326087] kunit_try_run_case+0x170/0x3f0 [ 32.326271] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.326404] kthread+0x328/0x630 [ 32.326550] ret_from_fork+0x10/0x20 [ 32.326905] [ 32.326990] The buggy address belongs to the object at fff00000c9c2c400 [ 32.326990] which belongs to the cache kmalloc-64 of size 64 [ 32.327229] The buggy address is located 0 bytes to the right of [ 32.327229] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.327352] [ 32.327623] The buggy address belongs to the physical page: [ 32.328008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.328238] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.328465] page_type: f5(slab) [ 32.328534] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.328780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.328958] page dumped because: kasan: bad access detected [ 32.329232] [ 32.329335] Memory state around the buggy address: [ 32.329401] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.329764] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.329930] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.330085] ^ [ 32.330134] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330411] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330559] ================================================================== [ 32.310818] ================================================================== [ 32.310886] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x147c/0x4858 [ 32.310939] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.310990] [ 32.311424] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.311561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.311685] Hardware name: linux,dummy-virt (DT) [ 32.311726] Call trace: [ 32.311946] show_stack+0x20/0x38 (C) [ 32.312202] dump_stack_lvl+0x8c/0xd0 [ 32.312403] print_report+0x118/0x5d0 [ 32.312666] kasan_report+0xdc/0x128 [ 32.312842] kasan_check_range+0x100/0x1a8 [ 32.312959] __kasan_check_write+0x20/0x30 [ 32.313310] kasan_atomics_helper+0x147c/0x4858 [ 32.313518] kasan_atomics+0x198/0x2e0 [ 32.313740] kunit_try_run_case+0x170/0x3f0 [ 32.313977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.314048] kthread+0x328/0x630 [ 32.314295] ret_from_fork+0x10/0x20 [ 32.314507] [ 32.314852] Allocated by task 297: [ 32.314896] kasan_save_stack+0x3c/0x68 [ 32.315111] kasan_save_track+0x20/0x40 [ 32.315350] kasan_save_alloc_info+0x40/0x58 [ 32.315425] __kasan_kmalloc+0xd4/0xd8 [ 32.315625] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.315730] kasan_atomics+0xb8/0x2e0 [ 32.315773] kunit_try_run_case+0x170/0x3f0 [ 32.316048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316398] kthread+0x328/0x630 [ 32.316462] ret_from_fork+0x10/0x20 [ 32.316502] [ 32.316634] The buggy address belongs to the object at fff00000c9c2c400 [ 32.316634] which belongs to the cache kmalloc-64 of size 64 [ 32.316709] The buggy address is located 0 bytes to the right of [ 32.316709] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.316929] [ 32.316955] The buggy address belongs to the physical page: [ 32.316991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.317047] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.317113] page_type: f5(slab) [ 32.317391] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.317725] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.317974] page dumped because: kasan: bad access detected [ 32.318453] [ 32.318861] Memory state around the buggy address: [ 32.319008] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.319206] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.319310] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.319689] ^ [ 32.319988] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320241] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320316] ================================================================== [ 32.244529] ================================================================== [ 32.244591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1128/0x4858 [ 32.244643] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.244695] [ 32.244920] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.245155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.245351] Hardware name: linux,dummy-virt (DT) [ 32.245452] Call trace: [ 32.245511] show_stack+0x20/0x38 (C) [ 32.245572] dump_stack_lvl+0x8c/0xd0 [ 32.245796] print_report+0x118/0x5d0 [ 32.246108] kasan_report+0xdc/0x128 [ 32.246178] kasan_check_range+0x100/0x1a8 [ 32.246226] __kasan_check_write+0x20/0x30 [ 32.246453] kasan_atomics_helper+0x1128/0x4858 [ 32.246548] kasan_atomics+0x198/0x2e0 [ 32.246867] kunit_try_run_case+0x170/0x3f0 [ 32.246942] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.247148] kthread+0x328/0x630 [ 32.247211] ret_from_fork+0x10/0x20 [ 32.247261] [ 32.247590] Allocated by task 297: [ 32.247653] kasan_save_stack+0x3c/0x68 [ 32.247923] kasan_save_track+0x20/0x40 [ 32.248162] kasan_save_alloc_info+0x40/0x58 [ 32.248291] __kasan_kmalloc+0xd4/0xd8 [ 32.248377] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.248596] kasan_atomics+0xb8/0x2e0 [ 32.248662] kunit_try_run_case+0x170/0x3f0 [ 32.248851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.248914] kthread+0x328/0x630 [ 32.249162] ret_from_fork+0x10/0x20 [ 32.249313] [ 32.249614] The buggy address belongs to the object at fff00000c9c2c400 [ 32.249614] which belongs to the cache kmalloc-64 of size 64 [ 32.249778] The buggy address is located 0 bytes to the right of [ 32.249778] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.250047] [ 32.250233] The buggy address belongs to the physical page: [ 32.250598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.250678] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.250730] page_type: f5(slab) [ 32.251089] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.251187] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.251371] page dumped because: kasan: bad access detected [ 32.251612] [ 32.251773] Memory state around the buggy address: [ 32.251858] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.251937] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.252361] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.252481] ^ [ 32.252546] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.252688] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.252751] ================================================================== [ 32.174001] ================================================================== [ 32.174070] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe44/0x4858 [ 32.174124] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.174498] [ 32.174543] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.174867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.175070] Hardware name: linux,dummy-virt (DT) [ 32.175267] Call trace: [ 32.175302] show_stack+0x20/0x38 (C) [ 32.175769] dump_stack_lvl+0x8c/0xd0 [ 32.175854] print_report+0x118/0x5d0 [ 32.175935] kasan_report+0xdc/0x128 [ 32.176318] kasan_check_range+0x100/0x1a8 [ 32.176559] __kasan_check_write+0x20/0x30 [ 32.176782] kasan_atomics_helper+0xe44/0x4858 [ 32.176948] kasan_atomics+0x198/0x2e0 [ 32.177264] kunit_try_run_case+0x170/0x3f0 [ 32.177446] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.177541] kthread+0x328/0x630 [ 32.177906] ret_from_fork+0x10/0x20 [ 32.178179] [ 32.178496] Allocated by task 297: [ 32.178550] kasan_save_stack+0x3c/0x68 [ 32.178641] kasan_save_track+0x20/0x40 [ 32.178683] kasan_save_alloc_info+0x40/0x58 [ 32.179159] __kasan_kmalloc+0xd4/0xd8 [ 32.179480] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.179592] kasan_atomics+0xb8/0x2e0 [ 32.179793] kunit_try_run_case+0x170/0x3f0 [ 32.180028] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.180266] kthread+0x328/0x630 [ 32.180469] ret_from_fork+0x10/0x20 [ 32.180709] [ 32.180754] The buggy address belongs to the object at fff00000c9c2c400 [ 32.180754] which belongs to the cache kmalloc-64 of size 64 [ 32.181139] The buggy address is located 0 bytes to the right of [ 32.181139] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.181279] [ 32.181367] The buggy address belongs to the physical page: [ 32.181682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.181933] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.182040] page_type: f5(slab) [ 32.182212] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.182361] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.182547] page dumped because: kasan: bad access detected [ 32.182775] [ 32.182897] Memory state around the buggy address: [ 32.183076] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.183141] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.183223] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.183348] ^ [ 32.183384] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.183838] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.183924] ================================================================== [ 32.253497] ================================================================== [ 32.253550] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1190/0x4858 [ 32.253685] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.253764] [ 32.253797] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.253885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.253920] Hardware name: linux,dummy-virt (DT) [ 32.253965] Call trace: [ 32.253991] show_stack+0x20/0x38 (C) [ 32.254041] dump_stack_lvl+0x8c/0xd0 [ 32.254111] print_report+0x118/0x5d0 [ 32.254157] kasan_report+0xdc/0x128 [ 32.254208] kasan_check_range+0x100/0x1a8 [ 32.254266] __kasan_check_write+0x20/0x30 [ 32.254314] kasan_atomics_helper+0x1190/0x4858 [ 32.254364] kasan_atomics+0x198/0x2e0 [ 32.254420] kunit_try_run_case+0x170/0x3f0 [ 32.254472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.254532] kthread+0x328/0x630 [ 32.254582] ret_from_fork+0x10/0x20 [ 32.254632] [ 32.254653] Allocated by task 297: [ 32.254689] kasan_save_stack+0x3c/0x68 [ 32.254734] kasan_save_track+0x20/0x40 [ 32.254773] kasan_save_alloc_info+0x40/0x58 [ 32.254823] __kasan_kmalloc+0xd4/0xd8 [ 32.254864] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.254906] kasan_atomics+0xb8/0x2e0 [ 32.254953] kunit_try_run_case+0x170/0x3f0 [ 32.254995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.255044] kthread+0x328/0x630 [ 32.255089] ret_from_fork+0x10/0x20 [ 32.255173] [ 32.255198] The buggy address belongs to the object at fff00000c9c2c400 [ 32.255198] which belongs to the cache kmalloc-64 of size 64 [ 32.255977] The buggy address is located 0 bytes to the right of [ 32.255977] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.256107] [ 32.256151] The buggy address belongs to the physical page: [ 32.256203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.256463] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.256521] page_type: f5(slab) [ 32.256561] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.256703] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.256909] page dumped because: kasan: bad access detected [ 32.257111] [ 32.257208] Memory state around the buggy address: [ 32.257474] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.257637] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.258138] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.258250] ^ [ 32.258318] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.258458] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.258519] ================================================================== [ 32.210459] ================================================================== [ 32.210516] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf88/0x4858 [ 32.210568] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.210934] [ 32.210987] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.211113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.211182] Hardware name: linux,dummy-virt (DT) [ 32.211241] Call trace: [ 32.211320] show_stack+0x20/0x38 (C) [ 32.211375] dump_stack_lvl+0x8c/0xd0 [ 32.211422] print_report+0x118/0x5d0 [ 32.211781] kasan_report+0xdc/0x128 [ 32.212085] kasan_check_range+0x100/0x1a8 [ 32.212360] __kasan_check_write+0x20/0x30 [ 32.212450] kasan_atomics_helper+0xf88/0x4858 [ 32.212741] kasan_atomics+0x198/0x2e0 [ 32.212945] kunit_try_run_case+0x170/0x3f0 [ 32.213002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.213273] kthread+0x328/0x630 [ 32.213663] ret_from_fork+0x10/0x20 [ 32.213838] [ 32.213890] Allocated by task 297: [ 32.214189] kasan_save_stack+0x3c/0x68 [ 32.214515] kasan_save_track+0x20/0x40 [ 32.214660] kasan_save_alloc_info+0x40/0x58 [ 32.214833] __kasan_kmalloc+0xd4/0xd8 [ 32.214942] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.215330] kasan_atomics+0xb8/0x2e0 [ 32.215435] kunit_try_run_case+0x170/0x3f0 [ 32.215540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.215862] kthread+0x328/0x630 [ 32.215910] ret_from_fork+0x10/0x20 [ 32.215959] [ 32.215982] The buggy address belongs to the object at fff00000c9c2c400 [ 32.215982] which belongs to the cache kmalloc-64 of size 64 [ 32.216044] The buggy address is located 0 bytes to the right of [ 32.216044] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.216687] [ 32.216776] The buggy address belongs to the physical page: [ 32.216880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.217289] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.217663] page_type: f5(slab) [ 32.217789] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.217970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.218202] page dumped because: kasan: bad access detected [ 32.218283] [ 32.218338] Memory state around the buggy address: [ 32.218694] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.218754] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.218863] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.218905] ^ [ 32.218942] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.219313] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.219511] ================================================================== [ 32.268405] ================================================================== [ 32.268457] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x126c/0x4858 [ 32.268618] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.268677] [ 32.268707] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.269212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.269299] Hardware name: linux,dummy-virt (DT) [ 32.269336] Call trace: [ 32.269372] show_stack+0x20/0x38 (C) [ 32.269426] dump_stack_lvl+0x8c/0xd0 [ 32.269655] print_report+0x118/0x5d0 [ 32.269716] kasan_report+0xdc/0x128 [ 32.269853] kasan_check_range+0x100/0x1a8 [ 32.269907] __kasan_check_write+0x20/0x30 [ 32.269954] kasan_atomics_helper+0x126c/0x4858 [ 32.270013] kasan_atomics+0x198/0x2e0 [ 32.270193] kunit_try_run_case+0x170/0x3f0 [ 32.270391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.270691] kthread+0x328/0x630 [ 32.270829] ret_from_fork+0x10/0x20 [ 32.270888] [ 32.270910] Allocated by task 297: [ 32.270984] kasan_save_stack+0x3c/0x68 [ 32.271223] kasan_save_track+0x20/0x40 [ 32.271375] kasan_save_alloc_info+0x40/0x58 [ 32.271555] __kasan_kmalloc+0xd4/0xd8 [ 32.271610] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.271916] kasan_atomics+0xb8/0x2e0 [ 32.272161] kunit_try_run_case+0x170/0x3f0 [ 32.272279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.272549] kthread+0x328/0x630 [ 32.272716] ret_from_fork+0x10/0x20 [ 32.272763] [ 32.272793] The buggy address belongs to the object at fff00000c9c2c400 [ 32.272793] which belongs to the cache kmalloc-64 of size 64 [ 32.272855] The buggy address is located 0 bytes to the right of [ 32.272855] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.272954] [ 32.272986] The buggy address belongs to the physical page: [ 32.273034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.273130] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.273191] page_type: f5(slab) [ 32.273239] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.273299] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.273343] page dumped because: kasan: bad access detected [ 32.273391] [ 32.273422] Memory state around the buggy address: [ 32.273461] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.273507] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.273563] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.273604] ^ [ 32.273639] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.273685] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.273735] ================================================================== [ 32.052579] ================================================================== [ 32.052621] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa04/0x4858 [ 32.052670] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.052722] [ 32.052754] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.052842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.052891] Hardware name: linux,dummy-virt (DT) [ 32.053847] print_report+0x118/0x5d0 [ 32.055333] kthread+0x328/0x630 [ 32.056193] kasan_save_stack+0x3c/0x68 [ 32.057305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.058273] The buggy address is located 0 bytes to the right of [ 32.058273] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.058360] [ 32.058535] The buggy address belongs to the physical page: [ 32.058673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.059196] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.059529] page_type: f5(slab) [ 32.059941] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.060048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.060174] page dumped because: kasan: bad access detected [ 32.060264] [ 32.060436] Memory state around the buggy address: [ 32.060543] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.060631] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.060767] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.060894] ^ [ 32.060960] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.061127] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.061174] ================================================================== [ 32.150192] ================================================================== [ 32.150248] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e04/0x4858 [ 32.150314] Read of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.150367] [ 32.150400] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.150488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.150517] Hardware name: linux,dummy-virt (DT) [ 32.150549] Call trace: [ 32.150575] show_stack+0x20/0x38 (C) [ 32.150634] dump_stack_lvl+0x8c/0xd0 [ 32.150699] print_report+0x118/0x5d0 [ 32.150747] kasan_report+0xdc/0x128 [ 32.150792] __asan_report_load4_noabort+0x20/0x30 [ 32.150843] kasan_atomics_helper+0x3e04/0x4858 [ 32.150896] kasan_atomics+0x198/0x2e0 [ 32.150945] kunit_try_run_case+0x170/0x3f0 [ 32.150996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.151072] kthread+0x328/0x630 [ 32.151118] ret_from_fork+0x10/0x20 [ 32.151181] [ 32.151202] Allocated by task 297: [ 32.151233] kasan_save_stack+0x3c/0x68 [ 32.151275] kasan_save_track+0x20/0x40 [ 32.151317] kasan_save_alloc_info+0x40/0x58 [ 32.151359] __kasan_kmalloc+0xd4/0xd8 [ 32.151400] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.151443] kasan_atomics+0xb8/0x2e0 [ 32.151482] kunit_try_run_case+0x170/0x3f0 [ 32.151524] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.151579] kthread+0x328/0x630 [ 32.151623] ret_from_fork+0x10/0x20 [ 32.152076] [ 32.152106] The buggy address belongs to the object at fff00000c9c2c400 [ 32.152106] which belongs to the cache kmalloc-64 of size 64 [ 32.152617] The buggy address is located 0 bytes to the right of [ 32.152617] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.152715] [ 32.152757] The buggy address belongs to the physical page: [ 32.152811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.152888] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.153162] page_type: f5(slab) [ 32.153214] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.153476] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.153837] page dumped because: kasan: bad access detected [ 32.154139] [ 32.154263] Memory state around the buggy address: [ 32.154342] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.154409] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.154737] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.154931] ^ [ 32.155177] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.155429] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.155518] ================================================================== [ 32.286454] ================================================================== [ 32.286678] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1384/0x4858 [ 32.286902] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.286968] [ 32.287061] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.287157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.287193] Hardware name: linux,dummy-virt (DT) [ 32.287237] Call trace: [ 32.287264] show_stack+0x20/0x38 (C) [ 32.287316] dump_stack_lvl+0x8c/0xd0 [ 32.287374] print_report+0x118/0x5d0 [ 32.287420] kasan_report+0xdc/0x128 [ 32.287473] kasan_check_range+0x100/0x1a8 [ 32.287521] __kasan_check_write+0x20/0x30 [ 32.287568] kasan_atomics_helper+0x1384/0x4858 [ 32.287619] kasan_atomics+0x198/0x2e0 [ 32.288100] kunit_try_run_case+0x170/0x3f0 [ 32.288518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.288592] kthread+0x328/0x630 [ 32.288648] ret_from_fork+0x10/0x20 [ 32.289041] [ 32.289349] Allocated by task 297: [ 32.289403] kasan_save_stack+0x3c/0x68 [ 32.289613] kasan_save_track+0x20/0x40 [ 32.289861] kasan_save_alloc_info+0x40/0x58 [ 32.290118] __kasan_kmalloc+0xd4/0xd8 [ 32.290205] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.290398] kasan_atomics+0xb8/0x2e0 [ 32.290494] kunit_try_run_case+0x170/0x3f0 [ 32.290765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.290936] kthread+0x328/0x630 [ 32.291423] ret_from_fork+0x10/0x20 [ 32.291500] [ 32.291554] The buggy address belongs to the object at fff00000c9c2c400 [ 32.291554] which belongs to the cache kmalloc-64 of size 64 [ 32.291646] The buggy address is located 0 bytes to the right of [ 32.291646] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.292128] [ 32.292164] The buggy address belongs to the physical page: [ 32.292348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.292505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.292688] page_type: f5(slab) [ 32.293329] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.293430] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.293818] page dumped because: kasan: bad access detected [ 32.294000] [ 32.294203] Memory state around the buggy address: [ 32.294380] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.294580] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.294719] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.294797] ^ [ 32.294966] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.295047] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.295145] ================================================================== [ 32.194295] ================================================================== [ 32.194389] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xeb8/0x4858 [ 32.194497] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.194562] [ 32.194859] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.195083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.195161] Hardware name: linux,dummy-virt (DT) [ 32.195199] Call trace: [ 32.195224] show_stack+0x20/0x38 (C) [ 32.195429] dump_stack_lvl+0x8c/0xd0 [ 32.195502] print_report+0x118/0x5d0 [ 32.195568] kasan_report+0xdc/0x128 [ 32.195613] kasan_check_range+0x100/0x1a8 [ 32.195758] __kasan_check_write+0x20/0x30 [ 32.196109] kasan_atomics_helper+0xeb8/0x4858 [ 32.196589] kasan_atomics+0x198/0x2e0 [ 32.196656] kunit_try_run_case+0x170/0x3f0 [ 32.196993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.197432] kthread+0x328/0x630 [ 32.197492] ret_from_fork+0x10/0x20 [ 32.197858] [ 32.198206] Allocated by task 297: [ 32.198320] kasan_save_stack+0x3c/0x68 [ 32.198449] kasan_save_track+0x20/0x40 [ 32.198598] kasan_save_alloc_info+0x40/0x58 [ 32.198641] __kasan_kmalloc+0xd4/0xd8 [ 32.198961] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.199330] kasan_atomics+0xb8/0x2e0 [ 32.199753] kunit_try_run_case+0x170/0x3f0 [ 32.199825] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.200015] kthread+0x328/0x630 [ 32.200452] ret_from_fork+0x10/0x20 [ 32.200555] [ 32.200922] The buggy address belongs to the object at fff00000c9c2c400 [ 32.200922] which belongs to the cache kmalloc-64 of size 64 [ 32.200999] The buggy address is located 0 bytes to the right of [ 32.200999] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.201114] [ 32.201138] The buggy address belongs to the physical page: [ 32.201193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.201248] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.201297] page_type: f5(slab) [ 32.201339] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.201403] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.201466] page dumped because: kasan: bad access detected [ 32.201501] [ 32.201530] Memory state around the buggy address: [ 32.201565] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.201610] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.201660] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.201701] ^ [ 32.201737] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.201781] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.201837] ================================================================== [ 32.228261] ================================================================== [ 32.228310] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1058/0x4858 [ 32.228361] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.228413] [ 32.228467] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.228565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.228593] Hardware name: linux,dummy-virt (DT) [ 32.228635] Call trace: [ 32.228665] show_stack+0x20/0x38 (C) [ 32.228713] dump_stack_lvl+0x8c/0xd0 [ 32.228763] print_report+0x118/0x5d0 [ 32.228807] kasan_report+0xdc/0x128 [ 32.228853] kasan_check_range+0x100/0x1a8 [ 32.228898] __kasan_check_write+0x20/0x30 [ 32.228944] kasan_atomics_helper+0x1058/0x4858 [ 32.229003] kasan_atomics+0x198/0x2e0 [ 32.229064] kunit_try_run_case+0x170/0x3f0 [ 32.229289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.229366] kthread+0x328/0x630 [ 32.229411] ret_from_fork+0x10/0x20 [ 32.229460] [ 32.229481] Allocated by task 297: [ 32.230204] kasan_save_stack+0x3c/0x68 [ 32.230274] kasan_save_track+0x20/0x40 [ 32.230495] kasan_save_alloc_info+0x40/0x58 [ 32.230555] __kasan_kmalloc+0xd4/0xd8 [ 32.230680] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.230809] kasan_atomics+0xb8/0x2e0 [ 32.230879] kunit_try_run_case+0x170/0x3f0 [ 32.230922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.231262] kthread+0x328/0x630 [ 32.231324] ret_from_fork+0x10/0x20 [ 32.231713] [ 32.231860] The buggy address belongs to the object at fff00000c9c2c400 [ 32.231860] which belongs to the cache kmalloc-64 of size 64 [ 32.231949] The buggy address is located 0 bytes to the right of [ 32.231949] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.232312] [ 32.232411] The buggy address belongs to the physical page: [ 32.232466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.232532] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.232900] page_type: f5(slab) [ 32.232958] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.233205] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.233419] page dumped because: kasan: bad access detected [ 32.233519] [ 32.233692] Memory state around the buggy address: [ 32.233945] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.234111] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.234215] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.234405] ^ [ 32.234481] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.234976] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.235194] ================================================================== [ 32.347452] ================================================================== [ 32.347506] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3db0/0x4858 [ 32.347560] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.347768] [ 32.347976] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.348443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.348484] Hardware name: linux,dummy-virt (DT) [ 32.348519] Call trace: [ 32.348754] show_stack+0x20/0x38 (C) [ 32.348895] dump_stack_lvl+0x8c/0xd0 [ 32.349005] print_report+0x118/0x5d0 [ 32.349380] kasan_report+0xdc/0x128 [ 32.349502] __asan_report_load8_noabort+0x20/0x30 [ 32.349671] kasan_atomics_helper+0x3db0/0x4858 [ 32.349859] kasan_atomics+0x198/0x2e0 [ 32.350195] kunit_try_run_case+0x170/0x3f0 [ 32.350448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.350848] kthread+0x328/0x630 [ 32.350968] ret_from_fork+0x10/0x20 [ 32.351024] [ 32.351047] Allocated by task 297: [ 32.351622] kasan_save_stack+0x3c/0x68 [ 32.351829] kasan_save_track+0x20/0x40 [ 32.351917] kasan_save_alloc_info+0x40/0x58 [ 32.351977] __kasan_kmalloc+0xd4/0xd8 [ 32.352017] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.352427] kasan_atomics+0xb8/0x2e0 [ 32.352541] kunit_try_run_case+0x170/0x3f0 [ 32.352941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.353079] kthread+0x328/0x630 [ 32.353194] ret_from_fork+0x10/0x20 [ 32.353235] [ 32.353257] The buggy address belongs to the object at fff00000c9c2c400 [ 32.353257] which belongs to the cache kmalloc-64 of size 64 [ 32.353470] The buggy address is located 0 bytes to the right of [ 32.353470] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.353635] [ 32.353682] The buggy address belongs to the physical page: [ 32.353717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.353783] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.353840] page_type: f5(slab) [ 32.353904] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.353970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.354040] page dumped because: kasan: bad access detected [ 32.354087] [ 32.354123] Memory state around the buggy address: [ 32.354155] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.354224] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.354280] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.354330] ^ [ 32.354365] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.354411] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.354453] ================================================================== [ 32.202203] ================================================================== [ 32.202254] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf20/0x4858 [ 32.202304] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.202357] [ 32.202407] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.202505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.202534] Hardware name: linux,dummy-virt (DT) [ 32.202567] Call trace: [ 32.202591] show_stack+0x20/0x38 (C) [ 32.202638] dump_stack_lvl+0x8c/0xd0 [ 32.202690] print_report+0x118/0x5d0 [ 32.202739] kasan_report+0xdc/0x128 [ 32.202784] kasan_check_range+0x100/0x1a8 [ 32.202832] __kasan_check_write+0x20/0x30 [ 32.202889] kasan_atomics_helper+0xf20/0x4858 [ 32.202940] kasan_atomics+0x198/0x2e0 [ 32.202989] kunit_try_run_case+0x170/0x3f0 [ 32.203045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.203561] kthread+0x328/0x630 [ 32.204128] ret_from_fork+0x10/0x20 [ 32.204236] [ 32.204290] Allocated by task 297: [ 32.204356] kasan_save_stack+0x3c/0x68 [ 32.204436] kasan_save_track+0x20/0x40 [ 32.204766] kasan_save_alloc_info+0x40/0x58 [ 32.204902] __kasan_kmalloc+0xd4/0xd8 [ 32.204957] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.205000] kasan_atomics+0xb8/0x2e0 [ 32.205040] kunit_try_run_case+0x170/0x3f0 [ 32.205098] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.205571] kthread+0x328/0x630 [ 32.205846] ret_from_fork+0x10/0x20 [ 32.206394] [ 32.206504] The buggy address belongs to the object at fff00000c9c2c400 [ 32.206504] which belongs to the cache kmalloc-64 of size 64 [ 32.206768] The buggy address is located 0 bytes to the right of [ 32.206768] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.207044] [ 32.207140] The buggy address belongs to the physical page: [ 32.207473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.207790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.207895] page_type: f5(slab) [ 32.207944] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.208278] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.208350] page dumped because: kasan: bad access detected [ 32.208476] [ 32.208558] Memory state around the buggy address: [ 32.208743] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.208828] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.209165] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.209349] ^ [ 32.209501] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.209549] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.209590] ================================================================== [ 32.331254] ================================================================== [ 32.331335] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x154c/0x4858 [ 32.331408] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.331463] [ 32.331647] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.331887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.332268] Hardware name: linux,dummy-virt (DT) [ 32.332430] Call trace: [ 32.332515] show_stack+0x20/0x38 (C) [ 32.332724] dump_stack_lvl+0x8c/0xd0 [ 32.332948] print_report+0x118/0x5d0 [ 32.333028] kasan_report+0xdc/0x128 [ 32.333252] kasan_check_range+0x100/0x1a8 [ 32.333311] __kasan_check_write+0x20/0x30 [ 32.333524] kasan_atomics_helper+0x154c/0x4858 [ 32.333995] kasan_atomics+0x198/0x2e0 [ 32.334110] kunit_try_run_case+0x170/0x3f0 [ 32.334165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.334236] kthread+0x328/0x630 [ 32.334282] ret_from_fork+0x10/0x20 [ 32.334332] [ 32.334355] Allocated by task 297: [ 32.334384] kasan_save_stack+0x3c/0x68 [ 32.334519] kasan_save_track+0x20/0x40 [ 32.334567] kasan_save_alloc_info+0x40/0x58 [ 32.334607] __kasan_kmalloc+0xd4/0xd8 [ 32.334659] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.334711] kasan_atomics+0xb8/0x2e0 [ 32.334760] kunit_try_run_case+0x170/0x3f0 [ 32.334811] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.334868] kthread+0x328/0x630 [ 32.334911] ret_from_fork+0x10/0x20 [ 32.334950] [ 32.334978] The buggy address belongs to the object at fff00000c9c2c400 [ 32.334978] which belongs to the cache kmalloc-64 of size 64 [ 32.335039] The buggy address is located 0 bytes to the right of [ 32.335039] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.335117] [ 32.335148] The buggy address belongs to the physical page: [ 32.335183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.335246] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.335315] page_type: f5(slab) [ 32.335364] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.335416] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.335460] page dumped because: kasan: bad access detected [ 32.335495] [ 32.335515] Memory state around the buggy address: [ 32.335549] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.335595] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.336001] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.336527] ^ [ 32.336576] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.336626] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.336667] ================================================================== [ 32.236061] ================================================================== [ 32.236317] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x10c0/0x4858 [ 32.236670] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.236864] [ 32.236952] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.237143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.237214] Hardware name: linux,dummy-virt (DT) [ 32.237250] Call trace: [ 32.237276] show_stack+0x20/0x38 (C) [ 32.237328] dump_stack_lvl+0x8c/0xd0 [ 32.237545] print_report+0x118/0x5d0 [ 32.237905] kasan_report+0xdc/0x128 [ 32.238092] kasan_check_range+0x100/0x1a8 [ 32.238153] __kasan_check_write+0x20/0x30 [ 32.238229] kasan_atomics_helper+0x10c0/0x4858 [ 32.238423] kasan_atomics+0x198/0x2e0 [ 32.238502] kunit_try_run_case+0x170/0x3f0 [ 32.238555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.238797] kthread+0x328/0x630 [ 32.239155] ret_from_fork+0x10/0x20 [ 32.239369] [ 32.239415] Allocated by task 297: [ 32.239448] kasan_save_stack+0x3c/0x68 [ 32.239854] kasan_save_track+0x20/0x40 [ 32.239938] kasan_save_alloc_info+0x40/0x58 [ 32.240377] __kasan_kmalloc+0xd4/0xd8 [ 32.240589] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.240641] kasan_atomics+0xb8/0x2e0 [ 32.240702] kunit_try_run_case+0x170/0x3f0 [ 32.240752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.241087] kthread+0x328/0x630 [ 32.241347] ret_from_fork+0x10/0x20 [ 32.241687] [ 32.242163] The buggy address belongs to the object at fff00000c9c2c400 [ 32.242163] which belongs to the cache kmalloc-64 of size 64 [ 32.242234] The buggy address is located 0 bytes to the right of [ 32.242234] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.242537] [ 32.242602] The buggy address belongs to the physical page: [ 32.242719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.242780] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.242828] page_type: f5(slab) [ 32.242895] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.242956] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.243010] page dumped because: kasan: bad access detected [ 32.243044] [ 32.243086] Memory state around the buggy address: [ 32.243129] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.243177] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.243222] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.243263] ^ [ 32.243299] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.243357] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.243397] ================================================================== [ 32.165434] ================================================================== [ 32.165588] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f58/0x4858 [ 32.165649] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.165702] [ 32.165795] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.165915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.166133] Hardware name: linux,dummy-virt (DT) [ 32.166323] Call trace: [ 32.166398] show_stack+0x20/0x38 (C) [ 32.166463] dump_stack_lvl+0x8c/0xd0 [ 32.166705] print_report+0x118/0x5d0 [ 32.166861] kasan_report+0xdc/0x128 [ 32.166918] __asan_report_load8_noabort+0x20/0x30 [ 32.167205] kasan_atomics_helper+0x3f58/0x4858 [ 32.167283] kasan_atomics+0x198/0x2e0 [ 32.167679] kunit_try_run_case+0x170/0x3f0 [ 32.167759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.168000] kthread+0x328/0x630 [ 32.168198] ret_from_fork+0x10/0x20 [ 32.168546] [ 32.168636] Allocated by task 297: [ 32.168712] kasan_save_stack+0x3c/0x68 [ 32.169117] kasan_save_track+0x20/0x40 [ 32.169199] kasan_save_alloc_info+0x40/0x58 [ 32.169405] __kasan_kmalloc+0xd4/0xd8 [ 32.169590] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.169748] kasan_atomics+0xb8/0x2e0 [ 32.169818] kunit_try_run_case+0x170/0x3f0 [ 32.169879] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.169928] kthread+0x328/0x630 [ 32.170150] ret_from_fork+0x10/0x20 [ 32.170354] [ 32.170399] The buggy address belongs to the object at fff00000c9c2c400 [ 32.170399] which belongs to the cache kmalloc-64 of size 64 [ 32.170490] The buggy address is located 0 bytes to the right of [ 32.170490] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.170689] [ 32.170717] The buggy address belongs to the physical page: [ 32.171100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.171301] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.171605] page_type: f5(slab) [ 32.171881] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.172146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.172311] page dumped because: kasan: bad access detected [ 32.172381] [ 32.172549] Memory state around the buggy address: [ 32.172614] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.172799] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.172980] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.173138] ^ [ 32.173186] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.173233] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.173274] ================================================================== [ 32.073012] ================================================================== [ 32.073086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xad4/0x4858 [ 32.073142] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.073242] [ 32.073275] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.073854] kasan_atomics+0x198/0x2e0 [ 32.074279] kasan_save_alloc_info+0x40/0x58 [ 32.074718] The buggy address is located 0 bytes to the right of [ 32.074718] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.074791] [ 32.074814] The buggy address belongs to the physical page: [ 32.074856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.074909] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.074956] page_type: f5(slab) [ 32.074997] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.075050] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.075490] page dumped because: kasan: bad access detected [ 32.075528] [ 32.075947] Memory state around the buggy address: [ 32.076185] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.076343] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.076822] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.079114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.080125] kasan_atomics+0x198/0x2e0 [ 32.082307] kasan_atomics+0xb8/0x2e0 [ 32.083667] [ 32.083703] The buggy address belongs to the physical page: [ 32.084243] page_type: f5(slab) [ 32.085045] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.085623] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.087527] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.089319] kasan_check_range+0x100/0x1a8 [ 32.090154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.091446] __kasan_kmalloc+0xd4/0xd8 [ 32.092345] ret_from_fork+0x10/0x20 [ 32.093213] The buggy address belongs to the physical page: [ 32.093265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.093923] page dumped because: kasan: bad access detected [ 32.094764] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.095245] ================================================================== [ 32.048570] ================================================================== [ 32.048628] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x99c/0x4858 [ 32.048877] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.049110] [ 32.049156] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.049311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.049344] Hardware name: linux,dummy-virt (DT) [ 32.049443] Call trace: [ 32.049535] show_stack+0x20/0x38 (C) [ 32.049593] dump_stack_lvl+0x8c/0xd0 [ 32.049642] print_report+0x118/0x5d0 [ 32.049836] kasan_report+0xdc/0x128 [ 32.049880] kasan_check_range+0x100/0x1a8 [ 32.050071] __kasan_check_write+0x20/0x30 [ 32.050236] kasan_atomics_helper+0x99c/0x4858 [ 32.050297] kasan_atomics+0x198/0x2e0 [ 32.050491] kunit_try_run_case+0x170/0x3f0 [ 32.050549] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.050643] kthread+0x328/0x630 [ 32.050686] ret_from_fork+0x10/0x20 [ 32.050945] [ 32.050981] Allocated by task 297: [ 32.051013] kasan_save_stack+0x3c/0x68 [ 32.051076] kasan_save_track+0x20/0x40 [ 32.051117] kasan_save_alloc_info+0x40/0x58 [ 32.051157] __kasan_kmalloc+0xd4/0xd8 [ 32.051197] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.051237] kasan_atomics+0xb8/0x2e0 [ 32.051423] kunit_try_run_case+0x170/0x3f0 [ 32.051478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.051524] kthread+0x328/0x630 [ 32.051559] ret_from_fork+0x10/0x20 [ 32.051601] [ 32.051625] The buggy address belongs to the object at fff00000c9c2c400 [ 32.051625] which belongs to the cache kmalloc-64 of size 64 [ 32.051684] The buggy address is located 0 bytes to the right of [ 32.051684] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.051749] [ 32.051785] The buggy address belongs to the physical page: [ 32.051829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.051881] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.051931] page_type: f5(slab) [ 32.051973] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.052028] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.052084] page dumped because: kasan: bad access detected [ 32.052128] [ 32.052156] Memory state around the buggy address: [ 32.052200] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.052247] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.052293] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.052334] ^ [ 32.052370] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.052416] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.052458] ================================================================== [ 32.259350] ================================================================== [ 32.259415] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x11f8/0x4858 [ 32.259578] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.259635] [ 32.259689] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.259858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.259888] Hardware name: linux,dummy-virt (DT) [ 32.259920] Call trace: [ 32.259945] show_stack+0x20/0x38 (C) [ 32.260305] dump_stack_lvl+0x8c/0xd0 [ 32.260495] print_report+0x118/0x5d0 [ 32.260670] kasan_report+0xdc/0x128 [ 32.260775] kasan_check_range+0x100/0x1a8 [ 32.260958] __kasan_check_write+0x20/0x30 [ 32.261143] kasan_atomics_helper+0x11f8/0x4858 [ 32.261213] kasan_atomics+0x198/0x2e0 [ 32.261285] kunit_try_run_case+0x170/0x3f0 [ 32.261498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.261805] kthread+0x328/0x630 [ 32.261985] ret_from_fork+0x10/0x20 [ 32.262156] [ 32.262184] Allocated by task 297: [ 32.262215] kasan_save_stack+0x3c/0x68 [ 32.262293] kasan_save_track+0x20/0x40 [ 32.262635] kasan_save_alloc_info+0x40/0x58 [ 32.263039] __kasan_kmalloc+0xd4/0xd8 [ 32.263110] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.263283] kasan_atomics+0xb8/0x2e0 [ 32.263376] kunit_try_run_case+0x170/0x3f0 [ 32.263538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.263882] kthread+0x328/0x630 [ 32.263964] ret_from_fork+0x10/0x20 [ 32.264019] [ 32.264041] The buggy address belongs to the object at fff00000c9c2c400 [ 32.264041] which belongs to the cache kmalloc-64 of size 64 [ 32.264115] The buggy address is located 0 bytes to the right of [ 32.264115] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.264182] [ 32.264676] The buggy address belongs to the physical page: [ 32.264985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.265163] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.265483] page_type: f5(slab) [ 32.265719] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.266137] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.266245] page dumped because: kasan: bad access detected [ 32.266316] [ 32.266396] Memory state around the buggy address: [ 32.266516] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.266890] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.266974] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.267085] ^ [ 32.267152] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.267506] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.267601] ================================================================== [ 32.131407] ================================================================== [ 32.131470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dd8/0x4858 [ 32.131644] Read of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.131871] [ 32.131935] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.132421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.132458] Hardware name: linux,dummy-virt (DT) [ 32.132763] Call trace: [ 32.132812] show_stack+0x20/0x38 (C) [ 32.132878] dump_stack_lvl+0x8c/0xd0 [ 32.132952] print_report+0x118/0x5d0 [ 32.133000] kasan_report+0xdc/0x128 [ 32.133047] __asan_report_load4_noabort+0x20/0x30 [ 32.133169] kasan_atomics_helper+0x3dd8/0x4858 [ 32.133225] kasan_atomics+0x198/0x2e0 [ 32.133274] kunit_try_run_case+0x170/0x3f0 [ 32.133324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.133400] kthread+0x328/0x630 [ 32.133444] ret_from_fork+0x10/0x20 [ 32.133504] [ 32.133531] Allocated by task 297: [ 32.133571] kasan_save_stack+0x3c/0x68 [ 32.133616] kasan_save_track+0x20/0x40 [ 32.133674] kasan_save_alloc_info+0x40/0x58 [ 32.133714] __kasan_kmalloc+0xd4/0xd8 [ 32.133766] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.133818] kasan_atomics+0xb8/0x2e0 [ 32.133866] kunit_try_run_case+0x170/0x3f0 [ 32.133907] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.133954] kthread+0x328/0x630 [ 32.133994] ret_from_fork+0x10/0x20 [ 32.134062] [ 32.134999] The buggy address belongs to the object at fff00000c9c2c400 [ 32.134999] which belongs to the cache kmalloc-64 of size 64 [ 32.135299] The buggy address is located 0 bytes to the right of [ 32.135299] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.135470] [ 32.135754] The buggy address belongs to the physical page: [ 32.135857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.136029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.136390] page_type: f5(slab) [ 32.136446] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.136711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.136909] page dumped because: kasan: bad access detected [ 32.137089] [ 32.137181] Memory state around the buggy address: [ 32.137219] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.137270] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.137833] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.137915] ^ [ 32.138196] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.138602] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.138692] ================================================================== [ 32.139396] ================================================================== [ 32.139831] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd3c/0x4858 [ 32.139954] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.140132] [ 32.140249] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.140364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.140554] Hardware name: linux,dummy-virt (DT) [ 32.140766] Call trace: [ 32.140848] show_stack+0x20/0x38 (C) [ 32.140942] dump_stack_lvl+0x8c/0xd0 [ 32.141312] print_report+0x118/0x5d0 [ 32.141394] kasan_report+0xdc/0x128 [ 32.141441] kasan_check_range+0x100/0x1a8 [ 32.141489] __kasan_check_write+0x20/0x30 [ 32.141719] kasan_atomics_helper+0xd3c/0x4858 [ 32.142138] kasan_atomics+0x198/0x2e0 [ 32.142226] kunit_try_run_case+0x170/0x3f0 [ 32.142283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.142753] kthread+0x328/0x630 [ 32.142992] ret_from_fork+0x10/0x20 [ 32.143189] [ 32.143215] Allocated by task 297: [ 32.143379] kasan_save_stack+0x3c/0x68 [ 32.143586] kasan_save_track+0x20/0x40 [ 32.143805] kasan_save_alloc_info+0x40/0x58 [ 32.143998] __kasan_kmalloc+0xd4/0xd8 [ 32.144068] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.144113] kasan_atomics+0xb8/0x2e0 [ 32.144155] kunit_try_run_case+0x170/0x3f0 [ 32.144530] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.144965] kthread+0x328/0x630 [ 32.145108] ret_from_fork+0x10/0x20 [ 32.145151] [ 32.145174] The buggy address belongs to the object at fff00000c9c2c400 [ 32.145174] which belongs to the cache kmalloc-64 of size 64 [ 32.145524] The buggy address is located 0 bytes to the right of [ 32.145524] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.145918] [ 32.145964] The buggy address belongs to the physical page: [ 32.145997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.146404] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.146577] page_type: f5(slab) [ 32.146827] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.147229] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.147335] page dumped because: kasan: bad access detected [ 32.147442] [ 32.147539] Memory state around the buggy address: [ 32.147720] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.147785] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.147831] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.147872] ^ [ 32.147908] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.148418] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.148635] ================================================================== [ 32.394926] ================================================================== [ 32.394998] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e20/0x4858 [ 32.395111] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.395486] [ 32.395656] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.395779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.396026] Hardware name: linux,dummy-virt (DT) [ 32.396187] Call trace: [ 32.396223] show_stack+0x20/0x38 (C) [ 32.396423] dump_stack_lvl+0x8c/0xd0 [ 32.396479] print_report+0x118/0x5d0 [ 32.396540] kasan_report+0xdc/0x128 [ 32.396588] __asan_report_load8_noabort+0x20/0x30 [ 32.396638] kasan_atomics_helper+0x3e20/0x4858 [ 32.397261] kasan_atomics+0x198/0x2e0 [ 32.397596] kunit_try_run_case+0x170/0x3f0 [ 32.397858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.398113] kthread+0x328/0x630 [ 32.398277] ret_from_fork+0x10/0x20 [ 32.398514] [ 32.398729] Allocated by task 297: [ 32.398883] kasan_save_stack+0x3c/0x68 [ 32.398937] kasan_save_track+0x20/0x40 [ 32.399148] kasan_save_alloc_info+0x40/0x58 [ 32.399608] __kasan_kmalloc+0xd4/0xd8 [ 32.399764] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.399812] kasan_atomics+0xb8/0x2e0 [ 32.399886] kunit_try_run_case+0x170/0x3f0 [ 32.399930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.400269] kthread+0x328/0x630 [ 32.400520] ret_from_fork+0x10/0x20 [ 32.400692] [ 32.400806] The buggy address belongs to the object at fff00000c9c2c400 [ 32.400806] which belongs to the cache kmalloc-64 of size 64 [ 32.400958] The buggy address is located 0 bytes to the right of [ 32.400958] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.401040] [ 32.401805] The buggy address belongs to the physical page: [ 32.401941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.402001] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.402243] page_type: f5(slab) [ 32.402463] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.402798] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.402911] page dumped because: kasan: bad access detected [ 32.402975] [ 32.403357] Memory state around the buggy address: [ 32.403713] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.403799] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.404100] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.404183] ^ [ 32.404429] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.404500] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.404673] ================================================================== [ 32.364815] ================================================================== [ 32.364907] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df4/0x4858 [ 32.364969] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.365022] [ 32.365219] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.365493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.365567] Hardware name: linux,dummy-virt (DT) [ 32.365601] Call trace: [ 32.365628] show_stack+0x20/0x38 (C) [ 32.365681] dump_stack_lvl+0x8c/0xd0 [ 32.365897] print_report+0x118/0x5d0 [ 32.366077] kasan_report+0xdc/0x128 [ 32.366138] __asan_report_load8_noabort+0x20/0x30 [ 32.366190] kasan_atomics_helper+0x3df4/0x4858 [ 32.366240] kasan_atomics+0x198/0x2e0 [ 32.366290] kunit_try_run_case+0x170/0x3f0 [ 32.366341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.366397] kthread+0x328/0x630 [ 32.366442] ret_from_fork+0x10/0x20 [ 32.366501] [ 32.366524] Allocated by task 297: [ 32.366563] kasan_save_stack+0x3c/0x68 [ 32.366609] kasan_save_track+0x20/0x40 [ 32.366653] kasan_save_alloc_info+0x40/0x58 [ 32.366695] __kasan_kmalloc+0xd4/0xd8 [ 32.366745] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.366788] kasan_atomics+0xb8/0x2e0 [ 32.366827] kunit_try_run_case+0x170/0x3f0 [ 32.366869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.366916] kthread+0x328/0x630 [ 32.366960] ret_from_fork+0x10/0x20 [ 32.367000] [ 32.367021] The buggy address belongs to the object at fff00000c9c2c400 [ 32.367021] which belongs to the cache kmalloc-64 of size 64 [ 32.367093] The buggy address is located 0 bytes to the right of [ 32.367093] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.367172] [ 32.367197] The buggy address belongs to the physical page: [ 32.367230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.367286] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.367344] page_type: f5(slab) [ 32.367390] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.367444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.367486] page dumped because: kasan: bad access detected [ 32.367529] [ 32.367549] Memory state around the buggy address: [ 32.367583] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.368043] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.368586] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.368676] ^ [ 32.368715] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.368763] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.368806] ================================================================== [ 32.185355] ================================================================== [ 32.185409] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e5c/0x4858 [ 32.185463] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.185516] [ 32.185980] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.186208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.186417] Hardware name: linux,dummy-virt (DT) [ 32.186492] Call trace: [ 32.186644] show_stack+0x20/0x38 (C) [ 32.186706] dump_stack_lvl+0x8c/0xd0 [ 32.186758] print_report+0x118/0x5d0 [ 32.186825] kasan_report+0xdc/0x128 [ 32.186922] __asan_report_store8_noabort+0x20/0x30 [ 32.187281] kasan_atomics_helper+0x3e5c/0x4858 [ 32.187354] kasan_atomics+0x198/0x2e0 [ 32.187405] kunit_try_run_case+0x170/0x3f0 [ 32.187946] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.188033] kthread+0x328/0x630 [ 32.188225] ret_from_fork+0x10/0x20 [ 32.188508] [ 32.188609] Allocated by task 297: [ 32.188905] kasan_save_stack+0x3c/0x68 [ 32.189159] kasan_save_track+0x20/0x40 [ 32.189265] kasan_save_alloc_info+0x40/0x58 [ 32.189308] __kasan_kmalloc+0xd4/0xd8 [ 32.189380] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.189538] kasan_atomics+0xb8/0x2e0 [ 32.189931] kunit_try_run_case+0x170/0x3f0 [ 32.190007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.190391] kthread+0x328/0x630 [ 32.190572] ret_from_fork+0x10/0x20 [ 32.190797] [ 32.190823] The buggy address belongs to the object at fff00000c9c2c400 [ 32.190823] which belongs to the cache kmalloc-64 of size 64 [ 32.190916] The buggy address is located 0 bytes to the right of [ 32.190916] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.191299] [ 32.191475] The buggy address belongs to the physical page: [ 32.191609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.191727] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.191834] page_type: f5(slab) [ 32.191984] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.192047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.192103] page dumped because: kasan: bad access detected [ 32.192311] [ 32.192367] Memory state around the buggy address: [ 32.192406] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.192454] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.192539] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.192592] ^ [ 32.192629] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.192675] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.192728] ================================================================== [ 32.355384] ================================================================== [ 32.355640] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1644/0x4858 [ 32.355864] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.356161] [ 32.356276] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.356595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.356804] Hardware name: linux,dummy-virt (DT) [ 32.357179] Call trace: [ 32.357259] show_stack+0x20/0x38 (C) [ 32.357413] dump_stack_lvl+0x8c/0xd0 [ 32.357502] print_report+0x118/0x5d0 [ 32.357608] kasan_report+0xdc/0x128 [ 32.357715] kasan_check_range+0x100/0x1a8 [ 32.358025] __kasan_check_write+0x20/0x30 [ 32.358582] kasan_atomics_helper+0x1644/0x4858 [ 32.358669] kasan_atomics+0x198/0x2e0 [ 32.358975] kunit_try_run_case+0x170/0x3f0 [ 32.359050] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.359145] kthread+0x328/0x630 [ 32.359337] ret_from_fork+0x10/0x20 [ 32.359401] [ 32.359547] Allocated by task 297: [ 32.359730] kasan_save_stack+0x3c/0x68 [ 32.359793] kasan_save_track+0x20/0x40 [ 32.360147] kasan_save_alloc_info+0x40/0x58 [ 32.360236] __kasan_kmalloc+0xd4/0xd8 [ 32.360321] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.360366] kasan_atomics+0xb8/0x2e0 [ 32.360413] kunit_try_run_case+0x170/0x3f0 [ 32.360643] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.360838] kthread+0x328/0x630 [ 32.361064] ret_from_fork+0x10/0x20 [ 32.361243] [ 32.361289] The buggy address belongs to the object at fff00000c9c2c400 [ 32.361289] which belongs to the cache kmalloc-64 of size 64 [ 32.361608] The buggy address is located 0 bytes to the right of [ 32.361608] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.361798] [ 32.361857] The buggy address belongs to the physical page: [ 32.362112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.362282] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.362641] page_type: f5(slab) [ 32.362805] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.363146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.363218] page dumped because: kasan: bad access detected [ 32.363298] [ 32.363379] Memory state around the buggy address: [ 32.363554] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.363776] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.363870] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.363978] ^ [ 32.364035] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.364175] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.364393] ================================================================== [ 32.274435] ================================================================== [ 32.274858] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12d8/0x4858 [ 32.275156] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.275346] [ 32.275390] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.275547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.275750] Hardware name: linux,dummy-virt (DT) [ 32.275996] Call trace: [ 32.276048] show_stack+0x20/0x38 (C) [ 32.276364] dump_stack_lvl+0x8c/0xd0 [ 32.276519] print_report+0x118/0x5d0 [ 32.276625] kasan_report+0xdc/0x128 [ 32.276762] kasan_check_range+0x100/0x1a8 [ 32.276815] __kasan_check_write+0x20/0x30 [ 32.276862] kasan_atomics_helper+0x12d8/0x4858 [ 32.276920] kasan_atomics+0x198/0x2e0 [ 32.276968] kunit_try_run_case+0x170/0x3f0 [ 32.277212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.277910] kthread+0x328/0x630 [ 32.277988] ret_from_fork+0x10/0x20 [ 32.278327] [ 32.278404] Allocated by task 297: [ 32.278476] kasan_save_stack+0x3c/0x68 [ 32.278703] kasan_save_track+0x20/0x40 [ 32.279067] kasan_save_alloc_info+0x40/0x58 [ 32.279544] __kasan_kmalloc+0xd4/0xd8 [ 32.279698] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.279813] kasan_atomics+0xb8/0x2e0 [ 32.280035] kunit_try_run_case+0x170/0x3f0 [ 32.280243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.280377] kthread+0x328/0x630 [ 32.280636] ret_from_fork+0x10/0x20 [ 32.280795] [ 32.281248] The buggy address belongs to the object at fff00000c9c2c400 [ 32.281248] which belongs to the cache kmalloc-64 of size 64 [ 32.281615] The buggy address is located 0 bytes to the right of [ 32.281615] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.281697] [ 32.282102] The buggy address belongs to the physical page: [ 32.282171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.282384] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.282574] page_type: f5(slab) [ 32.282648] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.282962] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.283104] page dumped because: kasan: bad access detected [ 32.283462] [ 32.283512] Memory state around the buggy address: [ 32.283765] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.284135] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.284311] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.284478] ^ [ 32.284571] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.284720] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.284936] ================================================================== [ 32.296113] ================================================================== [ 32.296223] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3f04/0x4858 [ 32.296295] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.296349] [ 32.296389] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.296478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.296506] Hardware name: linux,dummy-virt (DT) [ 32.296540] Call trace: [ 32.296996] show_stack+0x20/0x38 (C) [ 32.297147] dump_stack_lvl+0x8c/0xd0 [ 32.297241] print_report+0x118/0x5d0 [ 32.297347] kasan_report+0xdc/0x128 [ 32.297436] __asan_report_load8_noabort+0x20/0x30 [ 32.297487] kasan_atomics_helper+0x3f04/0x4858 [ 32.297546] kasan_atomics+0x198/0x2e0 [ 32.297594] kunit_try_run_case+0x170/0x3f0 [ 32.297645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.297702] kthread+0x328/0x630 [ 32.297747] ret_from_fork+0x10/0x20 [ 32.297796] [ 32.297858] Allocated by task 297: [ 32.297902] kasan_save_stack+0x3c/0x68 [ 32.297955] kasan_save_track+0x20/0x40 [ 32.297997] kasan_save_alloc_info+0x40/0x58 [ 32.298037] __kasan_kmalloc+0xd4/0xd8 [ 32.298096] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.298138] kasan_atomics+0xb8/0x2e0 [ 32.298177] kunit_try_run_case+0x170/0x3f0 [ 32.298218] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.298264] kthread+0x328/0x630 [ 32.298299] ret_from_fork+0x10/0x20 [ 32.298337] [ 32.298358] The buggy address belongs to the object at fff00000c9c2c400 [ 32.298358] which belongs to the cache kmalloc-64 of size 64 [ 32.298418] The buggy address is located 0 bytes to the right of [ 32.298418] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.298486] [ 32.298507] The buggy address belongs to the physical page: [ 32.298540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.298595] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.298642] page_type: f5(slab) [ 32.298681] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.298742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.298795] page dumped because: kasan: bad access detected [ 32.298829] [ 32.298854] Memory state around the buggy address: [ 32.298886] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.298942] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.298988] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.299028] ^ [ 32.299472] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.299527] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.299987] ================================================================== [ 32.369825] ================================================================== [ 32.369896] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16d0/0x4858 [ 32.369950] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.370081] [ 32.370118] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.370210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.370410] Hardware name: linux,dummy-virt (DT) [ 32.370672] Call trace: [ 32.370894] show_stack+0x20/0x38 (C) [ 32.370965] dump_stack_lvl+0x8c/0xd0 [ 32.371082] print_report+0x118/0x5d0 [ 32.371134] kasan_report+0xdc/0x128 [ 32.371179] kasan_check_range+0x100/0x1a8 [ 32.371272] __kasan_check_write+0x20/0x30 [ 32.371324] kasan_atomics_helper+0x16d0/0x4858 [ 32.371375] kasan_atomics+0x198/0x2e0 [ 32.371995] kunit_try_run_case+0x170/0x3f0 [ 32.372112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.372249] kthread+0x328/0x630 [ 32.372443] ret_from_fork+0x10/0x20 [ 32.372678] [ 32.372750] Allocated by task 297: [ 32.373047] kasan_save_stack+0x3c/0x68 [ 32.373199] kasan_save_track+0x20/0x40 [ 32.373469] kasan_save_alloc_info+0x40/0x58 [ 32.373709] __kasan_kmalloc+0xd4/0xd8 [ 32.374099] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.374183] kasan_atomics+0xb8/0x2e0 [ 32.374246] kunit_try_run_case+0x170/0x3f0 [ 32.374325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.374564] kthread+0x328/0x630 [ 32.374752] ret_from_fork+0x10/0x20 [ 32.374966] [ 32.375143] The buggy address belongs to the object at fff00000c9c2c400 [ 32.375143] which belongs to the cache kmalloc-64 of size 64 [ 32.375299] The buggy address is located 0 bytes to the right of [ 32.375299] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.375553] [ 32.375641] The buggy address belongs to the physical page: [ 32.375893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.376045] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.376180] page_type: f5(slab) [ 32.376274] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.376620] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.376741] page dumped because: kasan: bad access detected [ 32.376924] [ 32.377092] Memory state around the buggy address: [ 32.377208] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.377328] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.377496] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.377586] ^ [ 32.377810] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.378005] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.378119] ================================================================== [ 32.301023] ================================================================== [ 32.301097] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1414/0x4858 [ 32.301149] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.301321] [ 32.301415] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.301801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.301884] Hardware name: linux,dummy-virt (DT) [ 32.301920] Call trace: [ 32.301947] show_stack+0x20/0x38 (C) [ 32.302181] dump_stack_lvl+0x8c/0xd0 [ 32.302351] print_report+0x118/0x5d0 [ 32.302530] kasan_report+0xdc/0x128 [ 32.302604] kasan_check_range+0x100/0x1a8 [ 32.302655] __kasan_check_write+0x20/0x30 [ 32.302729] kasan_atomics_helper+0x1414/0x4858 [ 32.303115] kasan_atomics+0x198/0x2e0 [ 32.303184] kunit_try_run_case+0x170/0x3f0 [ 32.303237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.303525] kthread+0x328/0x630 [ 32.303900] ret_from_fork+0x10/0x20 [ 32.304224] [ 32.304320] Allocated by task 297: [ 32.304677] kasan_save_stack+0x3c/0x68 [ 32.304796] kasan_save_track+0x20/0x40 [ 32.305104] kasan_save_alloc_info+0x40/0x58 [ 32.305203] __kasan_kmalloc+0xd4/0xd8 [ 32.305366] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.305442] kasan_atomics+0xb8/0x2e0 [ 32.305648] kunit_try_run_case+0x170/0x3f0 [ 32.305867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.305966] kthread+0x328/0x630 [ 32.306216] ret_from_fork+0x10/0x20 [ 32.306358] [ 32.306502] The buggy address belongs to the object at fff00000c9c2c400 [ 32.306502] which belongs to the cache kmalloc-64 of size 64 [ 32.306705] The buggy address is located 0 bytes to the right of [ 32.306705] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.306997] [ 32.307158] The buggy address belongs to the physical page: [ 32.307206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.307265] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.307820] page_type: f5(slab) [ 32.308073] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.308180] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.308340] page dumped because: kasan: bad access detected [ 32.308426] [ 32.308506] Memory state around the buggy address: [ 32.308727] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.309067] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.309169] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.309410] ^ [ 32.309613] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.309671] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.309875] ================================================================== [ 32.032880] ================================================================== [ 32.032942] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 32.032997] Read of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.033180] [ 32.033281] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.033377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.033524] Hardware name: linux,dummy-virt (DT) [ 32.033569] Call trace: [ 32.033633] show_stack+0x20/0x38 (C) [ 32.033685] dump_stack_lvl+0x8c/0xd0 [ 32.033744] print_report+0x118/0x5d0 [ 32.033789] kasan_report+0xdc/0x128 [ 32.033835] __asan_report_load4_noabort+0x20/0x30 [ 32.033895] kasan_atomics_helper+0x42d8/0x4858 [ 32.033948] kasan_atomics+0x198/0x2e0 [ 32.033995] kunit_try_run_case+0x170/0x3f0 [ 32.034077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.034137] kthread+0x328/0x630 [ 32.034179] ret_from_fork+0x10/0x20 [ 32.034229] [ 32.034257] Allocated by task 297: [ 32.034289] kasan_save_stack+0x3c/0x68 [ 32.034332] kasan_save_track+0x20/0x40 [ 32.034373] kasan_save_alloc_info+0x40/0x58 [ 32.034419] __kasan_kmalloc+0xd4/0xd8 [ 32.034460] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.034511] kasan_atomics+0xb8/0x2e0 [ 32.034550] kunit_try_run_case+0x170/0x3f0 [ 32.034599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.034646] kthread+0x328/0x630 [ 32.034681] ret_from_fork+0x10/0x20 [ 32.034719] [ 32.034739] The buggy address belongs to the object at fff00000c9c2c400 [ 32.034739] which belongs to the cache kmalloc-64 of size 64 [ 32.034928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.036914] ^ [ 32.038407] Write of size 4 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.039907] kasan_check_range+0x100/0x1a8 [ 32.041433] Allocated by task 297: [ 32.041507] kasan_save_stack+0x3c/0x68 [ 32.041667] kasan_save_track+0x20/0x40 [ 32.041715] kasan_save_alloc_info+0x40/0x58 [ 32.041944] __kasan_kmalloc+0xd4/0xd8 [ 32.042107] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.042374] kasan_atomics+0xb8/0x2e0 [ 32.042479] kunit_try_run_case+0x170/0x3f0 [ 32.042586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.042723] kthread+0x328/0x630 [ 32.042964] ret_from_fork+0x10/0x20 [ 32.043141] [ 32.043230] The buggy address belongs to the object at fff00000c9c2c400 [ 32.043230] which belongs to the cache kmalloc-64 of size 64 [ 32.043408] The buggy address is located 0 bytes to the right of [ 32.043408] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.043481] [ 32.043646] The buggy address belongs to the physical page: [ 32.043909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.044121] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.044330] page_type: f5(slab) [ 32.044535] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.044663] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.044767] page dumped because: kasan: bad access detected [ 32.044948] [ 32.045025] Memory state around the buggy address: [ 32.045090] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.045368] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.045426] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.045870] ^ [ 32.046027] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.046147] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.046431] ================================================================== [ 32.337376] ================================================================== [ 32.337439] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b4/0x4858 [ 32.337491] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.337554] [ 32.337792] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.338270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.338319] Hardware name: linux,dummy-virt (DT) [ 32.338368] Call trace: [ 32.338630] show_stack+0x20/0x38 (C) [ 32.338869] dump_stack_lvl+0x8c/0xd0 [ 32.338983] print_report+0x118/0x5d0 [ 32.339574] kasan_report+0xdc/0x128 [ 32.339690] kasan_check_range+0x100/0x1a8 [ 32.339774] __kasan_check_write+0x20/0x30 [ 32.340030] kasan_atomics_helper+0x15b4/0x4858 [ 32.340365] kasan_atomics+0x198/0x2e0 [ 32.340436] kunit_try_run_case+0x170/0x3f0 [ 32.340626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.340788] kthread+0x328/0x630 [ 32.340907] ret_from_fork+0x10/0x20 [ 32.341005] [ 32.341205] Allocated by task 297: [ 32.341239] kasan_save_stack+0x3c/0x68 [ 32.341472] kasan_save_track+0x20/0x40 [ 32.341569] kasan_save_alloc_info+0x40/0x58 [ 32.341915] __kasan_kmalloc+0xd4/0xd8 [ 32.342080] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.342166] kasan_atomics+0xb8/0x2e0 [ 32.342480] kunit_try_run_case+0x170/0x3f0 [ 32.342559] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.342656] kthread+0x328/0x630 [ 32.342857] ret_from_fork+0x10/0x20 [ 32.342927] [ 32.343225] The buggy address belongs to the object at fff00000c9c2c400 [ 32.343225] which belongs to the cache kmalloc-64 of size 64 [ 32.343467] The buggy address is located 0 bytes to the right of [ 32.343467] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.343862] [ 32.343912] The buggy address belongs to the physical page: [ 32.344089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.344153] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.344352] page_type: f5(slab) [ 32.344523] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.344983] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.345140] page dumped because: kasan: bad access detected [ 32.345247] [ 32.345589] Memory state around the buggy address: [ 32.345705] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.345857] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.345971] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.346075] ^ [ 32.346129] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.346319] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.346469] ================================================================== [ 32.378436] ================================================================== [ 32.378646] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3e10/0x4858 [ 32.378931] Read of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.379130] [ 32.379173] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.379263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.379320] Hardware name: linux,dummy-virt (DT) [ 32.379386] Call trace: [ 32.379412] show_stack+0x20/0x38 (C) [ 32.379547] dump_stack_lvl+0x8c/0xd0 [ 32.379602] print_report+0x118/0x5d0 [ 32.379945] kasan_report+0xdc/0x128 [ 32.380134] __asan_report_load8_noabort+0x20/0x30 [ 32.380432] kasan_atomics_helper+0x3e10/0x4858 [ 32.380541] kasan_atomics+0x198/0x2e0 [ 32.380688] kunit_try_run_case+0x170/0x3f0 [ 32.380864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.380959] kthread+0x328/0x630 [ 32.381005] ret_from_fork+0x10/0x20 [ 32.381397] [ 32.381453] Allocated by task 297: [ 32.381661] kasan_save_stack+0x3c/0x68 [ 32.381805] kasan_save_track+0x20/0x40 [ 32.382154] kasan_save_alloc_info+0x40/0x58 [ 32.382239] __kasan_kmalloc+0xd4/0xd8 [ 32.382453] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.382720] kasan_atomics+0xb8/0x2e0 [ 32.382939] kunit_try_run_case+0x170/0x3f0 [ 32.383142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.383415] kthread+0x328/0x630 [ 32.383570] ret_from_fork+0x10/0x20 [ 32.383633] [ 32.383849] The buggy address belongs to the object at fff00000c9c2c400 [ 32.383849] which belongs to the cache kmalloc-64 of size 64 [ 32.384147] The buggy address is located 0 bytes to the right of [ 32.384147] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.384245] [ 32.384613] The buggy address belongs to the physical page: [ 32.384723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.384788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.385068] page_type: f5(slab) [ 32.385162] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.385226] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.385270] page dumped because: kasan: bad access detected [ 32.385304] [ 32.385341] Memory state around the buggy address: [ 32.385407] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.385455] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.385522] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.385564] ^ [ 32.385600] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.385645] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.385688] ================================================================== [ 32.220373] ================================================================== [ 32.220491] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xff0/0x4858 [ 32.220558] Write of size 8 at addr fff00000c9c2c430 by task kunit_try_catch/297 [ 32.220610] [ 32.220646] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.221108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.221204] Hardware name: linux,dummy-virt (DT) [ 32.221239] Call trace: [ 32.221330] show_stack+0x20/0x38 (C) [ 32.221416] dump_stack_lvl+0x8c/0xd0 [ 32.221579] print_report+0x118/0x5d0 [ 32.221633] kasan_report+0xdc/0x128 [ 32.221826] kasan_check_range+0x100/0x1a8 [ 32.222004] __kasan_check_write+0x20/0x30 [ 32.222075] kasan_atomics_helper+0xff0/0x4858 [ 32.222127] kasan_atomics+0x198/0x2e0 [ 32.222366] kunit_try_run_case+0x170/0x3f0 [ 32.222823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.222907] kthread+0x328/0x630 [ 32.222955] ret_from_fork+0x10/0x20 [ 32.223214] [ 32.223347] Allocated by task 297: [ 32.223391] kasan_save_stack+0x3c/0x68 [ 32.223643] kasan_save_track+0x20/0x40 [ 32.223799] kasan_save_alloc_info+0x40/0x58 [ 32.224048] __kasan_kmalloc+0xd4/0xd8 [ 32.224224] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.224364] kasan_atomics+0xb8/0x2e0 [ 32.224523] kunit_try_run_case+0x170/0x3f0 [ 32.224568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.224624] kthread+0x328/0x630 [ 32.224660] ret_from_fork+0x10/0x20 [ 32.224999] [ 32.225111] The buggy address belongs to the object at fff00000c9c2c400 [ 32.225111] which belongs to the cache kmalloc-64 of size 64 [ 32.225410] The buggy address is located 0 bytes to the right of [ 32.225410] allocated 48-byte region [fff00000c9c2c400, fff00000c9c2c430) [ 32.225590] [ 32.225632] The buggy address belongs to the physical page: [ 32.225873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.226221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.226367] page_type: f5(slab) [ 32.226735] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.226826] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.227017] page dumped because: kasan: bad access detected [ 32.227265] [ 32.227374] Memory state around the buggy address: [ 32.227590] fff00000c9c2c300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.227776] fff00000c9c2c380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.227843] >fff00000c9c2c400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.227892] ^ [ 32.227928] fff00000c9c2c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.227983] fff00000c9c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.228023] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 31.713376] ================================================================== [ 31.713419] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 31.713697] Call trace: [ 31.714802] kasan_bitops_generic+0x110/0x1c8 [ 31.715791] kasan_save_stack+0x3c/0x68 [ 31.716526] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.716817] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.718233] [ 31.718815] page_type: f5(slab) [ 31.719225] page dumped because: kasan: bad access detected [ 31.720477] ================================================================== [ 31.685097] ================================================================== [ 31.685479] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 31.685540] Read of size 8 at addr fff00000c7b74d88 by task kunit_try_catch/293 [ 31.685593] [ 31.685632] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.685724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.685754] Hardware name: linux,dummy-virt (DT) [ 31.685786] Call trace: [ 31.685811] show_stack+0x20/0x38 (C) [ 31.685860] dump_stack_lvl+0x8c/0xd0 [ 31.685910] print_report+0x118/0x5d0 [ 31.685966] kasan_report+0xdc/0x128 [ 31.686023] __asan_report_load8_noabort+0x20/0x30 [ 31.686084] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 31.686141] kasan_bitops_generic+0x110/0x1c8 [ 31.686193] kunit_try_run_case+0x170/0x3f0 [ 31.686253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.686309] kthread+0x328/0x630 [ 31.686356] ret_from_fork+0x10/0x20 [ 31.686410] [ 31.686431] Allocated by task 293: [ 31.686471] kasan_save_stack+0x3c/0x68 [ 31.686523] kasan_save_track+0x20/0x40 [ 31.686565] kasan_save_alloc_info+0x40/0x58 [ 31.686604] __kasan_kmalloc+0xd4/0xd8 [ 31.686643] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.686683] kasan_bitops_generic+0xa0/0x1c8 [ 31.686724] kunit_try_run_case+0x170/0x3f0 [ 31.686765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.686813] kthread+0x328/0x630 [ 31.686848] ret_from_fork+0x10/0x20 [ 31.686885] [ 31.686905] The buggy address belongs to the object at fff00000c7b74d80 [ 31.686905] which belongs to the cache kmalloc-16 of size 16 [ 31.686974] The buggy address is located 8 bytes inside of [ 31.686974] allocated 9-byte region [fff00000c7b74d80, fff00000c7b74d89) [ 31.687039] [ 31.687070] The buggy address belongs to the physical page: [ 31.687711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107b74 [ 31.687838] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.687907] page_type: f5(slab) [ 31.687976] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 31.688223] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.688486] page dumped because: kasan: bad access detected [ 31.688529] [ 31.688748] Memory state around the buggy address: [ 31.688814] fff00000c7b74c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.689020] fff00000c7b74d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.689220] >fff00000c7b74d80: 00 01 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.689403] ^ [ 31.689452] fff00000c7b74e00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 31.689757] fff00000c7b74e80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.689852] ================================================================== [ 31.690580] ================================================================== [ 31.690633] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 31.690685] Write of size 8 at addr fff00000c7b74d88 by task kunit_try_catch/293 [ 31.691020] [ 31.691748] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.691893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.691924] Hardware name: linux,dummy-virt (DT) [ 31.691956] Call trace: [ 31.691980] show_stack+0x20/0x38 (C) [ 31.692560] dump_stack_lvl+0x8c/0xd0 [ 31.693598] __kasan_check_write+0x20/0x30 [ 31.695202] kasan_save_stack+0x3c/0x68 [ 31.696005] kunit_try_run_case+0x170/0x3f0 [ 31.697256] [ 31.698191] page_type: f5(slab) [ 31.698828] [ 31.699372] fff00000c7b74d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.701893] ================================================================== [ 31.674580] ================================================================== [ 31.674896] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 31.675234] Write of size 8 at addr fff00000c7b74d88 by task kunit_try_catch/293 [ 31.675293] [ 31.675330] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.675420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.675863] Hardware name: linux,dummy-virt (DT) [ 31.676036] Call trace: [ 31.676131] show_stack+0x20/0x38 (C) [ 31.676244] dump_stack_lvl+0x8c/0xd0 [ 31.676448] print_report+0x118/0x5d0 [ 31.676631] kasan_report+0xdc/0x128 [ 31.676946] kasan_check_range+0x100/0x1a8 [ 31.677112] __kasan_check_write+0x20/0x30 [ 31.677271] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 31.677403] kasan_bitops_generic+0x110/0x1c8 [ 31.677726] kunit_try_run_case+0x170/0x3f0 [ 31.677868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.678121] kthread+0x328/0x630 [ 31.678499] ret_from_fork+0x10/0x20 [ 31.678613] [ 31.678771] Allocated by task 293: [ 31.679155] kasan_save_stack+0x3c/0x68 [ 31.679243] kasan_save_track+0x20/0x40 [ 31.679452] kasan_save_alloc_info+0x40/0x58 [ 31.679618] __kasan_kmalloc+0xd4/0xd8 [ 31.679740] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.679981] kasan_bitops_generic+0xa0/0x1c8 [ 31.680246] kunit_try_run_case+0x170/0x3f0 [ 31.680354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.680560] kthread+0x328/0x630 [ 31.680645] ret_from_fork+0x10/0x20 [ 31.680821] [ 31.680980] The buggy address belongs to the object at fff00000c7b74d80 [ 31.680980] which belongs to the cache kmalloc-16 of size 16 [ 31.681105] The buggy address is located 8 bytes inside of [ 31.681105] allocated 9-byte region [fff00000c7b74d80, fff00000c7b74d89) [ 31.681549] [ 31.681679] The buggy address belongs to the physical page: [ 31.681773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107b74 [ 31.681880] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.681953] page_type: f5(slab) [ 31.682320] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122 [ 31.682413] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 31.682820] page dumped because: kasan: bad access detected [ 31.682909] [ 31.683037] Memory state around the buggy address: [ 31.683253] fff00000c7b74c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.683314] fff00000c7b74d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.683358] >fff00000c7b74d80: 00 01 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 31.683679] ^ [ 31.683902] fff00000c7b74e00: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 31.684104] fff00000c7b74e80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.684345] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 31.654519] ================================================================== [ 31.654579] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 31.654996] Read of size 1 at addr fff00000c9c23a10 by task kunit_try_catch/291 [ 31.655426] [ 31.655470] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.655587] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.655872] Hardware name: linux,dummy-virt (DT) [ 31.655941] Call trace: [ 31.655986] show_stack+0x20/0x38 (C) [ 31.656328] dump_stack_lvl+0x8c/0xd0 [ 31.656568] print_report+0x118/0x5d0 [ 31.656738] kasan_report+0xdc/0x128 [ 31.656998] __asan_report_load1_noabort+0x20/0x30 [ 31.657420] strnlen+0x80/0x88 [ 31.657625] kasan_strings+0x478/0xb00 [ 31.657883] kunit_try_run_case+0x170/0x3f0 [ 31.658070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.658184] kthread+0x328/0x630 [ 31.658271] ret_from_fork+0x10/0x20 [ 31.658782] [ 31.658835] Allocated by task 291: [ 31.658981] kasan_save_stack+0x3c/0x68 [ 31.659118] kasan_save_track+0x20/0x40 [ 31.659181] kasan_save_alloc_info+0x40/0x58 [ 31.659276] __kasan_kmalloc+0xd4/0xd8 [ 31.659401] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.659605] kasan_strings+0xc8/0xb00 [ 31.659658] kunit_try_run_case+0x170/0x3f0 [ 31.659823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.659878] kthread+0x328/0x630 [ 31.659927] ret_from_fork+0x10/0x20 [ 31.660303] [ 31.660353] Freed by task 291: [ 31.660496] kasan_save_stack+0x3c/0x68 [ 31.660549] kasan_save_track+0x20/0x40 [ 31.660592] kasan_save_free_info+0x4c/0x78 [ 31.660642] __kasan_slab_free+0x6c/0x98 [ 31.660714] kfree+0x214/0x3c8 [ 31.660762] kasan_strings+0x24c/0xb00 [ 31.660810] kunit_try_run_case+0x170/0x3f0 [ 31.660858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.661265] kthread+0x328/0x630 [ 31.661435] ret_from_fork+0x10/0x20 [ 31.662035] [ 31.662092] The buggy address belongs to the object at fff00000c9c23a00 [ 31.662092] which belongs to the cache kmalloc-32 of size 32 [ 31.662296] The buggy address is located 16 bytes inside of [ 31.662296] freed 32-byte region [fff00000c9c23a00, fff00000c9c23a20) [ 31.662664] [ 31.662716] The buggy address belongs to the physical page: [ 31.662783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c23 [ 31.662888] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.663065] page_type: f5(slab) [ 31.663190] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.663356] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.663474] page dumped because: kasan: bad access detected [ 31.663532] [ 31.663864] Memory state around the buggy address: [ 31.663946] fff00000c9c23900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.664045] fff00000c9c23980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.664186] >fff00000c9c23a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.664227] ^ [ 31.664259] fff00000c9c23a80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.664560] fff00000c9c23b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.664668] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 31.644044] ================================================================== [ 31.644108] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 31.644521] Read of size 1 at addr fff00000c9c23a10 by task kunit_try_catch/291 [ 31.644594] [ 31.644958] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.645066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.645098] Hardware name: linux,dummy-virt (DT) [ 31.645139] Call trace: [ 31.645165] show_stack+0x20/0x38 (C) [ 31.645218] dump_stack_lvl+0x8c/0xd0 [ 31.645432] print_report+0x118/0x5d0 [ 31.645633] kasan_report+0xdc/0x128 [ 31.645741] __asan_report_load1_noabort+0x20/0x30 [ 31.645807] strlen+0xa8/0xb0 [ 31.646087] kasan_strings+0x418/0xb00 [ 31.646236] kunit_try_run_case+0x170/0x3f0 [ 31.646311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.646435] kthread+0x328/0x630 [ 31.646530] ret_from_fork+0x10/0x20 [ 31.646582] [ 31.646602] Allocated by task 291: [ 31.646652] kasan_save_stack+0x3c/0x68 [ 31.646894] kasan_save_track+0x20/0x40 [ 31.647072] kasan_save_alloc_info+0x40/0x58 [ 31.647124] __kasan_kmalloc+0xd4/0xd8 [ 31.647173] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.647217] kasan_strings+0xc8/0xb00 [ 31.647299] kunit_try_run_case+0x170/0x3f0 [ 31.647358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.647407] kthread+0x328/0x630 [ 31.647442] ret_from_fork+0x10/0x20 [ 31.647615] [ 31.647817] Freed by task 291: [ 31.647870] kasan_save_stack+0x3c/0x68 [ 31.648196] kasan_save_track+0x20/0x40 [ 31.648279] kasan_save_free_info+0x4c/0x78 [ 31.648320] __kasan_slab_free+0x6c/0x98 [ 31.648792] kfree+0x214/0x3c8 [ 31.648889] kasan_strings+0x24c/0xb00 [ 31.649048] kunit_try_run_case+0x170/0x3f0 [ 31.649137] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.649299] kthread+0x328/0x630 [ 31.649336] ret_from_fork+0x10/0x20 [ 31.649783] [ 31.649963] The buggy address belongs to the object at fff00000c9c23a00 [ 31.649963] which belongs to the cache kmalloc-32 of size 32 [ 31.650070] The buggy address is located 16 bytes inside of [ 31.650070] freed 32-byte region [fff00000c9c23a00, fff00000c9c23a20) [ 31.650261] [ 31.650283] The buggy address belongs to the physical page: [ 31.650434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c23 [ 31.650672] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.650851] page_type: f5(slab) [ 31.650965] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.651209] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.651423] page dumped because: kasan: bad access detected [ 31.651699] [ 31.651726] Memory state around the buggy address: [ 31.651762] fff00000c9c23900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.651810] fff00000c9c23980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.652302] >fff00000c9c23a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.652403] ^ [ 31.652625] fff00000c9c23a80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.652753] fff00000c9c23b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.652880] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 31.637709] ================================================================== [ 31.638091] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 31.638287] Read of size 1 at addr fff00000c9c23a10 by task kunit_try_catch/291 [ 31.638461] [ 31.638504] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.638638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.638670] Hardware name: linux,dummy-virt (DT) [ 31.638701] Call trace: [ 31.638734] show_stack+0x20/0x38 (C) [ 31.638786] dump_stack_lvl+0x8c/0xd0 [ 31.639080] print_report+0x118/0x5d0 [ 31.639208] kasan_report+0xdc/0x128 [ 31.639283] __asan_report_load1_noabort+0x20/0x30 [ 31.639542] kasan_strings+0x95c/0xb00 [ 31.639733] kunit_try_run_case+0x170/0x3f0 [ 31.639822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.639905] kthread+0x328/0x630 [ 31.639952] ret_from_fork+0x10/0x20 [ 31.640311] [ 31.640392] Allocated by task 291: [ 31.640472] kasan_save_stack+0x3c/0x68 [ 31.640569] kasan_save_track+0x20/0x40 [ 31.640613] kasan_save_alloc_info+0x40/0x58 [ 31.640944] __kasan_kmalloc+0xd4/0xd8 [ 31.641031] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.641185] kasan_strings+0xc8/0xb00 [ 31.641243] kunit_try_run_case+0x170/0x3f0 [ 31.641521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.641714] kthread+0x328/0x630 [ 31.641817] ret_from_fork+0x10/0x20 [ 31.642066] [ 31.642120] Freed by task 291: [ 31.642391] kasan_save_stack+0x3c/0x68 [ 31.642445] kasan_save_track+0x20/0x40 [ 31.642497] kasan_save_free_info+0x4c/0x78 [ 31.642538] __kasan_slab_free+0x6c/0x98 [ 31.642581] kfree+0x214/0x3c8 [ 31.642631] kasan_strings+0x24c/0xb00 [ 31.642679] kunit_try_run_case+0x170/0x3f0 [ 31.642730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.642787] kthread+0x328/0x630 [ 31.642825] ret_from_fork+0x10/0x20 [ 31.642862] [ 31.642886] The buggy address belongs to the object at fff00000c9c23a00 [ 31.642886] which belongs to the cache kmalloc-32 of size 32 [ 31.642947] The buggy address is located 16 bytes inside of [ 31.642947] freed 32-byte region [fff00000c9c23a00, fff00000c9c23a20) [ 31.643022] [ 31.643064] The buggy address belongs to the physical page: [ 31.643099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c23 [ 31.643161] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.643212] page_type: f5(slab) [ 31.643264] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.643326] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.643385] page dumped because: kasan: bad access detected [ 31.643434] [ 31.643454] Memory state around the buggy address: [ 31.643489] fff00000c9c23900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.643534] fff00000c9c23980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.643580] >fff00000c9c23a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.643663] ^ [ 31.643707] fff00000c9c23a80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.643753] fff00000c9c23b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.643794] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 31.627459] ================================================================== [ 31.627792] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 31.627952] Read of size 1 at addr fff00000c9c23a10 by task kunit_try_catch/291 [ 31.628270] [ 31.628356] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.628562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.628674] Hardware name: linux,dummy-virt (DT) [ 31.628756] Call trace: [ 31.628878] show_stack+0x20/0x38 (C) [ 31.628975] dump_stack_lvl+0x8c/0xd0 [ 31.629327] print_report+0x118/0x5d0 [ 31.629451] kasan_report+0xdc/0x128 [ 31.629614] __asan_report_load1_noabort+0x20/0x30 [ 31.629760] strcmp+0xc0/0xc8 [ 31.629900] kasan_strings+0x340/0xb00 [ 31.630195] kunit_try_run_case+0x170/0x3f0 [ 31.630418] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.630569] kthread+0x328/0x630 [ 31.630628] ret_from_fork+0x10/0x20 [ 31.630679] [ 31.630700] Allocated by task 291: [ 31.630748] kasan_save_stack+0x3c/0x68 [ 31.630806] kasan_save_track+0x20/0x40 [ 31.630847] kasan_save_alloc_info+0x40/0x58 [ 31.630889] __kasan_kmalloc+0xd4/0xd8 [ 31.630930] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.630974] kasan_strings+0xc8/0xb00 [ 31.631013] kunit_try_run_case+0x170/0x3f0 [ 31.631066] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.631125] kthread+0x328/0x630 [ 31.631161] ret_from_fork+0x10/0x20 [ 31.631210] [ 31.631245] Freed by task 291: [ 31.631291] kasan_save_stack+0x3c/0x68 [ 31.631343] kasan_save_track+0x20/0x40 [ 31.631385] kasan_save_free_info+0x4c/0x78 [ 31.631426] __kasan_slab_free+0x6c/0x98 [ 31.631477] kfree+0x214/0x3c8 [ 31.631530] kasan_strings+0x24c/0xb00 [ 31.631578] kunit_try_run_case+0x170/0x3f0 [ 31.631620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.632138] kthread+0x328/0x630 [ 31.632283] ret_from_fork+0x10/0x20 [ 31.632329] [ 31.632367] The buggy address belongs to the object at fff00000c9c23a00 [ 31.632367] which belongs to the cache kmalloc-32 of size 32 [ 31.632729] The buggy address is located 16 bytes inside of [ 31.632729] freed 32-byte region [fff00000c9c23a00, fff00000c9c23a20) [ 31.633401] [ 31.633808] The buggy address belongs to the physical page: [ 31.633864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c23 [ 31.633939] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.634022] page_type: f5(slab) [ 31.634106] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.634446] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.634589] page dumped because: kasan: bad access detected [ 31.634715] [ 31.634786] Memory state around the buggy address: [ 31.634878] fff00000c9c23900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.635177] fff00000c9c23980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.635345] >fff00000c9c23a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.635421] ^ [ 31.635615] fff00000c9c23a80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.635733] fff00000c9c23b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.636003] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 31.606624] ================================================================== [ 31.606696] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 31.607129] Read of size 1 at addr fff00000c9c23858 by task kunit_try_catch/289 [ 31.607240] [ 31.607298] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.607547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.607593] Hardware name: linux,dummy-virt (DT) [ 31.607632] Call trace: [ 31.607932] show_stack+0x20/0x38 (C) [ 31.608165] dump_stack_lvl+0x8c/0xd0 [ 31.608341] print_report+0x118/0x5d0 [ 31.608580] kasan_report+0xdc/0x128 [ 31.608906] __asan_report_load1_noabort+0x20/0x30 [ 31.609020] memcmp+0x198/0x1d8 [ 31.609250] kasan_memcmp+0x16c/0x300 [ 31.609475] kunit_try_run_case+0x170/0x3f0 [ 31.609576] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.609637] kthread+0x328/0x630 [ 31.610028] ret_from_fork+0x10/0x20 [ 31.610224] [ 31.610466] Allocated by task 289: [ 31.610662] kasan_save_stack+0x3c/0x68 [ 31.610808] kasan_save_track+0x20/0x40 [ 31.610849] kasan_save_alloc_info+0x40/0x58 [ 31.610896] __kasan_kmalloc+0xd4/0xd8 [ 31.610937] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.611029] kasan_memcmp+0xbc/0x300 [ 31.611086] kunit_try_run_case+0x170/0x3f0 [ 31.611139] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.611195] kthread+0x328/0x630 [ 31.611240] ret_from_fork+0x10/0x20 [ 31.611286] [ 31.611308] The buggy address belongs to the object at fff00000c9c23840 [ 31.611308] which belongs to the cache kmalloc-32 of size 32 [ 31.611382] The buggy address is located 0 bytes to the right of [ 31.611382] allocated 24-byte region [fff00000c9c23840, fff00000c9c23858) [ 31.611450] [ 31.611475] The buggy address belongs to the physical page: [ 31.611509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c23 [ 31.611575] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.612042] page_type: f5(slab) [ 31.612300] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 31.612385] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 31.612616] page dumped because: kasan: bad access detected [ 31.612822] [ 31.612890] Memory state around the buggy address: [ 31.612926] fff00000c9c23700: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.613375] fff00000c9c23780: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 31.613451] >fff00000c9c23800: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 31.613796] ^ [ 31.613870] fff00000c9c23880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.614206] fff00000c9c23900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.614543] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 31.581997] ================================================================== [ 31.582143] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 31.582207] Read of size 1 at addr ffff800080be7b4a by task kunit_try_catch/285 [ 31.582302] [ 31.582336] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.582426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.582645] Hardware name: linux,dummy-virt (DT) [ 31.582689] Call trace: [ 31.582776] show_stack+0x20/0x38 (C) [ 31.582848] dump_stack_lvl+0x8c/0xd0 [ 31.582898] print_report+0x310/0x5d0 [ 31.582944] kasan_report+0xdc/0x128 [ 31.583204] __asan_report_load1_noabort+0x20/0x30 [ 31.583338] kasan_alloca_oob_right+0x2dc/0x340 [ 31.583422] kunit_try_run_case+0x170/0x3f0 [ 31.583500] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.583575] kthread+0x328/0x630 [ 31.583671] ret_from_fork+0x10/0x20 [ 31.583816] [ 31.583889] The buggy address belongs to stack of task kunit_try_catch/285 [ 31.583998] [ 31.584063] The buggy address ffff800080be7b4a belongs to a vmalloc virtual mapping [ 31.584408] The buggy address belongs to the physical page: [ 31.584514] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107370 [ 31.584753] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.584866] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.584923] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.584964] page dumped because: kasan: bad access detected [ 31.584998] [ 31.585018] Memory state around the buggy address: [ 31.585430] ffff800080be7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.585604] ffff800080be7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.585742] >ffff800080be7b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 31.585809] ^ [ 31.585949] ffff800080be7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 31.586073] ffff800080be7c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.586387] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 31.573914] ================================================================== [ 31.573992] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 31.574049] Read of size 1 at addr ffff800080c07b5f by task kunit_try_catch/283 [ 31.574120] [ 31.574169] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.574260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.574290] Hardware name: linux,dummy-virt (DT) [ 31.574333] Call trace: [ 31.574366] show_stack+0x20/0x38 (C) [ 31.574420] dump_stack_lvl+0x8c/0xd0 [ 31.574471] print_report+0x310/0x5d0 [ 31.574518] kasan_report+0xdc/0x128 [ 31.574564] __asan_report_load1_noabort+0x20/0x30 [ 31.574614] kasan_alloca_oob_left+0x2b8/0x310 [ 31.574665] kunit_try_run_case+0x170/0x3f0 [ 31.574717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.574774] kthread+0x328/0x630 [ 31.574826] ret_from_fork+0x10/0x20 [ 31.574878] [ 31.574901] The buggy address belongs to stack of task kunit_try_catch/283 [ 31.574970] [ 31.574998] The buggy address ffff800080c07b5f belongs to a vmalloc virtual mapping [ 31.575439] The buggy address belongs to the physical page: [ 31.575697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c27 [ 31.575802] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.576039] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.576111] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.576155] page dumped because: kasan: bad access detected [ 31.576190] [ 31.576210] Memory state around the buggy address: [ 31.576244] ffff800080c07a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.576290] ffff800080c07a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.576335] >ffff800080c07b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 31.576518] ^ [ 31.576650] ffff800080c07b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 31.576734] ffff800080c07c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.576830] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 31.562927] ================================================================== [ 31.563044] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 31.563119] Read of size 1 at addr ffff800080be7c2a by task kunit_try_catch/281 [ 31.563171] [ 31.563206] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.563452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.563495] Hardware name: linux,dummy-virt (DT) [ 31.563530] Call trace: [ 31.563555] show_stack+0x20/0x38 (C) [ 31.563716] dump_stack_lvl+0x8c/0xd0 [ 31.563854] print_report+0x310/0x5d0 [ 31.563986] kasan_report+0xdc/0x128 [ 31.564076] __asan_report_load1_noabort+0x20/0x30 [ 31.564163] kasan_stack_oob+0x238/0x270 [ 31.564212] kunit_try_run_case+0x170/0x3f0 [ 31.564263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.564318] kthread+0x328/0x630 [ 31.564482] ret_from_fork+0x10/0x20 [ 31.564572] [ 31.564761] The buggy address belongs to stack of task kunit_try_catch/281 [ 31.565047] and is located at offset 138 in frame: [ 31.565140] kasan_stack_oob+0x0/0x270 [ 31.565376] [ 31.565595] This frame has 4 objects: [ 31.565901] [48, 49) '__assertion' [ 31.565985] [64, 72) 'array' [ 31.566020] [96, 112) '__assertion' [ 31.566076] [128, 138) 'stack_array' [ 31.566266] [ 31.566358] The buggy address ffff800080be7c2a belongs to a vmalloc virtual mapping [ 31.566465] The buggy address belongs to the physical page: [ 31.566563] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107370 [ 31.566666] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.566770] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.567104] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.567162] page dumped because: kasan: bad access detected [ 31.567282] [ 31.567348] Memory state around the buggy address: [ 31.567389] ffff800080be7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.567498] ffff800080be7b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 31.567579] >ffff800080be7c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 31.567623] ^ [ 31.567659] ffff800080be7c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 31.567705] ffff800080be7d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 31.567746] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 31.544185] ================================================================== [ 31.544246] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 31.544614] Read of size 1 at addr ffff9ae325efd6cd by task kunit_try_catch/277 [ 31.544739] [ 31.544920] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.545006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.545158] Hardware name: linux,dummy-virt (DT) [ 31.545244] Call trace: [ 31.545276] show_stack+0x20/0x38 (C) [ 31.545356] dump_stack_lvl+0x8c/0xd0 [ 31.545405] print_report+0x310/0x5d0 [ 31.545448] kasan_report+0xdc/0x128 [ 31.545539] __asan_report_load1_noabort+0x20/0x30 [ 31.545587] kasan_global_oob_right+0x230/0x270 [ 31.545635] kunit_try_run_case+0x170/0x3f0 [ 31.545859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.545924] kthread+0x328/0x630 [ 31.546203] ret_from_fork+0x10/0x20 [ 31.546374] [ 31.546574] The buggy address belongs to the variable: [ 31.546606] global_array+0xd/0x40 [ 31.547042] [ 31.547227] The buggy address ffff9ae325efd6cd belongs to a vmalloc virtual mapping [ 31.547754] The buggy address belongs to the physical page: [ 31.547795] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47cfd [ 31.548087] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 31.548164] raw: 03fffe0000002000 ffffc1ffc01f3f48 ffffc1ffc01f3f48 0000000000000000 [ 31.548261] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.548356] page dumped because: kasan: bad access detected [ 31.548482] [ 31.548603] Memory state around the buggy address: [ 31.548693] ffff9ae325efd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.549083] ffff9ae325efd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.549242] >ffff9ae325efd680: 02 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 31.549350] ^ [ 31.549427] ffff9ae325efd700: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 31.549472] ffff9ae325efd780: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 31.549672] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 31.536702] ================================================================== [ 31.536764] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.536893] Free of addr fff00000c9ad4001 by task kunit_try_catch/275 [ 31.536972] [ 31.537015] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.537119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.537167] Hardware name: linux,dummy-virt (DT) [ 31.537204] Call trace: [ 31.537236] show_stack+0x20/0x38 (C) [ 31.537286] dump_stack_lvl+0x8c/0xd0 [ 31.537335] print_report+0x118/0x5d0 [ 31.537388] kasan_report_invalid_free+0xc0/0xe8 [ 31.537625] __kasan_mempool_poison_object+0xfc/0x150 [ 31.537686] mempool_free+0x28c/0x328 [ 31.537786] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.537871] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 31.537925] kunit_try_run_case+0x170/0x3f0 [ 31.537976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.538096] kthread+0x328/0x630 [ 31.538141] ret_from_fork+0x10/0x20 [ 31.538453] [ 31.538510] The buggy address belongs to the physical page: [ 31.538545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad4 [ 31.538654] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.538704] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.538756] page_type: f8(unknown) [ 31.538807] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.538860] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.538910] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.538959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.539008] head: 0bfffe0000000002 ffffc1ffc326b501 00000000ffffffff 00000000ffffffff [ 31.539344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.539394] page dumped because: kasan: bad access detected [ 31.539483] [ 31.539577] Memory state around the buggy address: [ 31.539640] fff00000c9ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.539712] fff00000c9ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.539806] >fff00000c9ad4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.539885] ^ [ 31.539913] fff00000c9ad4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.539986] fff00000c9ad4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.540106] ================================================================== [ 31.523041] ================================================================== [ 31.524977] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.525083] Free of addr fff00000c7d40e01 by task kunit_try_catch/273 [ 31.525136] [ 31.525167] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.525397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.525439] Hardware name: linux,dummy-virt (DT) [ 31.525470] Call trace: [ 31.525494] show_stack+0x20/0x38 (C) [ 31.526066] dump_stack_lvl+0x8c/0xd0 [ 31.526122] print_report+0x118/0x5d0 [ 31.526166] kasan_report_invalid_free+0xc0/0xe8 [ 31.526214] check_slab_allocation+0xfc/0x108 [ 31.526263] __kasan_mempool_poison_object+0x78/0x150 [ 31.526317] mempool_free+0x28c/0x328 [ 31.526363] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 31.526417] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.526467] kunit_try_run_case+0x170/0x3f0 [ 31.526517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.526571] kthread+0x328/0x630 [ 31.526612] ret_from_fork+0x10/0x20 [ 31.526661] [ 31.526679] Allocated by task 273: [ 31.526708] kasan_save_stack+0x3c/0x68 [ 31.526750] kasan_save_track+0x20/0x40 [ 31.526787] kasan_save_alloc_info+0x40/0x58 [ 31.526826] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.526868] remove_element+0x130/0x1f8 [ 31.526903] mempool_alloc_preallocated+0x58/0xc0 [ 31.526942] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 31.526985] mempool_kmalloc_invalid_free+0xc0/0x118 [ 31.527027] kunit_try_run_case+0x170/0x3f0 [ 31.527077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.527163] kthread+0x328/0x630 [ 31.527279] ret_from_fork+0x10/0x20 [ 31.527314] [ 31.527334] The buggy address belongs to the object at fff00000c7d40e00 [ 31.527334] which belongs to the cache kmalloc-128 of size 128 [ 31.527631] The buggy address is located 1 bytes inside of [ 31.527631] 128-byte region [fff00000c7d40e00, fff00000c7d40e80) [ 31.527694] [ 31.527715] The buggy address belongs to the physical page: [ 31.527758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d40 [ 31.527812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.527872] page_type: f5(slab) [ 31.528162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.528245] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.528287] page dumped because: kasan: bad access detected [ 31.528560] [ 31.528578] Memory state around the buggy address: [ 31.528608] fff00000c7d40d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.528651] fff00000c7d40d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.528754] >fff00000c7d40e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.528851] ^ [ 31.528888] fff00000c7d40e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.529010] fff00000c7d40f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.529061] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 31.514933] ================================================================== [ 31.514999] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.515072] Free of addr fff00000c9ad4000 by task kunit_try_catch/271 [ 31.515120] [ 31.515164] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.515261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.515353] Hardware name: linux,dummy-virt (DT) [ 31.515703] Call trace: [ 31.515726] show_stack+0x20/0x38 (C) [ 31.515807] dump_stack_lvl+0x8c/0xd0 [ 31.516237] print_report+0x118/0x5d0 [ 31.516422] kasan_report_invalid_free+0xc0/0xe8 [ 31.516476] __kasan_mempool_poison_pages+0xe0/0xe8 [ 31.516533] mempool_free+0x24c/0x328 [ 31.516581] mempool_double_free_helper+0x150/0x2e8 [ 31.516635] mempool_page_alloc_double_free+0xbc/0x118 [ 31.516691] kunit_try_run_case+0x170/0x3f0 [ 31.516741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.517286] kthread+0x328/0x630 [ 31.517372] ret_from_fork+0x10/0x20 [ 31.517481] [ 31.517502] The buggy address belongs to the physical page: [ 31.517650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad4 [ 31.517715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.517783] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.517836] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.517882] page dumped because: kasan: bad access detected [ 31.517917] [ 31.517937] Memory state around the buggy address: [ 31.517970] fff00000c9ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.518021] fff00000c9ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.518081] >fff00000c9ad4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.518126] ^ [ 31.518157] fff00000c9ad4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.518206] fff00000c9ad4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.518251] ================================================================== [ 31.488536] ================================================================== [ 31.488644] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.488909] Free of addr fff00000c7d40a00 by task kunit_try_catch/267 [ 31.489092] [ 31.489133] CPU: 1 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.489222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.489389] Hardware name: linux,dummy-virt (DT) [ 31.489427] Call trace: [ 31.489460] show_stack+0x20/0x38 (C) [ 31.489532] dump_stack_lvl+0x8c/0xd0 [ 31.489584] print_report+0x118/0x5d0 [ 31.489683] kasan_report_invalid_free+0xc0/0xe8 [ 31.489736] check_slab_allocation+0xd4/0x108 [ 31.489795] __kasan_mempool_poison_object+0x78/0x150 [ 31.489989] mempool_free+0x28c/0x328 [ 31.490044] mempool_double_free_helper+0x150/0x2e8 [ 31.490109] mempool_kmalloc_double_free+0xc0/0x118 [ 31.490160] kunit_try_run_case+0x170/0x3f0 [ 31.490350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.490513] kthread+0x328/0x630 [ 31.490568] ret_from_fork+0x10/0x20 [ 31.490770] [ 31.490801] Allocated by task 267: [ 31.490860] kasan_save_stack+0x3c/0x68 [ 31.490913] kasan_save_track+0x20/0x40 [ 31.490974] kasan_save_alloc_info+0x40/0x58 [ 31.491066] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.491116] remove_element+0x130/0x1f8 [ 31.491192] mempool_alloc_preallocated+0x58/0xc0 [ 31.491276] mempool_double_free_helper+0x94/0x2e8 [ 31.491405] mempool_kmalloc_double_free+0xc0/0x118 [ 31.491620] kunit_try_run_case+0x170/0x3f0 [ 31.491748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.491865] kthread+0x328/0x630 [ 31.491933] ret_from_fork+0x10/0x20 [ 31.491970] [ 31.492014] Freed by task 267: [ 31.492041] kasan_save_stack+0x3c/0x68 [ 31.492500] kasan_save_track+0x20/0x40 [ 31.492629] kasan_save_free_info+0x4c/0x78 [ 31.492713] __kasan_mempool_poison_object+0xc0/0x150 [ 31.492764] mempool_free+0x28c/0x328 [ 31.492950] mempool_double_free_helper+0x100/0x2e8 [ 31.493001] mempool_kmalloc_double_free+0xc0/0x118 [ 31.493199] kunit_try_run_case+0x170/0x3f0 [ 31.493285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.493428] kthread+0x328/0x630 [ 31.493494] ret_from_fork+0x10/0x20 [ 31.493531] [ 31.493569] The buggy address belongs to the object at fff00000c7d40a00 [ 31.493569] which belongs to the cache kmalloc-128 of size 128 [ 31.493778] The buggy address is located 0 bytes inside of [ 31.493778] 128-byte region [fff00000c7d40a00, fff00000c7d40a80) [ 31.494039] [ 31.494085] The buggy address belongs to the physical page: [ 31.494120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d40 [ 31.494367] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.494592] page_type: f5(slab) [ 31.494691] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.494782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.495123] page dumped because: kasan: bad access detected [ 31.495199] [ 31.495302] Memory state around the buggy address: [ 31.495514] fff00000c7d40900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.495748] fff00000c7d40980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.495827] >fff00000c7d40a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.495942] ^ [ 31.496128] fff00000c7d40a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.496174] fff00000c7d40b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.496213] ================================================================== [ 31.502566] ================================================================== [ 31.502627] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 31.502681] Free of addr fff00000c9ad4000 by task kunit_try_catch/269 [ 31.502908] [ 31.502952] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.503065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.503104] Hardware name: linux,dummy-virt (DT) [ 31.503138] Call trace: [ 31.503170] show_stack+0x20/0x38 (C) [ 31.503222] dump_stack_lvl+0x8c/0xd0 [ 31.503369] print_report+0x118/0x5d0 [ 31.503417] kasan_report_invalid_free+0xc0/0xe8 [ 31.503639] __kasan_mempool_poison_object+0x14c/0x150 [ 31.503739] mempool_free+0x28c/0x328 [ 31.503828] mempool_double_free_helper+0x150/0x2e8 [ 31.503905] mempool_kmalloc_large_double_free+0xc0/0x118 [ 31.504092] kunit_try_run_case+0x170/0x3f0 [ 31.504190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.504254] kthread+0x328/0x630 [ 31.504363] ret_from_fork+0x10/0x20 [ 31.504517] [ 31.504559] The buggy address belongs to the physical page: [ 31.504703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad4 [ 31.504885] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.504969] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.505050] page_type: f8(unknown) [ 31.505197] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.505401] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.505487] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.505559] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.505644] head: 0bfffe0000000002 ffffc1ffc326b501 00000000ffffffff 00000000ffffffff [ 31.505756] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.505879] page dumped because: kasan: bad access detected [ 31.506028] [ 31.506141] Memory state around the buggy address: [ 31.506275] fff00000c9ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.506351] fff00000c9ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.506562] >fff00000c9ad4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.506754] ^ [ 31.506873] fff00000c9ad4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.507035] fff00000c9ad4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.507267] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 31.410154] ================================================================== [ 31.410226] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.410406] Read of size 1 at addr fff00000c9acc000 by task kunit_try_catch/261 [ 31.410577] [ 31.410716] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.410803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.410830] Hardware name: linux,dummy-virt (DT) [ 31.410860] Call trace: [ 31.410884] show_stack+0x20/0x38 (C) [ 31.410939] dump_stack_lvl+0x8c/0xd0 [ 31.411029] print_report+0x118/0x5d0 [ 31.411296] kasan_report+0xdc/0x128 [ 31.411719] __asan_report_load1_noabort+0x20/0x30 [ 31.411781] mempool_uaf_helper+0x314/0x340 [ 31.411831] mempool_kmalloc_large_uaf+0xc4/0x120 [ 31.411878] kunit_try_run_case+0x170/0x3f0 [ 31.411928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.412392] kthread+0x328/0x630 [ 31.412681] ret_from_fork+0x10/0x20 [ 31.412990] [ 31.413016] The buggy address belongs to the physical page: [ 31.413064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109acc [ 31.413126] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.413173] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.413526] page_type: f8(unknown) [ 31.413572] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.413625] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.413976] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.414071] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.414143] head: 0bfffe0000000002 ffffc1ffc326b301 00000000ffffffff 00000000ffffffff [ 31.414470] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.414631] page dumped because: kasan: bad access detected [ 31.414664] [ 31.414683] Memory state around the buggy address: [ 31.414717] fff00000c9acbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.414862] fff00000c9acbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.415225] >fff00000c9acc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.415279] ^ [ 31.415311] fff00000c9acc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.415569] fff00000c9acc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.415688] ================================================================== [ 31.478072] ================================================================== [ 31.478176] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.478318] Read of size 1 at addr fff00000c9ad0000 by task kunit_try_catch/265 [ 31.478404] [ 31.478623] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.478740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.478767] Hardware name: linux,dummy-virt (DT) [ 31.478822] Call trace: [ 31.478848] show_stack+0x20/0x38 (C) [ 31.478959] dump_stack_lvl+0x8c/0xd0 [ 31.479015] print_report+0x118/0x5d0 [ 31.479073] kasan_report+0xdc/0x128 [ 31.479150] __asan_report_load1_noabort+0x20/0x30 [ 31.479201] mempool_uaf_helper+0x314/0x340 [ 31.479248] mempool_page_alloc_uaf+0xc0/0x118 [ 31.479294] kunit_try_run_case+0x170/0x3f0 [ 31.479345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.479404] kthread+0x328/0x630 [ 31.479456] ret_from_fork+0x10/0x20 [ 31.479824] [ 31.480164] The buggy address belongs to the physical page: [ 31.480211] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad0 [ 31.480269] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.480554] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 31.480661] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.480855] page dumped because: kasan: bad access detected [ 31.480938] [ 31.481017] Memory state around the buggy address: [ 31.481339] fff00000c9acff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.481475] fff00000c9acff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.481629] >fff00000c9ad0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.481671] ^ [ 31.481925] fff00000c9ad0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.482021] fff00000c9ad0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.482096] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 31.428835] ================================================================== [ 31.428906] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.428960] Read of size 1 at addr fff00000c7d7a240 by task kunit_try_catch/263 [ 31.429009] [ 31.429039] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.429442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.429643] Hardware name: linux,dummy-virt (DT) [ 31.429796] Call trace: [ 31.429909] show_stack+0x20/0x38 (C) [ 31.429961] dump_stack_lvl+0x8c/0xd0 [ 31.430015] print_report+0x118/0x5d0 [ 31.430390] kasan_report+0xdc/0x128 [ 31.430559] __asan_report_load1_noabort+0x20/0x30 [ 31.430611] mempool_uaf_helper+0x314/0x340 [ 31.430659] mempool_slab_uaf+0xc0/0x118 [ 31.430992] kunit_try_run_case+0x170/0x3f0 [ 31.431089] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.431145] kthread+0x328/0x630 [ 31.431187] ret_from_fork+0x10/0x20 [ 31.431384] [ 31.431414] Allocated by task 263: [ 31.431665] kasan_save_stack+0x3c/0x68 [ 31.431781] kasan_save_track+0x20/0x40 [ 31.431822] kasan_save_alloc_info+0x40/0x58 [ 31.431860] __kasan_mempool_unpoison_object+0xbc/0x180 [ 31.431942] remove_element+0x16c/0x1f8 [ 31.431980] mempool_alloc_preallocated+0x58/0xc0 [ 31.432020] mempool_uaf_helper+0xa4/0x340 [ 31.432068] mempool_slab_uaf+0xc0/0x118 [ 31.432104] kunit_try_run_case+0x170/0x3f0 [ 31.432145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.432189] kthread+0x328/0x630 [ 31.432223] ret_from_fork+0x10/0x20 [ 31.432714] [ 31.432774] Freed by task 263: [ 31.432845] kasan_save_stack+0x3c/0x68 [ 31.432896] kasan_save_track+0x20/0x40 [ 31.432994] kasan_save_free_info+0x4c/0x78 [ 31.433062] __kasan_mempool_poison_object+0xc0/0x150 [ 31.433160] mempool_free+0x28c/0x328 [ 31.433196] mempool_uaf_helper+0x104/0x340 [ 31.433255] mempool_slab_uaf+0xc0/0x118 [ 31.433487] kunit_try_run_case+0x170/0x3f0 [ 31.433529] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.433575] kthread+0x328/0x630 [ 31.433629] ret_from_fork+0x10/0x20 [ 31.433811] [ 31.433874] The buggy address belongs to the object at fff00000c7d7a240 [ 31.433874] which belongs to the cache test_cache of size 123 [ 31.433957] The buggy address is located 0 bytes inside of [ 31.433957] freed 123-byte region [fff00000c7d7a240, fff00000c7d7a2bb) [ 31.434331] [ 31.434657] The buggy address belongs to the physical page: [ 31.434713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d7a [ 31.434862] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.435100] page_type: f5(slab) [ 31.435182] raw: 0bfffe0000000000 fff00000c3f54500 dead000000000122 0000000000000000 [ 31.435234] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 31.435276] page dumped because: kasan: bad access detected [ 31.435308] [ 31.435326] Memory state around the buggy address: [ 31.435359] fff00000c7d7a100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.435401] fff00000c7d7a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.435445] >fff00000c7d7a200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.435483] ^ [ 31.436232] fff00000c7d7a280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.436362] fff00000c7d7a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.436401] ================================================================== [ 31.388151] ================================================================== [ 31.388222] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 31.388781] Read of size 1 at addr fff00000c7d40600 by task kunit_try_catch/259 [ 31.388944] [ 31.389021] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.389129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.389157] Hardware name: linux,dummy-virt (DT) [ 31.389461] Call trace: [ 31.389754] show_stack+0x20/0x38 (C) [ 31.389835] dump_stack_lvl+0x8c/0xd0 [ 31.389887] print_report+0x118/0x5d0 [ 31.389931] kasan_report+0xdc/0x128 [ 31.390023] __asan_report_load1_noabort+0x20/0x30 [ 31.390147] mempool_uaf_helper+0x314/0x340 [ 31.390200] mempool_kmalloc_uaf+0xc4/0x120 [ 31.390549] kunit_try_run_case+0x170/0x3f0 [ 31.390712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.390768] kthread+0x328/0x630 [ 31.390810] ret_from_fork+0x10/0x20 [ 31.390869] [ 31.390890] Allocated by task 259: [ 31.391046] kasan_save_stack+0x3c/0x68 [ 31.391480] kasan_save_track+0x20/0x40 [ 31.391554] kasan_save_alloc_info+0x40/0x58 [ 31.391791] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.391841] remove_element+0x130/0x1f8 [ 31.391882] mempool_alloc_preallocated+0x58/0xc0 [ 31.392227] mempool_uaf_helper+0xa4/0x340 [ 31.392343] mempool_kmalloc_uaf+0xc4/0x120 [ 31.392383] kunit_try_run_case+0x170/0x3f0 [ 31.392448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.392493] kthread+0x328/0x630 [ 31.392527] ret_from_fork+0x10/0x20 [ 31.392720] [ 31.392741] Freed by task 259: [ 31.392771] kasan_save_stack+0x3c/0x68 [ 31.392812] kasan_save_track+0x20/0x40 [ 31.392850] kasan_save_free_info+0x4c/0x78 [ 31.392927] __kasan_mempool_poison_object+0xc0/0x150 [ 31.393427] mempool_free+0x28c/0x328 [ 31.393504] mempool_uaf_helper+0x104/0x340 [ 31.393544] mempool_kmalloc_uaf+0xc4/0x120 [ 31.393594] kunit_try_run_case+0x170/0x3f0 [ 31.393633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.394072] kthread+0x328/0x630 [ 31.394153] ret_from_fork+0x10/0x20 [ 31.394251] [ 31.394317] The buggy address belongs to the object at fff00000c7d40600 [ 31.394317] which belongs to the cache kmalloc-128 of size 128 [ 31.394389] The buggy address is located 0 bytes inside of [ 31.394389] freed 128-byte region [fff00000c7d40600, fff00000c7d40680) [ 31.394451] [ 31.394473] The buggy address belongs to the physical page: [ 31.394516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d40 [ 31.394571] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.395095] page_type: f5(slab) [ 31.395167] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.395302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.395453] page dumped because: kasan: bad access detected [ 31.395485] [ 31.395585] Memory state around the buggy address: [ 31.395724] fff00000c7d40500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.395769] fff00000c7d40580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.395831] >fff00000c7d40600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.396191] ^ [ 31.396241] fff00000c7d40680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.396378] fff00000c7d40700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.396418] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 31.309326] ================================================================== [ 31.309398] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.309476] Read of size 1 at addr fff00000c7d40273 by task kunit_try_catch/253 [ 31.309529] [ 31.309574] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.309668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.309696] Hardware name: linux,dummy-virt (DT) [ 31.309731] Call trace: [ 31.309758] show_stack+0x20/0x38 (C) [ 31.309812] dump_stack_lvl+0x8c/0xd0 [ 31.309864] print_report+0x118/0x5d0 [ 31.310527] kasan_report+0xdc/0x128 [ 31.310700] __asan_report_load1_noabort+0x20/0x30 [ 31.310754] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.310807] mempool_kmalloc_oob_right+0xc4/0x120 [ 31.311050] kunit_try_run_case+0x170/0x3f0 [ 31.311130] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.311292] kthread+0x328/0x630 [ 31.311336] ret_from_fork+0x10/0x20 [ 31.311388] [ 31.311408] Allocated by task 253: [ 31.311439] kasan_save_stack+0x3c/0x68 [ 31.311481] kasan_save_track+0x20/0x40 [ 31.311520] kasan_save_alloc_info+0x40/0x58 [ 31.311923] __kasan_mempool_unpoison_object+0x11c/0x180 [ 31.311970] remove_element+0x130/0x1f8 [ 31.312126] mempool_alloc_preallocated+0x58/0xc0 [ 31.312331] mempool_oob_right_helper+0x98/0x2f0 [ 31.312379] mempool_kmalloc_oob_right+0xc4/0x120 [ 31.312420] kunit_try_run_case+0x170/0x3f0 [ 31.312498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.312601] kthread+0x328/0x630 [ 31.312674] ret_from_fork+0x10/0x20 [ 31.312783] [ 31.312804] The buggy address belongs to the object at fff00000c7d40200 [ 31.312804] which belongs to the cache kmalloc-128 of size 128 [ 31.312909] The buggy address is located 0 bytes to the right of [ 31.312909] allocated 115-byte region [fff00000c7d40200, fff00000c7d40273) [ 31.313048] [ 31.313084] The buggy address belongs to the physical page: [ 31.313184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d40 [ 31.313296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.313447] page_type: f5(slab) [ 31.313534] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.313651] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.313701] page dumped because: kasan: bad access detected [ 31.313834] [ 31.313873] Memory state around the buggy address: [ 31.313929] fff00000c7d40100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.314027] fff00000c7d40180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.314079] >fff00000c7d40200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.314118] ^ [ 31.314159] fff00000c7d40280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.314202] fff00000c7d40300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.314241] ================================================================== [ 31.341358] ================================================================== [ 31.341605] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.342122] Read of size 1 at addr fff00000c7d542bb by task kunit_try_catch/257 [ 31.342340] [ 31.342386] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.342496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.342522] Hardware name: linux,dummy-virt (DT) [ 31.342554] Call trace: [ 31.342882] show_stack+0x20/0x38 (C) [ 31.343177] dump_stack_lvl+0x8c/0xd0 [ 31.343240] print_report+0x118/0x5d0 [ 31.343322] kasan_report+0xdc/0x128 [ 31.343364] __asan_report_load1_noabort+0x20/0x30 [ 31.343414] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.343463] mempool_slab_oob_right+0xc0/0x118 [ 31.343817] kunit_try_run_case+0x170/0x3f0 [ 31.343872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.343927] kthread+0x328/0x630 [ 31.344224] ret_from_fork+0x10/0x20 [ 31.344283] [ 31.344323] Allocated by task 257: [ 31.344354] kasan_save_stack+0x3c/0x68 [ 31.344399] kasan_save_track+0x20/0x40 [ 31.344437] kasan_save_alloc_info+0x40/0x58 [ 31.344691] __kasan_mempool_unpoison_object+0xbc/0x180 [ 31.345227] remove_element+0x16c/0x1f8 [ 31.345413] mempool_alloc_preallocated+0x58/0xc0 [ 31.345683] mempool_oob_right_helper+0x98/0x2f0 [ 31.345759] mempool_slab_oob_right+0xc0/0x118 [ 31.345801] kunit_try_run_case+0x170/0x3f0 [ 31.345850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.345982] kthread+0x328/0x630 [ 31.346016] ret_from_fork+0x10/0x20 [ 31.346064] [ 31.346084] The buggy address belongs to the object at fff00000c7d54240 [ 31.346084] which belongs to the cache test_cache of size 123 [ 31.346490] The buggy address is located 0 bytes to the right of [ 31.346490] allocated 123-byte region [fff00000c7d54240, fff00000c7d542bb) [ 31.346597] [ 31.346682] The buggy address belongs to the physical page: [ 31.346749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d54 [ 31.346800] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.346894] page_type: f5(slab) [ 31.347031] raw: 0bfffe0000000000 fff00000c3f543c0 dead000000000122 0000000000000000 [ 31.347334] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 31.347426] page dumped because: kasan: bad access detected [ 31.347459] [ 31.347477] Memory state around the buggy address: [ 31.347511] fff00000c7d54180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.347557] fff00000c7d54200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 31.347603] >fff00000c7d54280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 31.347648] ^ [ 31.348188] fff00000c7d54300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.348615] fff00000c7d54380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.349123] ================================================================== [ 31.325877] ================================================================== [ 31.325942] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 31.326002] Read of size 1 at addr fff00000c9ace001 by task kunit_try_catch/255 [ 31.326340] [ 31.326386] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 31.326478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.326505] Hardware name: linux,dummy-virt (DT) [ 31.326537] Call trace: [ 31.326791] show_stack+0x20/0x38 (C) [ 31.327143] dump_stack_lvl+0x8c/0xd0 [ 31.327414] print_report+0x118/0x5d0 [ 31.327791] kasan_report+0xdc/0x128 [ 31.327843] __asan_report_load1_noabort+0x20/0x30 [ 31.327894] mempool_oob_right_helper+0x2ac/0x2f0 [ 31.327943] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 31.327995] kunit_try_run_case+0x170/0x3f0 [ 31.328048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.328113] kthread+0x328/0x630 [ 31.328155] ret_from_fork+0x10/0x20 [ 31.328202] [ 31.328225] The buggy address belongs to the physical page: [ 31.328258] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109acc [ 31.328309] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.328355] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.328409] page_type: f8(unknown) [ 31.328449] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.328500] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.328550] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 31.328598] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 31.328648] head: 0bfffe0000000002 ffffc1ffc326b301 00000000ffffffff 00000000ffffffff [ 31.328697] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 31.328738] page dumped because: kasan: bad access detected [ 31.328770] [ 31.328788] Memory state around the buggy address: [ 31.328819] fff00000c9acdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.328860] fff00000c9acdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.328903] >fff00000c9ace000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.328943] ^ [ 31.328971] fff00000c9ace080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.329013] fff00000c9ace100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 31.329059] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 30.738586] ================================================================== [ 30.738666] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 30.738743] Read of size 1 at addr fff00000c4412b40 by task kunit_try_catch/247 [ 30.738795] [ 30.738837] CPU: 0 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 30.738927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.738954] Hardware name: linux,dummy-virt (DT) [ 30.738987] Call trace: [ 30.739014] show_stack+0x20/0x38 (C) [ 30.739081] dump_stack_lvl+0x8c/0xd0 [ 30.739136] print_report+0x118/0x5d0 [ 30.739181] kasan_report+0xdc/0x128 [ 30.739225] __kasan_check_byte+0x54/0x70 [ 30.739274] kmem_cache_destroy+0x34/0x218 [ 30.739324] kmem_cache_double_destroy+0x174/0x300 [ 30.739373] kunit_try_run_case+0x170/0x3f0 [ 30.739426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.739480] kthread+0x328/0x630 [ 30.739526] ret_from_fork+0x10/0x20 [ 30.739574] [ 30.739595] Allocated by task 247: [ 30.739624] kasan_save_stack+0x3c/0x68 [ 30.739670] kasan_save_track+0x20/0x40 [ 30.739709] kasan_save_alloc_info+0x40/0x58 [ 30.739746] __kasan_slab_alloc+0xa8/0xb0 [ 30.739784] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.739827] __kmem_cache_create_args+0x178/0x280 [ 30.739867] kmem_cache_double_destroy+0xc0/0x300 [ 30.739908] kunit_try_run_case+0x170/0x3f0 [ 30.739949] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.739995] kthread+0x328/0x630 [ 30.740027] ret_from_fork+0x10/0x20 [ 30.740074] [ 30.740092] Freed by task 247: [ 30.740118] kasan_save_stack+0x3c/0x68 [ 30.740157] kasan_save_track+0x20/0x40 [ 30.740194] kasan_save_free_info+0x4c/0x78 [ 30.740232] __kasan_slab_free+0x6c/0x98 [ 30.740271] kmem_cache_free+0x260/0x468 [ 30.740308] slab_kmem_cache_release+0x38/0x50 [ 30.740349] kmem_cache_release+0x1c/0x30 [ 30.740385] kobject_put+0x17c/0x420 [ 30.740423] sysfs_slab_release+0x1c/0x30 [ 30.740460] kmem_cache_destroy+0x118/0x218 [ 30.740499] kmem_cache_double_destroy+0x128/0x300 [ 30.740538] kunit_try_run_case+0x170/0x3f0 [ 30.740578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.740622] kthread+0x328/0x630 [ 30.740654] ret_from_fork+0x10/0x20 [ 30.740689] [ 30.740710] The buggy address belongs to the object at fff00000c4412b40 [ 30.740710] which belongs to the cache kmem_cache of size 208 [ 30.740768] The buggy address is located 0 bytes inside of [ 30.740768] freed 208-byte region [fff00000c4412b40, fff00000c4412c10) [ 30.740830] [ 30.740852] The buggy address belongs to the physical page: [ 30.740885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104412 [ 30.740939] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.740992] page_type: f5(slab) [ 30.741034] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 30.741097] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 30.741138] page dumped because: kasan: bad access detected [ 30.741168] [ 30.741188] Memory state around the buggy address: [ 30.741220] fff00000c4412a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.741262] fff00000c4412a80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 30.741306] >fff00000c4412b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 30.741342] ^ [ 30.741378] fff00000c4412b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.741421] fff00000c4412c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.741460] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 30.600297] ================================================================== [ 30.600395] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 30.600475] Read of size 1 at addr fff00000c96a2000 by task kunit_try_catch/245 [ 30.600526] [ 30.600568] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 30.600657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.600683] Hardware name: linux,dummy-virt (DT) [ 30.600719] Call trace: [ 30.600744] show_stack+0x20/0x38 (C) [ 30.600798] dump_stack_lvl+0x8c/0xd0 [ 30.600850] print_report+0x118/0x5d0 [ 30.600894] kasan_report+0xdc/0x128 [ 30.600936] __asan_report_load1_noabort+0x20/0x30 [ 30.600985] kmem_cache_rcu_uaf+0x388/0x468 [ 30.601032] kunit_try_run_case+0x170/0x3f0 [ 30.601149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.601234] kthread+0x328/0x630 [ 30.601326] ret_from_fork+0x10/0x20 [ 30.601379] [ 30.601397] Allocated by task 245: [ 30.601454] kasan_save_stack+0x3c/0x68 [ 30.601498] kasan_save_track+0x20/0x40 [ 30.601536] kasan_save_alloc_info+0x40/0x58 [ 30.601572] __kasan_slab_alloc+0xa8/0xb0 [ 30.601610] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.601651] kmem_cache_rcu_uaf+0x12c/0x468 [ 30.601810] kunit_try_run_case+0x170/0x3f0 [ 30.601929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.602091] kthread+0x328/0x630 [ 30.602128] ret_from_fork+0x10/0x20 [ 30.602164] [ 30.602183] Freed by task 0: [ 30.602210] kasan_save_stack+0x3c/0x68 [ 30.602247] kasan_save_track+0x20/0x40 [ 30.602294] kasan_save_free_info+0x4c/0x78 [ 30.602332] __kasan_slab_free+0x6c/0x98 [ 30.602371] slab_free_after_rcu_debug+0xd4/0x2f8 [ 30.602411] rcu_core+0x9f4/0x1e20 [ 30.602450] rcu_core_si+0x18/0x30 [ 30.602483] handle_softirqs+0x374/0xb28 [ 30.602551] __do_softirq+0x1c/0x28 [ 30.602593] [ 30.602612] Last potentially related work creation: [ 30.602647] kasan_save_stack+0x3c/0x68 [ 30.602844] kasan_record_aux_stack+0xb4/0xc8 [ 30.602880] kmem_cache_free+0x120/0x468 [ 30.602924] kmem_cache_rcu_uaf+0x16c/0x468 [ 30.603541] kunit_try_run_case+0x170/0x3f0 [ 30.603603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.603649] kthread+0x328/0x630 [ 30.603751] ret_from_fork+0x10/0x20 [ 30.603833] [ 30.603852] The buggy address belongs to the object at fff00000c96a2000 [ 30.603852] which belongs to the cache test_cache of size 200 [ 30.603911] The buggy address is located 0 bytes inside of [ 30.603911] freed 200-byte region [fff00000c96a2000, fff00000c96a20c8) [ 30.603971] [ 30.604034] The buggy address belongs to the physical page: [ 30.604092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1096a2 [ 30.604301] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.604400] page_type: f5(slab) [ 30.604450] raw: 0bfffe0000000000 fff00000c4412a00 dead000000000122 0000000000000000 [ 30.604501] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.604543] page dumped because: kasan: bad access detected [ 30.604622] [ 30.604703] Memory state around the buggy address: [ 30.604838] fff00000c96a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.604911] fff00000c96a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.604984] >fff00000c96a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.605068] ^ [ 30.605101] fff00000c96a2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 30.605144] fff00000c96a2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.605236] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 30.005002] ================================================================== [ 30.005089] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 30.005157] Free of addr fff00000c96bd001 by task kunit_try_catch/243 [ 30.005200] [ 30.005238] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 30.005325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.005352] Hardware name: linux,dummy-virt (DT) [ 30.005411] Call trace: [ 30.005438] show_stack+0x20/0x38 (C) [ 30.005490] dump_stack_lvl+0x8c/0xd0 [ 30.005541] print_report+0x118/0x5d0 [ 30.005585] kasan_report_invalid_free+0xc0/0xe8 [ 30.005630] check_slab_allocation+0xfc/0x108 [ 30.005686] __kasan_slab_pre_free+0x2c/0x48 [ 30.005736] kmem_cache_free+0xf0/0x468 [ 30.005788] kmem_cache_invalid_free+0x184/0x3c8 [ 30.005848] kunit_try_run_case+0x170/0x3f0 [ 30.005909] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.005964] kthread+0x328/0x630 [ 30.006007] ret_from_fork+0x10/0x20 [ 30.006763] [ 30.006797] Allocated by task 243: [ 30.006834] kasan_save_stack+0x3c/0x68 [ 30.007180] kasan_save_track+0x20/0x40 [ 30.007241] kasan_save_alloc_info+0x40/0x58 [ 30.007408] __kasan_slab_alloc+0xa8/0xb0 [ 30.007455] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.007503] kmem_cache_invalid_free+0x12c/0x3c8 [ 30.007594] kunit_try_run_case+0x170/0x3f0 [ 30.007648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.007766] kthread+0x328/0x630 [ 30.007800] ret_from_fork+0x10/0x20 [ 30.007982] [ 30.008291] The buggy address belongs to the object at fff00000c96bd000 [ 30.008291] which belongs to the cache test_cache of size 200 [ 30.008486] The buggy address is located 1 bytes inside of [ 30.008486] 200-byte region [fff00000c96bd000, fff00000c96bd0c8) [ 30.008625] [ 30.008666] The buggy address belongs to the physical page: [ 30.008731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1096bd [ 30.008957] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.009173] page_type: f5(slab) [ 30.009257] raw: 0bfffe0000000000 fff00000c44128c0 dead000000000122 0000000000000000 [ 30.009444] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.009522] page dumped because: kasan: bad access detected [ 30.009864] [ 30.009922] Memory state around the buggy address: [ 30.010000] fff00000c96bcf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.010221] fff00000c96bcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.010492] >fff00000c96bd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.010772] ^ [ 30.010943] fff00000c96bd080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 30.011138] fff00000c96bd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.011231] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 29.971398] ================================================================== [ 29.971471] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 29.971545] Free of addr fff00000c96bd000 by task kunit_try_catch/241 [ 29.971588] [ 29.971680] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.971811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.971901] Hardware name: linux,dummy-virt (DT) [ 29.971937] Call trace: [ 29.971962] show_stack+0x20/0x38 (C) [ 29.972015] dump_stack_lvl+0x8c/0xd0 [ 29.972081] print_report+0x118/0x5d0 [ 29.972124] kasan_report_invalid_free+0xc0/0xe8 [ 29.972306] check_slab_allocation+0xd4/0x108 [ 29.972434] __kasan_slab_pre_free+0x2c/0x48 [ 29.972611] kmem_cache_free+0xf0/0x468 [ 29.972746] kmem_cache_double_free+0x190/0x3c8 [ 29.972806] kunit_try_run_case+0x170/0x3f0 [ 29.972860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.972915] kthread+0x328/0x630 [ 29.973124] ret_from_fork+0x10/0x20 [ 29.973252] [ 29.973397] Allocated by task 241: [ 29.973536] kasan_save_stack+0x3c/0x68 [ 29.973647] kasan_save_track+0x20/0x40 [ 29.973707] kasan_save_alloc_info+0x40/0x58 [ 29.973779] __kasan_slab_alloc+0xa8/0xb0 [ 29.974210] kmem_cache_alloc_noprof+0x10c/0x398 [ 29.974326] kmem_cache_double_free+0x12c/0x3c8 [ 29.974434] kunit_try_run_case+0x170/0x3f0 [ 29.974475] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.974517] kthread+0x328/0x630 [ 29.974568] ret_from_fork+0x10/0x20 [ 29.974614] [ 29.974634] Freed by task 241: [ 29.974660] kasan_save_stack+0x3c/0x68 [ 29.974699] kasan_save_track+0x20/0x40 [ 29.974744] kasan_save_free_info+0x4c/0x78 [ 29.974793] __kasan_slab_free+0x6c/0x98 [ 29.974838] kmem_cache_free+0x260/0x468 [ 29.974887] kmem_cache_double_free+0x140/0x3c8 [ 29.974932] kunit_try_run_case+0x170/0x3f0 [ 29.975005] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.975050] kthread+0x328/0x630 [ 29.975092] ret_from_fork+0x10/0x20 [ 29.975322] [ 29.975347] The buggy address belongs to the object at fff00000c96bd000 [ 29.975347] which belongs to the cache test_cache of size 200 [ 29.975423] The buggy address is located 0 bytes inside of [ 29.975423] 200-byte region [fff00000c96bd000, fff00000c96bd0c8) [ 29.975483] [ 29.975506] The buggy address belongs to the physical page: [ 29.975763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1096bd [ 29.975823] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.975877] page_type: f5(slab) [ 29.976031] raw: 0bfffe0000000000 fff00000c4412780 dead000000000122 0000000000000000 [ 29.976102] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 29.976210] page dumped because: kasan: bad access detected [ 29.976291] [ 29.976311] Memory state around the buggy address: [ 29.976380] fff00000c96bcf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.976464] fff00000c96bcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.976581] >fff00000c96bd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.976705] ^ [ 29.976797] fff00000c96bd080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 29.976880] fff00000c96bd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.976980] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 29.735261] ================================================================== [ 29.735319] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 29.735379] Read of size 1 at addr fff00000c96bd0c8 by task kunit_try_catch/239 [ 29.735430] [ 29.735463] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.735565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.735594] Hardware name: linux,dummy-virt (DT) [ 29.735626] Call trace: [ 29.735650] show_stack+0x20/0x38 (C) [ 29.735874] dump_stack_lvl+0x8c/0xd0 [ 29.735968] print_report+0x118/0x5d0 [ 29.736133] kasan_report+0xdc/0x128 [ 29.736260] __asan_report_load1_noabort+0x20/0x30 [ 29.736394] kmem_cache_oob+0x344/0x430 [ 29.736492] kunit_try_run_case+0x170/0x3f0 [ 29.736689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.736832] kthread+0x328/0x630 [ 29.736913] ret_from_fork+0x10/0x20 [ 29.736962] [ 29.736982] Allocated by task 239: [ 29.737010] kasan_save_stack+0x3c/0x68 [ 29.737222] kasan_save_track+0x20/0x40 [ 29.737268] kasan_save_alloc_info+0x40/0x58 [ 29.737327] __kasan_slab_alloc+0xa8/0xb0 [ 29.737366] kmem_cache_alloc_noprof+0x10c/0x398 [ 29.737409] kmem_cache_oob+0x12c/0x430 [ 29.737444] kunit_try_run_case+0x170/0x3f0 [ 29.737482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.737649] kthread+0x328/0x630 [ 29.737801] ret_from_fork+0x10/0x20 [ 29.737840] [ 29.737935] The buggy address belongs to the object at fff00000c96bd000 [ 29.737935] which belongs to the cache test_cache of size 200 [ 29.738089] The buggy address is located 0 bytes to the right of [ 29.738089] allocated 200-byte region [fff00000c96bd000, fff00000c96bd0c8) [ 29.738164] [ 29.738185] The buggy address belongs to the physical page: [ 29.738213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1096bd [ 29.738266] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.738549] page_type: f5(slab) [ 29.738623] raw: 0bfffe0000000000 fff00000c4412640 dead000000000122 0000000000000000 [ 29.738736] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 29.738852] page dumped because: kasan: bad access detected [ 29.738937] [ 29.739068] Memory state around the buggy address: [ 29.739112] fff00000c96bcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.739157] fff00000c96bd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.739214] >fff00000c96bd080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 29.739252] ^ [ 29.739288] fff00000c96bd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.739329] fff00000c96bd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.739366] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 29.711353] ================================================================== [ 29.711419] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 29.711710] Read of size 8 at addr fff00000c5999f00 by task kunit_try_catch/232 [ 29.712314] [ 29.712461] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.712648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.712698] Hardware name: linux,dummy-virt (DT) [ 29.712775] Call trace: [ 29.712800] show_stack+0x20/0x38 (C) [ 29.712875] dump_stack_lvl+0x8c/0xd0 [ 29.712925] print_report+0x118/0x5d0 [ 29.713286] kasan_report+0xdc/0x128 [ 29.713350] __asan_report_load8_noabort+0x20/0x30 [ 29.713618] workqueue_uaf+0x480/0x4a8 [ 29.713783] kunit_try_run_case+0x170/0x3f0 [ 29.713843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.713899] kthread+0x328/0x630 [ 29.713941] ret_from_fork+0x10/0x20 [ 29.713987] [ 29.714007] Allocated by task 232: [ 29.714036] kasan_save_stack+0x3c/0x68 [ 29.714093] kasan_save_track+0x20/0x40 [ 29.714138] kasan_save_alloc_info+0x40/0x58 [ 29.714183] __kasan_kmalloc+0xd4/0xd8 [ 29.714225] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.714270] workqueue_uaf+0x13c/0x4a8 [ 29.714308] kunit_try_run_case+0x170/0x3f0 [ 29.714347] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.714391] kthread+0x328/0x630 [ 29.714428] ret_from_fork+0x10/0x20 [ 29.714465] [ 29.714484] Freed by task 9: [ 29.714510] kasan_save_stack+0x3c/0x68 [ 29.714554] kasan_save_track+0x20/0x40 [ 29.714593] kasan_save_free_info+0x4c/0x78 [ 29.714630] __kasan_slab_free+0x6c/0x98 [ 29.714669] kfree+0x214/0x3c8 [ 29.714705] workqueue_uaf_work+0x18/0x30 [ 29.714742] process_one_work+0x530/0xf98 [ 29.714780] worker_thread+0x618/0xf38 [ 29.714821] kthread+0x328/0x630 [ 29.714871] ret_from_fork+0x10/0x20 [ 29.714910] [ 29.714944] Last potentially related work creation: [ 29.714982] kasan_save_stack+0x3c/0x68 [ 29.715030] kasan_record_aux_stack+0xb4/0xc8 [ 29.715410] __queue_work+0x65c/0xfe0 [ 29.715457] queue_work_on+0xbc/0xf8 [ 29.715836] workqueue_uaf+0x210/0x4a8 [ 29.715963] kunit_try_run_case+0x170/0x3f0 [ 29.716031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.716088] kthread+0x328/0x630 [ 29.716144] ret_from_fork+0x10/0x20 [ 29.716179] [ 29.716201] The buggy address belongs to the object at fff00000c5999f00 [ 29.716201] which belongs to the cache kmalloc-32 of size 32 [ 29.716293] The buggy address is located 0 bytes inside of [ 29.716293] freed 32-byte region [fff00000c5999f00, fff00000c5999f20) [ 29.716355] [ 29.716533] The buggy address belongs to the physical page: [ 29.716618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105999 [ 29.716709] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.716823] page_type: f5(slab) [ 29.716889] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.716959] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.716999] page dumped because: kasan: bad access detected [ 29.717233] [ 29.717387] Memory state around the buggy address: [ 29.717533] fff00000c5999e00: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.717599] fff00000c5999e80: 00 00 00 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 29.717662] >fff00000c5999f00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.718176] ^ [ 29.718290] fff00000c5999f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.718335] fff00000c599a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.718517] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 29.696142] ================================================================== [ 29.696270] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 29.696342] Read of size 4 at addr fff00000c5999d00 by task swapper/0/0 [ 29.696389] [ 29.696429] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.696515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.696543] Hardware name: linux,dummy-virt (DT) [ 29.696574] Call trace: [ 29.696599] show_stack+0x20/0x38 (C) [ 29.696649] dump_stack_lvl+0x8c/0xd0 [ 29.696698] print_report+0x118/0x5d0 [ 29.696742] kasan_report+0xdc/0x128 [ 29.696783] __asan_report_load4_noabort+0x20/0x30 [ 29.696832] rcu_uaf_reclaim+0x64/0x70 [ 29.696875] rcu_core+0x9f4/0x1e20 [ 29.696922] rcu_core_si+0x18/0x30 [ 29.696965] handle_softirqs+0x374/0xb28 [ 29.697013] __do_softirq+0x1c/0x28 [ 29.697066] ____do_softirq+0x18/0x30 [ 29.697113] call_on_irq_stack+0x24/0x30 [ 29.697158] do_softirq_own_stack+0x24/0x38 [ 29.697203] __irq_exit_rcu+0x1fc/0x318 [ 29.697248] irq_exit_rcu+0x1c/0x80 [ 29.697290] el1_interrupt+0x38/0x58 [ 29.697334] el1h_64_irq_handler+0x18/0x28 [ 29.697379] el1h_64_irq+0x6c/0x70 [ 29.697484] arch_local_irq_enable+0x4/0x8 (P) [ 29.697535] do_idle+0x384/0x4e8 [ 29.697580] cpu_startup_entry+0x68/0x80 [ 29.697626] rest_init+0x160/0x188 [ 29.697668] start_kernel+0x30c/0x3d0 [ 29.697718] __primary_switched+0x8c/0xa0 [ 29.697770] [ 29.697789] Allocated by task 230: [ 29.697820] kasan_save_stack+0x3c/0x68 [ 29.697861] kasan_save_track+0x20/0x40 [ 29.697901] kasan_save_alloc_info+0x40/0x58 [ 29.697937] __kasan_kmalloc+0xd4/0xd8 [ 29.697975] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.698016] rcu_uaf+0xb0/0x2d8 [ 29.698051] kunit_try_run_case+0x170/0x3f0 [ 29.698177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.698224] kthread+0x328/0x630 [ 29.698258] ret_from_fork+0x10/0x20 [ 29.698292] [ 29.698310] Freed by task 0: [ 29.698336] kasan_save_stack+0x3c/0x68 [ 29.698373] kasan_save_track+0x20/0x40 [ 29.698442] kasan_save_free_info+0x4c/0x78 [ 29.698478] __kasan_slab_free+0x6c/0x98 [ 29.698517] kfree+0x214/0x3c8 [ 29.698550] rcu_uaf_reclaim+0x28/0x70 [ 29.698585] rcu_core+0x9f4/0x1e20 [ 29.698619] rcu_core_si+0x18/0x30 [ 29.698693] handle_softirqs+0x374/0xb28 [ 29.698730] __do_softirq+0x1c/0x28 [ 29.698765] [ 29.698792] Last potentially related work creation: [ 29.698827] kasan_save_stack+0x3c/0x68 [ 29.698938] kasan_record_aux_stack+0xb4/0xc8 [ 29.699035] __call_rcu_common.constprop.0+0x74/0x8c8 [ 29.699089] call_rcu+0x18/0x30 [ 29.699159] rcu_uaf+0x14c/0x2d8 [ 29.699194] kunit_try_run_case+0x170/0x3f0 [ 29.699245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.699291] kthread+0x328/0x630 [ 29.699325] ret_from_fork+0x10/0x20 [ 29.699376] [ 29.699410] The buggy address belongs to the object at fff00000c5999d00 [ 29.699410] which belongs to the cache kmalloc-32 of size 32 [ 29.699472] The buggy address is located 0 bytes inside of [ 29.699472] freed 32-byte region [fff00000c5999d00, fff00000c5999d20) [ 29.699533] [ 29.699562] The buggy address belongs to the physical page: [ 29.699605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105999 [ 29.699660] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.699711] page_type: f5(slab) [ 29.699752] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.699802] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.699843] page dumped because: kasan: bad access detected [ 29.699874] [ 29.699891] Memory state around the buggy address: [ 29.699925] fff00000c5999c00: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 29.699977] fff00000c5999c80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 29.700019] >fff00000c5999d00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 29.700068] ^ [ 29.700095] fff00000c5999d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.700135] fff00000c5999e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.700196] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 29.560360] ================================================================== [ 29.560414] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 29.560569] Read of size 1 at addr fff00000c5998278 by task kunit_try_catch/228 [ 29.560624] [ 29.560655] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.560741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.560936] Hardware name: linux,dummy-virt (DT) [ 29.561225] Call trace: [ 29.561301] show_stack+0x20/0x38 (C) [ 29.561361] dump_stack_lvl+0x8c/0xd0 [ 29.561542] print_report+0x118/0x5d0 [ 29.561680] kasan_report+0xdc/0x128 [ 29.561740] __asan_report_load1_noabort+0x20/0x30 [ 29.562135] ksize_uaf+0x544/0x5f8 [ 29.562206] kunit_try_run_case+0x170/0x3f0 [ 29.562259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.562311] kthread+0x328/0x630 [ 29.562355] ret_from_fork+0x10/0x20 [ 29.562401] [ 29.562709] Allocated by task 228: [ 29.562833] kasan_save_stack+0x3c/0x68 [ 29.562947] kasan_save_track+0x20/0x40 [ 29.563079] kasan_save_alloc_info+0x40/0x58 [ 29.563121] __kasan_kmalloc+0xd4/0xd8 [ 29.563403] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.563466] ksize_uaf+0xb8/0x5f8 [ 29.563578] kunit_try_run_case+0x170/0x3f0 [ 29.563654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.563830] kthread+0x328/0x630 [ 29.563901] ret_from_fork+0x10/0x20 [ 29.564117] [ 29.564142] Freed by task 228: [ 29.564175] kasan_save_stack+0x3c/0x68 [ 29.564382] kasan_save_track+0x20/0x40 [ 29.564545] kasan_save_free_info+0x4c/0x78 [ 29.564664] __kasan_slab_free+0x6c/0x98 [ 29.564842] kfree+0x214/0x3c8 [ 29.564939] ksize_uaf+0x11c/0x5f8 [ 29.565245] kunit_try_run_case+0x170/0x3f0 [ 29.565466] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.565690] kthread+0x328/0x630 [ 29.565765] ret_from_fork+0x10/0x20 [ 29.565871] [ 29.565901] The buggy address belongs to the object at fff00000c5998200 [ 29.565901] which belongs to the cache kmalloc-128 of size 128 [ 29.566105] The buggy address is located 120 bytes inside of [ 29.566105] freed 128-byte region [fff00000c5998200, fff00000c5998280) [ 29.566174] [ 29.566305] The buggy address belongs to the physical page: [ 29.566429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.566513] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.566571] page_type: f5(slab) [ 29.566611] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.566663] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.566712] page dumped because: kasan: bad access detected [ 29.566744] [ 29.566774] Memory state around the buggy address: [ 29.566824] fff00000c5998100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.566886] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.566930] >fff00000c5998200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.566968] ^ [ 29.567009] fff00000c5998280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.567091] fff00000c5998300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.567166] ================================================================== [ 29.541256] ================================================================== [ 29.541319] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 29.541372] Read of size 1 at addr fff00000c5998200 by task kunit_try_catch/228 [ 29.541861] [ 29.541924] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.542027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.542066] Hardware name: linux,dummy-virt (DT) [ 29.542097] Call trace: [ 29.542120] show_stack+0x20/0x38 (C) [ 29.542183] dump_stack_lvl+0x8c/0xd0 [ 29.542233] print_report+0x118/0x5d0 [ 29.542277] kasan_report+0xdc/0x128 [ 29.542320] __kasan_check_byte+0x54/0x70 [ 29.542375] ksize+0x30/0x88 [ 29.542419] ksize_uaf+0x168/0x5f8 [ 29.542473] kunit_try_run_case+0x170/0x3f0 [ 29.542523] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.542578] kthread+0x328/0x630 [ 29.542621] ret_from_fork+0x10/0x20 [ 29.542677] [ 29.542696] Allocated by task 228: [ 29.542725] kasan_save_stack+0x3c/0x68 [ 29.542765] kasan_save_track+0x20/0x40 [ 29.542804] kasan_save_alloc_info+0x40/0x58 [ 29.542842] __kasan_kmalloc+0xd4/0xd8 [ 29.542880] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.542920] ksize_uaf+0xb8/0x5f8 [ 29.542954] kunit_try_run_case+0x170/0x3f0 [ 29.543002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.543820] kthread+0x328/0x630 [ 29.544036] ret_from_fork+0x10/0x20 [ 29.544189] [ 29.544212] Freed by task 228: [ 29.544242] kasan_save_stack+0x3c/0x68 [ 29.544282] kasan_save_track+0x20/0x40 [ 29.544320] kasan_save_free_info+0x4c/0x78 [ 29.544358] __kasan_slab_free+0x6c/0x98 [ 29.544739] kfree+0x214/0x3c8 [ 29.544817] ksize_uaf+0x11c/0x5f8 [ 29.545181] kunit_try_run_case+0x170/0x3f0 [ 29.545307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.545382] kthread+0x328/0x630 [ 29.545605] ret_from_fork+0x10/0x20 [ 29.545892] [ 29.545951] The buggy address belongs to the object at fff00000c5998200 [ 29.545951] which belongs to the cache kmalloc-128 of size 128 [ 29.546081] The buggy address is located 0 bytes inside of [ 29.546081] freed 128-byte region [fff00000c5998200, fff00000c5998280) [ 29.546169] [ 29.546387] The buggy address belongs to the physical page: [ 29.546510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.546668] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.547309] page_type: f5(slab) [ 29.547419] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.547656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.547731] page dumped because: kasan: bad access detected [ 29.547905] [ 29.547985] Memory state around the buggy address: [ 29.548148] fff00000c5998100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.548234] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.548700] >fff00000c5998200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.548791] ^ [ 29.548823] fff00000c5998280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.549105] fff00000c5998300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.549271] ================================================================== [ 29.551174] ================================================================== [ 29.551236] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 29.551427] Read of size 1 at addr fff00000c5998200 by task kunit_try_catch/228 [ 29.551490] [ 29.551523] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.552004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.552067] Hardware name: linux,dummy-virt (DT) [ 29.552159] Call trace: [ 29.552229] show_stack+0x20/0x38 (C) [ 29.552434] dump_stack_lvl+0x8c/0xd0 [ 29.552547] print_report+0x118/0x5d0 [ 29.552601] kasan_report+0xdc/0x128 [ 29.552770] __asan_report_load1_noabort+0x20/0x30 [ 29.552830] ksize_uaf+0x598/0x5f8 [ 29.552876] kunit_try_run_case+0x170/0x3f0 [ 29.552926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.553237] kthread+0x328/0x630 [ 29.553322] ret_from_fork+0x10/0x20 [ 29.553501] [ 29.553581] Allocated by task 228: [ 29.553683] kasan_save_stack+0x3c/0x68 [ 29.553740] kasan_save_track+0x20/0x40 [ 29.553847] kasan_save_alloc_info+0x40/0x58 [ 29.553886] __kasan_kmalloc+0xd4/0xd8 [ 29.554277] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.554457] ksize_uaf+0xb8/0x5f8 [ 29.554542] kunit_try_run_case+0x170/0x3f0 [ 29.554665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.554724] kthread+0x328/0x630 [ 29.554964] ret_from_fork+0x10/0x20 [ 29.555155] [ 29.555209] Freed by task 228: [ 29.555379] kasan_save_stack+0x3c/0x68 [ 29.555779] kasan_save_track+0x20/0x40 [ 29.555854] kasan_save_free_info+0x4c/0x78 [ 29.556025] __kasan_slab_free+0x6c/0x98 [ 29.556259] kfree+0x214/0x3c8 [ 29.556299] ksize_uaf+0x11c/0x5f8 [ 29.556457] kunit_try_run_case+0x170/0x3f0 [ 29.556564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.556734] kthread+0x328/0x630 [ 29.556821] ret_from_fork+0x10/0x20 [ 29.556985] [ 29.557129] The buggy address belongs to the object at fff00000c5998200 [ 29.557129] which belongs to the cache kmalloc-128 of size 128 [ 29.557211] The buggy address is located 0 bytes inside of [ 29.557211] freed 128-byte region [fff00000c5998200, fff00000c5998280) [ 29.557273] [ 29.557294] The buggy address belongs to the physical page: [ 29.557543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.557757] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.557910] page_type: f5(slab) [ 29.558093] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.558181] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.558443] page dumped because: kasan: bad access detected [ 29.558592] [ 29.558636] Memory state around the buggy address: [ 29.558712] fff00000c5998100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.558760] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.558803] >fff00000c5998200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.558850] ^ [ 29.558879] fff00000c5998280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.558938] fff00000c5998300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.558985] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 29.501230] ================================================================== [ 29.501486] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 29.501556] Read of size 1 at addr fff00000c5998173 by task kunit_try_catch/226 [ 29.501799] [ 29.502003] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.502122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.502150] Hardware name: linux,dummy-virt (DT) [ 29.502464] Call trace: [ 29.502508] show_stack+0x20/0x38 (C) [ 29.502793] dump_stack_lvl+0x8c/0xd0 [ 29.502933] print_report+0x118/0x5d0 [ 29.502987] kasan_report+0xdc/0x128 [ 29.503032] __asan_report_load1_noabort+0x20/0x30 [ 29.503431] ksize_unpoisons_memory+0x628/0x740 [ 29.503622] kunit_try_run_case+0x170/0x3f0 [ 29.503914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.504210] kthread+0x328/0x630 [ 29.504327] ret_from_fork+0x10/0x20 [ 29.504682] [ 29.504972] Allocated by task 226: [ 29.505021] kasan_save_stack+0x3c/0x68 [ 29.505496] kasan_save_track+0x20/0x40 [ 29.505580] kasan_save_alloc_info+0x40/0x58 [ 29.506050] __kasan_kmalloc+0xd4/0xd8 [ 29.506232] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.506622] ksize_unpoisons_memory+0xc0/0x740 [ 29.507133] kunit_try_run_case+0x170/0x3f0 [ 29.507279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.507698] kthread+0x328/0x630 [ 29.507929] ret_from_fork+0x10/0x20 [ 29.507979] [ 29.508000] The buggy address belongs to the object at fff00000c5998100 [ 29.508000] which belongs to the cache kmalloc-128 of size 128 [ 29.508077] The buggy address is located 0 bytes to the right of [ 29.508077] allocated 115-byte region [fff00000c5998100, fff00000c5998173) [ 29.508366] [ 29.508477] The buggy address belongs to the physical page: [ 29.508546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.508717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.508794] page_type: f5(slab) [ 29.509073] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.509264] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.509330] page dumped because: kasan: bad access detected [ 29.509655] [ 29.509730] Memory state around the buggy address: [ 29.509893] fff00000c5998000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.510208] fff00000c5998080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.510261] >fff00000c5998100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.510524] ^ [ 29.510639] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.510690] fff00000c5998200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.510744] ================================================================== [ 29.522889] ================================================================== [ 29.523098] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 29.523299] Read of size 1 at addr fff00000c599817f by task kunit_try_catch/226 [ 29.523363] [ 29.523397] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.523482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.523509] Hardware name: linux,dummy-virt (DT) [ 29.523540] Call trace: [ 29.523561] show_stack+0x20/0x38 (C) [ 29.523612] dump_stack_lvl+0x8c/0xd0 [ 29.524187] print_report+0x118/0x5d0 [ 29.524240] kasan_report+0xdc/0x128 [ 29.524285] __asan_report_load1_noabort+0x20/0x30 [ 29.524623] ksize_unpoisons_memory+0x690/0x740 [ 29.524808] kunit_try_run_case+0x170/0x3f0 [ 29.524962] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.525144] kthread+0x328/0x630 [ 29.525191] ret_from_fork+0x10/0x20 [ 29.525423] [ 29.525598] Allocated by task 226: [ 29.525714] kasan_save_stack+0x3c/0x68 [ 29.525821] kasan_save_track+0x20/0x40 [ 29.525900] kasan_save_alloc_info+0x40/0x58 [ 29.526168] __kasan_kmalloc+0xd4/0xd8 [ 29.526333] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.526439] ksize_unpoisons_memory+0xc0/0x740 [ 29.526568] kunit_try_run_case+0x170/0x3f0 [ 29.526722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.526827] kthread+0x328/0x630 [ 29.526937] ret_from_fork+0x10/0x20 [ 29.527026] [ 29.527251] The buggy address belongs to the object at fff00000c5998100 [ 29.527251] which belongs to the cache kmalloc-128 of size 128 [ 29.527426] The buggy address is located 12 bytes to the right of [ 29.527426] allocated 115-byte region [fff00000c5998100, fff00000c5998173) [ 29.527544] [ 29.527586] The buggy address belongs to the physical page: [ 29.527751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.527808] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.527856] page_type: f5(slab) [ 29.527904] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.527954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.528278] page dumped because: kasan: bad access detected [ 29.528350] [ 29.528433] Memory state around the buggy address: [ 29.528477] fff00000c5998000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.528543] fff00000c5998080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.528587] >fff00000c5998100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.528635] ^ [ 29.528677] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.528729] fff00000c5998200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.528766] ================================================================== [ 29.513990] ================================================================== [ 29.514214] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 29.514277] Read of size 1 at addr fff00000c5998178 by task kunit_try_catch/226 [ 29.514556] [ 29.514621] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.514846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.514879] Hardware name: linux,dummy-virt (DT) [ 29.514917] Call trace: [ 29.514939] show_stack+0x20/0x38 (C) [ 29.515267] dump_stack_lvl+0x8c/0xd0 [ 29.515437] print_report+0x118/0x5d0 [ 29.515532] kasan_report+0xdc/0x128 [ 29.515642] __asan_report_load1_noabort+0x20/0x30 [ 29.515743] ksize_unpoisons_memory+0x618/0x740 [ 29.515816] kunit_try_run_case+0x170/0x3f0 [ 29.516019] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.516273] kthread+0x328/0x630 [ 29.516349] ret_from_fork+0x10/0x20 [ 29.516527] [ 29.516606] Allocated by task 226: [ 29.516737] kasan_save_stack+0x3c/0x68 [ 29.516826] kasan_save_track+0x20/0x40 [ 29.516900] kasan_save_alloc_info+0x40/0x58 [ 29.516938] __kasan_kmalloc+0xd4/0xd8 [ 29.517121] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.517320] ksize_unpoisons_memory+0xc0/0x740 [ 29.517513] kunit_try_run_case+0x170/0x3f0 [ 29.517756] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.517829] kthread+0x328/0x630 [ 29.517987] ret_from_fork+0x10/0x20 [ 29.518109] [ 29.518200] The buggy address belongs to the object at fff00000c5998100 [ 29.518200] which belongs to the cache kmalloc-128 of size 128 [ 29.518279] The buggy address is located 5 bytes to the right of [ 29.518279] allocated 115-byte region [fff00000c5998100, fff00000c5998173) [ 29.518495] [ 29.518673] The buggy address belongs to the physical page: [ 29.518849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.518988] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.519129] page_type: f5(slab) [ 29.519223] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.519518] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.519667] page dumped because: kasan: bad access detected [ 29.519704] [ 29.519722] Memory state around the buggy address: [ 29.519754] fff00000c5998000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.519861] fff00000c5998080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.519916] >fff00000c5998100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.519955] ^ [ 29.520329] fff00000c5998180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.520462] fff00000c5998200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.520622] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 29.484779] ================================================================== [ 29.484924] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 29.484978] Free of addr fff00000c592c920 by task kunit_try_catch/224 [ 29.485021] [ 29.485124] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.485211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.485291] Hardware name: linux,dummy-virt (DT) [ 29.485352] Call trace: [ 29.485375] show_stack+0x20/0x38 (C) [ 29.485604] dump_stack_lvl+0x8c/0xd0 [ 29.485658] print_report+0x118/0x5d0 [ 29.485763] kasan_report_invalid_free+0xc0/0xe8 [ 29.485816] check_slab_allocation+0xd4/0x108 [ 29.485878] __kasan_slab_pre_free+0x2c/0x48 [ 29.486138] kfree+0xe8/0x3c8 [ 29.486298] kfree_sensitive+0x3c/0xb0 [ 29.486350] kmalloc_double_kzfree+0x168/0x308 [ 29.486470] kunit_try_run_case+0x170/0x3f0 [ 29.486522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.486576] kthread+0x328/0x630 [ 29.486618] ret_from_fork+0x10/0x20 [ 29.486785] [ 29.486805] Allocated by task 224: [ 29.486868] kasan_save_stack+0x3c/0x68 [ 29.486927] kasan_save_track+0x20/0x40 [ 29.486973] kasan_save_alloc_info+0x40/0x58 [ 29.487011] __kasan_kmalloc+0xd4/0xd8 [ 29.487066] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.487289] kmalloc_double_kzfree+0xb8/0x308 [ 29.487514] kunit_try_run_case+0x170/0x3f0 [ 29.487557] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.487602] kthread+0x328/0x630 [ 29.487640] ret_from_fork+0x10/0x20 [ 29.487679] [ 29.487698] Freed by task 224: [ 29.487726] kasan_save_stack+0x3c/0x68 [ 29.488091] kasan_save_track+0x20/0x40 [ 29.488238] kasan_save_free_info+0x4c/0x78 [ 29.488418] __kasan_slab_free+0x6c/0x98 [ 29.488553] kfree+0x214/0x3c8 [ 29.488678] kfree_sensitive+0x80/0xb0 [ 29.488824] kmalloc_double_kzfree+0x11c/0x308 [ 29.489029] kunit_try_run_case+0x170/0x3f0 [ 29.489095] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.489140] kthread+0x328/0x630 [ 29.489173] ret_from_fork+0x10/0x20 [ 29.489209] [ 29.489389] The buggy address belongs to the object at fff00000c592c920 [ 29.489389] which belongs to the cache kmalloc-16 of size 16 [ 29.489497] The buggy address is located 0 bytes inside of [ 29.489497] 16-byte region [fff00000c592c920, fff00000c592c930) [ 29.489656] [ 29.489764] The buggy address belongs to the physical page: [ 29.489899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.490065] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.490191] page_type: f5(slab) [ 29.490239] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.490321] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.490393] page dumped because: kasan: bad access detected [ 29.490425] [ 29.490444] Memory state around the buggy address: [ 29.490475] fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.490520] fff00000c592c880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.490562] >fff00000c592c900: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.490771] ^ [ 29.490850] fff00000c592c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.490957] fff00000c592ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.491047] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 29.477967] ================================================================== [ 29.478044] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 29.478115] Read of size 1 at addr fff00000c592c920 by task kunit_try_catch/224 [ 29.478166] [ 29.478195] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.478295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.478322] Hardware name: linux,dummy-virt (DT) [ 29.478579] Call trace: [ 29.478612] show_stack+0x20/0x38 (C) [ 29.478666] dump_stack_lvl+0x8c/0xd0 [ 29.478713] print_report+0x118/0x5d0 [ 29.478867] kasan_report+0xdc/0x128 [ 29.478937] __kasan_check_byte+0x54/0x70 [ 29.479037] kfree_sensitive+0x30/0xb0 [ 29.479110] kmalloc_double_kzfree+0x168/0x308 [ 29.479165] kunit_try_run_case+0x170/0x3f0 [ 29.479251] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.479306] kthread+0x328/0x630 [ 29.479373] ret_from_fork+0x10/0x20 [ 29.479448] [ 29.479468] Allocated by task 224: [ 29.479513] kasan_save_stack+0x3c/0x68 [ 29.479555] kasan_save_track+0x20/0x40 [ 29.479613] kasan_save_alloc_info+0x40/0x58 [ 29.479657] __kasan_kmalloc+0xd4/0xd8 [ 29.479729] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.479818] kmalloc_double_kzfree+0xb8/0x308 [ 29.479950] kunit_try_run_case+0x170/0x3f0 [ 29.479991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.480208] kthread+0x328/0x630 [ 29.480243] ret_from_fork+0x10/0x20 [ 29.480485] [ 29.480605] Freed by task 224: [ 29.480695] kasan_save_stack+0x3c/0x68 [ 29.480830] kasan_save_track+0x20/0x40 [ 29.481005] kasan_save_free_info+0x4c/0x78 [ 29.481072] __kasan_slab_free+0x6c/0x98 [ 29.481138] kfree+0x214/0x3c8 [ 29.481220] kfree_sensitive+0x80/0xb0 [ 29.481257] kmalloc_double_kzfree+0x11c/0x308 [ 29.481296] kunit_try_run_case+0x170/0x3f0 [ 29.481336] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.481382] kthread+0x328/0x630 [ 29.481621] ret_from_fork+0x10/0x20 [ 29.481666] [ 29.481688] The buggy address belongs to the object at fff00000c592c920 [ 29.481688] which belongs to the cache kmalloc-16 of size 16 [ 29.481958] The buggy address is located 0 bytes inside of [ 29.481958] freed 16-byte region [fff00000c592c920, fff00000c592c930) [ 29.482088] [ 29.482238] The buggy address belongs to the physical page: [ 29.482321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.482480] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.482555] page_type: f5(slab) [ 29.482593] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.482644] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.482906] page dumped because: kasan: bad access detected [ 29.482993] [ 29.483152] Memory state around the buggy address: [ 29.483298] fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.483413] fff00000c592c880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.483457] >fff00000c592c900: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 29.483638] ^ [ 29.483800] fff00000c592c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.483881] fff00000c592ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.483919] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 29.464095] ================================================================== [ 29.464202] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 29.464304] Read of size 1 at addr fff00000c598ce28 by task kunit_try_catch/220 [ 29.464355] [ 29.464423] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.464509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.464717] Hardware name: linux,dummy-virt (DT) [ 29.464761] Call trace: [ 29.464803] show_stack+0x20/0x38 (C) [ 29.464894] dump_stack_lvl+0x8c/0xd0 [ 29.464948] print_report+0x118/0x5d0 [ 29.465013] kasan_report+0xdc/0x128 [ 29.465089] __asan_report_load1_noabort+0x20/0x30 [ 29.465139] kmalloc_uaf2+0x3f4/0x468 [ 29.465184] kunit_try_run_case+0x170/0x3f0 [ 29.465236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.465292] kthread+0x328/0x630 [ 29.465334] ret_from_fork+0x10/0x20 [ 29.465382] [ 29.465400] Allocated by task 220: [ 29.465429] kasan_save_stack+0x3c/0x68 [ 29.465469] kasan_save_track+0x20/0x40 [ 29.465508] kasan_save_alloc_info+0x40/0x58 [ 29.465544] __kasan_kmalloc+0xd4/0xd8 [ 29.465581] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.465767] kmalloc_uaf2+0xc4/0x468 [ 29.465850] kunit_try_run_case+0x170/0x3f0 [ 29.465891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.465962] kthread+0x328/0x630 [ 29.466011] ret_from_fork+0x10/0x20 [ 29.466101] [ 29.466159] Freed by task 220: [ 29.466226] kasan_save_stack+0x3c/0x68 [ 29.466265] kasan_save_track+0x20/0x40 [ 29.466329] kasan_save_free_info+0x4c/0x78 [ 29.466395] __kasan_slab_free+0x6c/0x98 [ 29.466488] kfree+0x214/0x3c8 [ 29.466522] kmalloc_uaf2+0x134/0x468 [ 29.466588] kunit_try_run_case+0x170/0x3f0 [ 29.466806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.466919] kthread+0x328/0x630 [ 29.466955] ret_from_fork+0x10/0x20 [ 29.467046] [ 29.467097] The buggy address belongs to the object at fff00000c598ce00 [ 29.467097] which belongs to the cache kmalloc-64 of size 64 [ 29.467162] The buggy address is located 40 bytes inside of [ 29.467162] freed 64-byte region [fff00000c598ce00, fff00000c598ce40) [ 29.467223] [ 29.467282] The buggy address belongs to the physical page: [ 29.467340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598c [ 29.467394] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.467468] page_type: f5(slab) [ 29.467556] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.467607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.467648] page dumped because: kasan: bad access detected [ 29.467679] [ 29.467696] Memory state around the buggy address: [ 29.467766] fff00000c598cd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.467948] fff00000c598cd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.468093] >fff00000c598ce00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.468133] ^ [ 29.468197] fff00000c598ce80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 29.468240] fff00000c598cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.468277] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 29.453290] ================================================================== [ 29.453405] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 29.453459] Write of size 33 at addr fff00000c598cc80 by task kunit_try_catch/218 [ 29.453548] [ 29.453623] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.453793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.453822] Hardware name: linux,dummy-virt (DT) [ 29.453852] Call trace: [ 29.453875] show_stack+0x20/0x38 (C) [ 29.453923] dump_stack_lvl+0x8c/0xd0 [ 29.454092] print_report+0x118/0x5d0 [ 29.454275] kasan_report+0xdc/0x128 [ 29.454395] kasan_check_range+0x100/0x1a8 [ 29.454442] __asan_memset+0x34/0x78 [ 29.454487] kmalloc_uaf_memset+0x170/0x310 [ 29.454681] kunit_try_run_case+0x170/0x3f0 [ 29.454736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.454920] kthread+0x328/0x630 [ 29.454998] ret_from_fork+0x10/0x20 [ 29.455066] [ 29.455087] Allocated by task 218: [ 29.455116] kasan_save_stack+0x3c/0x68 [ 29.455308] kasan_save_track+0x20/0x40 [ 29.455358] kasan_save_alloc_info+0x40/0x58 [ 29.455435] __kasan_kmalloc+0xd4/0xd8 [ 29.455472] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.455586] kmalloc_uaf_memset+0xb8/0x310 [ 29.455763] kunit_try_run_case+0x170/0x3f0 [ 29.455899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.455980] kthread+0x328/0x630 [ 29.456091] ret_from_fork+0x10/0x20 [ 29.456138] [ 29.456158] Freed by task 218: [ 29.456185] kasan_save_stack+0x3c/0x68 [ 29.456233] kasan_save_track+0x20/0x40 [ 29.456272] kasan_save_free_info+0x4c/0x78 [ 29.456307] __kasan_slab_free+0x6c/0x98 [ 29.456344] kfree+0x214/0x3c8 [ 29.456379] kmalloc_uaf_memset+0x11c/0x310 [ 29.456416] kunit_try_run_case+0x170/0x3f0 [ 29.456455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.456497] kthread+0x328/0x630 [ 29.456530] ret_from_fork+0x10/0x20 [ 29.456564] [ 29.456584] The buggy address belongs to the object at fff00000c598cc80 [ 29.456584] which belongs to the cache kmalloc-64 of size 64 [ 29.456829] The buggy address is located 0 bytes inside of [ 29.456829] freed 64-byte region [fff00000c598cc80, fff00000c598ccc0) [ 29.456935] [ 29.456985] The buggy address belongs to the physical page: [ 29.457064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598c [ 29.457140] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.457242] page_type: f5(slab) [ 29.457282] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.457606] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.457724] page dumped because: kasan: bad access detected [ 29.457859] [ 29.457949] Memory state around the buggy address: [ 29.457981] fff00000c598cb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.458247] fff00000c598cc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.458424] >fff00000c598cc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.458581] ^ [ 29.458679] fff00000c598cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.458741] fff00000c598cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.458948] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 29.441994] ================================================================== [ 29.442111] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 29.442187] Read of size 1 at addr fff00000c592c908 by task kunit_try_catch/216 [ 29.442273] [ 29.442318] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.442405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.442432] Hardware name: linux,dummy-virt (DT) [ 29.442463] Call trace: [ 29.442484] show_stack+0x20/0x38 (C) [ 29.442681] dump_stack_lvl+0x8c/0xd0 [ 29.442768] print_report+0x118/0x5d0 [ 29.442812] kasan_report+0xdc/0x128 [ 29.442860] __asan_report_load1_noabort+0x20/0x30 [ 29.442934] kmalloc_uaf+0x300/0x338 [ 29.442979] kunit_try_run_case+0x170/0x3f0 [ 29.443132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.443226] kthread+0x328/0x630 [ 29.443275] ret_from_fork+0x10/0x20 [ 29.443329] [ 29.443388] Allocated by task 216: [ 29.443416] kasan_save_stack+0x3c/0x68 [ 29.443458] kasan_save_track+0x20/0x40 [ 29.443495] kasan_save_alloc_info+0x40/0x58 [ 29.443533] __kasan_kmalloc+0xd4/0xd8 [ 29.443571] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.443610] kmalloc_uaf+0xb8/0x338 [ 29.443646] kunit_try_run_case+0x170/0x3f0 [ 29.443860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.443918] kthread+0x328/0x630 [ 29.443964] ret_from_fork+0x10/0x20 [ 29.444006] [ 29.444024] Freed by task 216: [ 29.444061] kasan_save_stack+0x3c/0x68 [ 29.444232] kasan_save_track+0x20/0x40 [ 29.444273] kasan_save_free_info+0x4c/0x78 [ 29.444364] __kasan_slab_free+0x6c/0x98 [ 29.444506] kfree+0x214/0x3c8 [ 29.444585] kmalloc_uaf+0x11c/0x338 [ 29.444693] kunit_try_run_case+0x170/0x3f0 [ 29.444776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.444871] kthread+0x328/0x630 [ 29.444928] ret_from_fork+0x10/0x20 [ 29.445019] [ 29.445141] The buggy address belongs to the object at fff00000c592c900 [ 29.445141] which belongs to the cache kmalloc-16 of size 16 [ 29.445258] The buggy address is located 8 bytes inside of [ 29.445258] freed 16-byte region [fff00000c592c900, fff00000c592c910) [ 29.445354] [ 29.445415] The buggy address belongs to the physical page: [ 29.445462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.445569] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.445638] page_type: f5(slab) [ 29.445713] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.445764] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.445804] page dumped because: kasan: bad access detected [ 29.446022] [ 29.446134] Memory state around the buggy address: [ 29.446223] fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.446338] fff00000c592c880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.446461] >fff00000c592c900: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.446498] ^ [ 29.446727] fff00000c592c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.446874] fff00000c592ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.446963] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 29.431253] ================================================================== [ 29.431545] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.431624] Read of size 64 at addr fff00000c598c984 by task kunit_try_catch/214 [ 29.431763] [ 29.431831] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.432022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.432146] Hardware name: linux,dummy-virt (DT) [ 29.432267] Call trace: [ 29.432304] show_stack+0x20/0x38 (C) [ 29.432354] dump_stack_lvl+0x8c/0xd0 [ 29.432400] print_report+0x118/0x5d0 [ 29.432443] kasan_report+0xdc/0x128 [ 29.432484] kasan_check_range+0x100/0x1a8 [ 29.432529] __asan_memmove+0x3c/0x98 [ 29.432572] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.432624] kunit_try_run_case+0x170/0x3f0 [ 29.432670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.432887] kthread+0x328/0x630 [ 29.433095] ret_from_fork+0x10/0x20 [ 29.433229] [ 29.433248] Allocated by task 214: [ 29.433335] kasan_save_stack+0x3c/0x68 [ 29.433426] kasan_save_track+0x20/0x40 [ 29.433466] kasan_save_alloc_info+0x40/0x58 [ 29.433542] __kasan_kmalloc+0xd4/0xd8 [ 29.433635] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.433737] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 29.433833] kunit_try_run_case+0x170/0x3f0 [ 29.433929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.434030] kthread+0x328/0x630 [ 29.434073] ret_from_fork+0x10/0x20 [ 29.434375] [ 29.434479] The buggy address belongs to the object at fff00000c598c980 [ 29.434479] which belongs to the cache kmalloc-64 of size 64 [ 29.434577] The buggy address is located 4 bytes inside of [ 29.434577] allocated 64-byte region [fff00000c598c980, fff00000c598c9c0) [ 29.434673] [ 29.434725] The buggy address belongs to the physical page: [ 29.434838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598c [ 29.434936] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.435145] page_type: f5(slab) [ 29.435228] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.435295] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.435332] page dumped because: kasan: bad access detected [ 29.435543] [ 29.435763] Memory state around the buggy address: [ 29.435904] fff00000c598c880: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.436031] fff00000c598c900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.436107] >fff00000c598c980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.436232] ^ [ 29.436381] fff00000c598ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.436435] fff00000c598ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.436474] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 29.424336] ================================================================== [ 29.424405] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 29.424469] Read of size 18446744073709551614 at addr fff00000c598c784 by task kunit_try_catch/212 [ 29.424703] [ 29.424743] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.424917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.424951] Hardware name: linux,dummy-virt (DT) [ 29.424982] Call trace: [ 29.425005] show_stack+0x20/0x38 (C) [ 29.425068] dump_stack_lvl+0x8c/0xd0 [ 29.425141] print_report+0x118/0x5d0 [ 29.425185] kasan_report+0xdc/0x128 [ 29.425227] kasan_check_range+0x100/0x1a8 [ 29.425272] __asan_memmove+0x3c/0x98 [ 29.425316] kmalloc_memmove_negative_size+0x154/0x2e0 [ 29.425434] kunit_try_run_case+0x170/0x3f0 [ 29.425486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.425539] kthread+0x328/0x630 [ 29.425595] ret_from_fork+0x10/0x20 [ 29.425641] [ 29.425659] Allocated by task 212: [ 29.425689] kasan_save_stack+0x3c/0x68 [ 29.425729] kasan_save_track+0x20/0x40 [ 29.425901] kasan_save_alloc_info+0x40/0x58 [ 29.426143] __kasan_kmalloc+0xd4/0xd8 [ 29.426250] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.426294] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 29.426362] kunit_try_run_case+0x170/0x3f0 [ 29.426401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.426470] kthread+0x328/0x630 [ 29.426505] ret_from_fork+0x10/0x20 [ 29.426557] [ 29.426618] The buggy address belongs to the object at fff00000c598c780 [ 29.426618] which belongs to the cache kmalloc-64 of size 64 [ 29.426715] The buggy address is located 4 bytes inside of [ 29.426715] 64-byte region [fff00000c598c780, fff00000c598c7c0) [ 29.426774] [ 29.426803] The buggy address belongs to the physical page: [ 29.426852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598c [ 29.426903] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.426947] page_type: f5(slab) [ 29.426986] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.427034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.427083] page dumped because: kasan: bad access detected [ 29.427123] [ 29.427142] Memory state around the buggy address: [ 29.427174] fff00000c598c680: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 29.427216] fff00000c598c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.427257] >fff00000c598c780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.427301] ^ [ 29.427327] fff00000c598c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.427368] fff00000c598c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.427415] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 29.414584] ================================================================== [ 29.414643] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 29.414696] Write of size 16 at addr fff00000c5998069 by task kunit_try_catch/210 [ 29.414743] [ 29.414774] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.414857] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.414882] Hardware name: linux,dummy-virt (DT) [ 29.414912] Call trace: [ 29.414935] show_stack+0x20/0x38 (C) [ 29.414981] dump_stack_lvl+0x8c/0xd0 [ 29.415026] print_report+0x118/0x5d0 [ 29.415270] kasan_report+0xdc/0x128 [ 29.415339] kasan_check_range+0x100/0x1a8 [ 29.415388] __asan_memset+0x34/0x78 [ 29.415430] kmalloc_oob_memset_16+0x150/0x2f8 [ 29.415483] kunit_try_run_case+0x170/0x3f0 [ 29.415569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.415656] kthread+0x328/0x630 [ 29.415774] ret_from_fork+0x10/0x20 [ 29.415833] [ 29.415903] Allocated by task 210: [ 29.415931] kasan_save_stack+0x3c/0x68 [ 29.415972] kasan_save_track+0x20/0x40 [ 29.416009] kasan_save_alloc_info+0x40/0x58 [ 29.416045] __kasan_kmalloc+0xd4/0xd8 [ 29.416093] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.416254] kmalloc_oob_memset_16+0xb0/0x2f8 [ 29.416296] kunit_try_run_case+0x170/0x3f0 [ 29.416380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.416458] kthread+0x328/0x630 [ 29.416590] ret_from_fork+0x10/0x20 [ 29.416626] [ 29.416657] The buggy address belongs to the object at fff00000c5998000 [ 29.416657] which belongs to the cache kmalloc-128 of size 128 [ 29.416929] The buggy address is located 105 bytes inside of [ 29.416929] allocated 120-byte region [fff00000c5998000, fff00000c5998078) [ 29.417107] [ 29.417131] The buggy address belongs to the physical page: [ 29.417177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998 [ 29.417236] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.417336] page_type: f5(slab) [ 29.417434] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.417482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.417522] page dumped because: kasan: bad access detected [ 29.417551] [ 29.417569] Memory state around the buggy address: [ 29.417599] fff00000c5997f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.417825] fff00000c5997f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.417921] >fff00000c5998000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.417957] ^ [ 29.418017] fff00000c5998080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418100] fff00000c5998100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 29.393208] ================================================================== [ 29.394241] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 29.394788] Write of size 8 at addr fff00000c57d4f71 by task kunit_try_catch/208 [ 29.394859] [ 29.394891] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.395312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.395426] Hardware name: linux,dummy-virt (DT) [ 29.395457] Call trace: [ 29.395590] show_stack+0x20/0x38 (C) [ 29.395872] dump_stack_lvl+0x8c/0xd0 [ 29.396155] print_report+0x118/0x5d0 [ 29.396510] kasan_report+0xdc/0x128 [ 29.396618] kasan_check_range+0x100/0x1a8 [ 29.397161] __asan_memset+0x34/0x78 [ 29.397210] kmalloc_oob_memset_8+0x150/0x2f8 [ 29.397259] kunit_try_run_case+0x170/0x3f0 [ 29.397617] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.397754] kthread+0x328/0x630 [ 29.397821] ret_from_fork+0x10/0x20 [ 29.398087] [ 29.398110] Allocated by task 208: [ 29.398280] kasan_save_stack+0x3c/0x68 [ 29.398418] kasan_save_track+0x20/0x40 [ 29.398557] kasan_save_alloc_info+0x40/0x58 [ 29.398594] __kasan_kmalloc+0xd4/0xd8 [ 29.398630] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.398670] kmalloc_oob_memset_8+0xb0/0x2f8 [ 29.398707] kunit_try_run_case+0x170/0x3f0 [ 29.398745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.399834] kthread+0x328/0x630 [ 29.400009] ret_from_fork+0x10/0x20 [ 29.400260] [ 29.400437] The buggy address belongs to the object at fff00000c57d4f00 [ 29.400437] which belongs to the cache kmalloc-128 of size 128 [ 29.400518] The buggy address is located 113 bytes inside of [ 29.400518] allocated 120-byte region [fff00000c57d4f00, fff00000c57d4f78) [ 29.400630] [ 29.400795] The buggy address belongs to the physical page: [ 29.400984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.401269] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.401330] page_type: f5(slab) [ 29.401380] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.401429] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.401905] page dumped because: kasan: bad access detected [ 29.402206] [ 29.402228] Memory state around the buggy address: [ 29.402260] fff00000c57d4e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.402303] fff00000c57d4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.402816] >fff00000c57d4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.403020] ^ [ 29.403077] fff00000c57d4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.403441] fff00000c57d5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.403485] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 29.373921] ================================================================== [ 29.373976] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 29.374615] Write of size 4 at addr fff00000c57d4e75 by task kunit_try_catch/206 [ 29.374678] [ 29.374711] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.374841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.374868] Hardware name: linux,dummy-virt (DT) [ 29.375000] Call trace: [ 29.375025] show_stack+0x20/0x38 (C) [ 29.375403] dump_stack_lvl+0x8c/0xd0 [ 29.375901] print_report+0x118/0x5d0 [ 29.375946] kasan_report+0xdc/0x128 [ 29.376232] kasan_check_range+0x100/0x1a8 [ 29.376279] __asan_memset+0x34/0x78 [ 29.376321] kmalloc_oob_memset_4+0x150/0x300 [ 29.376599] kunit_try_run_case+0x170/0x3f0 [ 29.376984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.377038] kthread+0x328/0x630 [ 29.377575] ret_from_fork+0x10/0x20 [ 29.377623] [ 29.377643] Allocated by task 206: [ 29.378135] kasan_save_stack+0x3c/0x68 [ 29.378492] kasan_save_track+0x20/0x40 [ 29.378530] kasan_save_alloc_info+0x40/0x58 [ 29.378568] __kasan_kmalloc+0xd4/0xd8 [ 29.378604] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.378645] kmalloc_oob_memset_4+0xb0/0x300 [ 29.379667] kunit_try_run_case+0x170/0x3f0 [ 29.379737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.379781] kthread+0x328/0x630 [ 29.379814] ret_from_fork+0x10/0x20 [ 29.379849] [ 29.379869] The buggy address belongs to the object at fff00000c57d4e00 [ 29.379869] which belongs to the cache kmalloc-128 of size 128 [ 29.379927] The buggy address is located 117 bytes inside of [ 29.379927] allocated 120-byte region [fff00000c57d4e00, fff00000c57d4e78) [ 29.380084] [ 29.380495] The buggy address belongs to the physical page: [ 29.380797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.380963] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.381020] page_type: f5(slab) [ 29.381073] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.381196] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.381360] page dumped because: kasan: bad access detected [ 29.381395] [ 29.381583] Memory state around the buggy address: [ 29.381620] fff00000c57d4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.381663] fff00000c57d4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.381876] >fff00000c57d4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.382340] ^ [ 29.382634] fff00000c57d4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.382702] fff00000c57d4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.382739] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 29.353079] ================================================================== [ 29.353144] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 29.353201] Write of size 2 at addr fff00000c57d4d77 by task kunit_try_catch/204 [ 29.354412] [ 29.355009] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.355237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.355315] Hardware name: linux,dummy-virt (DT) [ 29.355529] Call trace: [ 29.355556] show_stack+0x20/0x38 (C) [ 29.355611] dump_stack_lvl+0x8c/0xd0 [ 29.356324] print_report+0x118/0x5d0 [ 29.356562] kasan_report+0xdc/0x128 [ 29.357100] kasan_check_range+0x100/0x1a8 [ 29.357299] __asan_memset+0x34/0x78 [ 29.357357] kmalloc_oob_memset_2+0x150/0x2f8 [ 29.358035] kunit_try_run_case+0x170/0x3f0 [ 29.358113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.358632] kthread+0x328/0x630 [ 29.358684] ret_from_fork+0x10/0x20 [ 29.358734] [ 29.358753] Allocated by task 204: [ 29.358783] kasan_save_stack+0x3c/0x68 [ 29.359709] kasan_save_track+0x20/0x40 [ 29.360038] kasan_save_alloc_info+0x40/0x58 [ 29.360300] __kasan_kmalloc+0xd4/0xd8 [ 29.360801] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.361122] kmalloc_oob_memset_2+0xb0/0x2f8 [ 29.361164] kunit_try_run_case+0x170/0x3f0 [ 29.361203] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.361246] kthread+0x328/0x630 [ 29.361279] ret_from_fork+0x10/0x20 [ 29.361315] [ 29.361335] The buggy address belongs to the object at fff00000c57d4d00 [ 29.361335] which belongs to the cache kmalloc-128 of size 128 [ 29.362617] The buggy address is located 119 bytes inside of [ 29.362617] allocated 120-byte region [fff00000c57d4d00, fff00000c57d4d78) [ 29.363050] [ 29.363409] The buggy address belongs to the physical page: [ 29.363590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.363812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.363862] page_type: f5(slab) [ 29.364117] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.364167] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.364206] page dumped because: kasan: bad access detected [ 29.364492] [ 29.364894] Memory state around the buggy address: [ 29.365238] fff00000c57d4c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.365514] fff00000c57d4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.365782] >fff00000c57d4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.365923] ^ [ 29.366074] fff00000c57d4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366121] fff00000c57d4e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366158] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 29.302377] ================================================================== [ 29.302690] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 29.302754] Read of size 16 at addr fff00000c592c8e0 by task kunit_try_catch/200 [ 29.302803] [ 29.303226] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.303320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.303359] Hardware name: linux,dummy-virt (DT) [ 29.303538] Call trace: [ 29.303561] show_stack+0x20/0x38 (C) [ 29.303845] dump_stack_lvl+0x8c/0xd0 [ 29.303916] print_report+0x118/0x5d0 [ 29.303962] kasan_report+0xdc/0x128 [ 29.304270] __asan_report_load16_noabort+0x20/0x30 [ 29.304321] kmalloc_uaf_16+0x3bc/0x438 [ 29.304366] kunit_try_run_case+0x170/0x3f0 [ 29.304482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.304536] kthread+0x328/0x630 [ 29.304578] ret_from_fork+0x10/0x20 [ 29.304625] [ 29.304700] Allocated by task 200: [ 29.304801] kasan_save_stack+0x3c/0x68 [ 29.305036] kasan_save_track+0x20/0x40 [ 29.305100] kasan_save_alloc_info+0x40/0x58 [ 29.305136] __kasan_kmalloc+0xd4/0xd8 [ 29.305464] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.305510] kmalloc_uaf_16+0x140/0x438 [ 29.305578] kunit_try_run_case+0x170/0x3f0 [ 29.306382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.306434] kthread+0x328/0x630 [ 29.306674] ret_from_fork+0x10/0x20 [ 29.306710] [ 29.306729] Freed by task 200: [ 29.306953] kasan_save_stack+0x3c/0x68 [ 29.307001] kasan_save_track+0x20/0x40 [ 29.307038] kasan_save_free_info+0x4c/0x78 [ 29.307206] __kasan_slab_free+0x6c/0x98 [ 29.307412] kfree+0x214/0x3c8 [ 29.307447] kmalloc_uaf_16+0x190/0x438 [ 29.307482] kunit_try_run_case+0x170/0x3f0 [ 29.307519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.307911] kthread+0x328/0x630 [ 29.307955] ret_from_fork+0x10/0x20 [ 29.307991] [ 29.308036] The buggy address belongs to the object at fff00000c592c8e0 [ 29.308036] which belongs to the cache kmalloc-16 of size 16 [ 29.308150] The buggy address is located 0 bytes inside of [ 29.308150] freed 16-byte region [fff00000c592c8e0, fff00000c592c8f0) [ 29.308210] [ 29.308230] The buggy address belongs to the physical page: [ 29.308260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.308499] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.308631] page_type: f5(slab) [ 29.308672] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.309115] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.309243] page dumped because: kasan: bad access detected [ 29.309274] [ 29.309292] Memory state around the buggy address: [ 29.309711] fff00000c592c780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.309989] fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.310037] >fff00000c592c880: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 29.310087] ^ [ 29.310125] fff00000c592c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.310166] fff00000c592c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.310202] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 29.282882] ================================================================== [ 29.282950] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 29.283008] Write of size 16 at addr fff00000c592c880 by task kunit_try_catch/198 [ 29.283071] [ 29.283108] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.283775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.284026] Hardware name: linux,dummy-virt (DT) [ 29.284070] Call trace: [ 29.284093] show_stack+0x20/0x38 (C) [ 29.284148] dump_stack_lvl+0x8c/0xd0 [ 29.284617] print_report+0x118/0x5d0 [ 29.284727] kasan_report+0xdc/0x128 [ 29.285017] __asan_report_store16_noabort+0x20/0x30 [ 29.285297] kmalloc_oob_16+0x3a0/0x3f8 [ 29.285544] kunit_try_run_case+0x170/0x3f0 [ 29.285773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.285925] kthread+0x328/0x630 [ 29.285974] ret_from_fork+0x10/0x20 [ 29.286519] [ 29.286540] Allocated by task 198: [ 29.286700] kasan_save_stack+0x3c/0x68 [ 29.286880] kasan_save_track+0x20/0x40 [ 29.286925] kasan_save_alloc_info+0x40/0x58 [ 29.286960] __kasan_kmalloc+0xd4/0xd8 [ 29.286996] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.287435] kmalloc_oob_16+0xb4/0x3f8 [ 29.287688] kunit_try_run_case+0x170/0x3f0 [ 29.287734] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.287786] kthread+0x328/0x630 [ 29.287818] ret_from_fork+0x10/0x20 [ 29.288019] [ 29.288288] The buggy address belongs to the object at fff00000c592c880 [ 29.288288] which belongs to the cache kmalloc-16 of size 16 [ 29.288349] The buggy address is located 0 bytes inside of [ 29.288349] allocated 13-byte region [fff00000c592c880, fff00000c592c88d) [ 29.288409] [ 29.288429] The buggy address belongs to the physical page: [ 29.288691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.288979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.289207] page_type: f5(slab) [ 29.289250] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.290045] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.290104] page dumped because: kasan: bad access detected [ 29.290329] [ 29.290399] Memory state around the buggy address: [ 29.290435] fff00000c592c780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.290478] fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.291006] >fff00000c592c880: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.291271] ^ [ 29.291435] fff00000c592c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291756] fff00000c592c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291863] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 29.253973] ================================================================== [ 29.254022] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 29.254085] Read of size 1 at addr fff00000c97e2a00 by task kunit_try_catch/196 [ 29.254132] [ 29.254160] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.254631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.254694] Hardware name: linux,dummy-virt (DT) [ 29.254724] Call trace: [ 29.254777] show_stack+0x20/0x38 (C) [ 29.254826] dump_stack_lvl+0x8c/0xd0 [ 29.254872] print_report+0x118/0x5d0 [ 29.255200] kasan_report+0xdc/0x128 [ 29.255316] __asan_report_load1_noabort+0x20/0x30 [ 29.255365] krealloc_uaf+0x4c8/0x520 [ 29.255409] kunit_try_run_case+0x170/0x3f0 [ 29.255458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.255759] kthread+0x328/0x630 [ 29.255980] ret_from_fork+0x10/0x20 [ 29.256032] [ 29.256050] Allocated by task 196: [ 29.256117] kasan_save_stack+0x3c/0x68 [ 29.256162] kasan_save_track+0x20/0x40 [ 29.256199] kasan_save_alloc_info+0x40/0x58 [ 29.256235] __kasan_kmalloc+0xd4/0xd8 [ 29.256271] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.256309] krealloc_uaf+0xc8/0x520 [ 29.256344] kunit_try_run_case+0x170/0x3f0 [ 29.256670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.256840] kthread+0x328/0x630 [ 29.256875] ret_from_fork+0x10/0x20 [ 29.257042] [ 29.257121] Freed by task 196: [ 29.257147] kasan_save_stack+0x3c/0x68 [ 29.257186] kasan_save_track+0x20/0x40 [ 29.257222] kasan_save_free_info+0x4c/0x78 [ 29.257259] __kasan_slab_free+0x6c/0x98 [ 29.257296] kfree+0x214/0x3c8 [ 29.257531] krealloc_uaf+0x12c/0x520 [ 29.257573] kunit_try_run_case+0x170/0x3f0 [ 29.257611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.257686] kthread+0x328/0x630 [ 29.257718] ret_from_fork+0x10/0x20 [ 29.257838] [ 29.258170] The buggy address belongs to the object at fff00000c97e2a00 [ 29.258170] which belongs to the cache kmalloc-256 of size 256 [ 29.258803] The buggy address is located 0 bytes inside of [ 29.258803] freed 256-byte region [fff00000c97e2a00, fff00000c97e2b00) [ 29.258917] [ 29.259092] The buggy address belongs to the physical page: [ 29.259547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.260066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.260277] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.260330] page_type: f5(slab) [ 29.260777] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.261161] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.261330] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.261379] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.261748] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.262498] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.262550] page dumped because: kasan: bad access detected [ 29.262679] [ 29.262856] Memory state around the buggy address: [ 29.263168] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.263214] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.263481] >fff00000c97e2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.264118] ^ [ 29.264274] fff00000c97e2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.264942] fff00000c97e2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.266024] ================================================================== [ 29.247315] ================================================================== [ 29.247404] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 29.247456] Read of size 1 at addr fff00000c97e2a00 by task kunit_try_catch/196 [ 29.247503] [ 29.247534] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.247658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.247687] Hardware name: linux,dummy-virt (DT) [ 29.247717] Call trace: [ 29.247739] show_stack+0x20/0x38 (C) [ 29.247786] dump_stack_lvl+0x8c/0xd0 [ 29.247832] print_report+0x118/0x5d0 [ 29.247874] kasan_report+0xdc/0x128 [ 29.248452] __kasan_check_byte+0x54/0x70 [ 29.248521] krealloc_noprof+0x44/0x360 [ 29.248671] krealloc_uaf+0x180/0x520 [ 29.248799] kunit_try_run_case+0x170/0x3f0 [ 29.248850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.248903] kthread+0x328/0x630 [ 29.248944] ret_from_fork+0x10/0x20 [ 29.249008] [ 29.249119] Allocated by task 196: [ 29.249151] kasan_save_stack+0x3c/0x68 [ 29.249193] kasan_save_track+0x20/0x40 [ 29.249230] kasan_save_alloc_info+0x40/0x58 [ 29.249438] __kasan_kmalloc+0xd4/0xd8 [ 29.249489] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.249581] krealloc_uaf+0xc8/0x520 [ 29.249660] kunit_try_run_case+0x170/0x3f0 [ 29.249753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.249796] kthread+0x328/0x630 [ 29.249828] ret_from_fork+0x10/0x20 [ 29.249863] [ 29.249935] Freed by task 196: [ 29.250071] kasan_save_stack+0x3c/0x68 [ 29.250153] kasan_save_track+0x20/0x40 [ 29.250192] kasan_save_free_info+0x4c/0x78 [ 29.250267] __kasan_slab_free+0x6c/0x98 [ 29.250322] kfree+0x214/0x3c8 [ 29.250401] krealloc_uaf+0x12c/0x520 [ 29.250461] kunit_try_run_case+0x170/0x3f0 [ 29.250575] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.250619] kthread+0x328/0x630 [ 29.250651] ret_from_fork+0x10/0x20 [ 29.250772] [ 29.250912] The buggy address belongs to the object at fff00000c97e2a00 [ 29.250912] which belongs to the cache kmalloc-256 of size 256 [ 29.250996] The buggy address is located 0 bytes inside of [ 29.250996] freed 256-byte region [fff00000c97e2a00, fff00000c97e2b00) [ 29.251073] [ 29.251093] The buggy address belongs to the physical page: [ 29.251124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.251173] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.251217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.251265] page_type: f5(slab) [ 29.251828] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.251985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.252065] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.252113] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.252268] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.252364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.252405] page dumped because: kasan: bad access detected [ 29.252437] [ 29.252455] Memory state around the buggy address: [ 29.252547] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.252589] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.252671] >fff00000c97e2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.252707] ^ [ 29.252734] fff00000c97e2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.252928] fff00000c97e2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.253047] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 29.222346] ================================================================== [ 29.222610] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.222679] Write of size 1 at addr fff00000c9b020c9 by task kunit_try_catch/194 [ 29.222825] [ 29.222853] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.222937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.222964] Hardware name: linux,dummy-virt (DT) [ 29.222993] Call trace: [ 29.223015] show_stack+0x20/0x38 (C) [ 29.223074] dump_stack_lvl+0x8c/0xd0 [ 29.223122] print_report+0x118/0x5d0 [ 29.223164] kasan_report+0xdc/0x128 [ 29.223206] __asan_report_store1_noabort+0x20/0x30 [ 29.223254] krealloc_less_oob_helper+0xa48/0xc50 [ 29.223302] krealloc_large_less_oob+0x20/0x38 [ 29.223349] kunit_try_run_case+0x170/0x3f0 [ 29.223398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.223450] kthread+0x328/0x630 [ 29.223491] ret_from_fork+0x10/0x20 [ 29.223552] [ 29.223572] The buggy address belongs to the physical page: [ 29.223601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.223691] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.223737] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.223865] page_type: f8(unknown) [ 29.223905] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.223953] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.224002] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.224049] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.224126] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.224174] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.224336] page dumped because: kasan: bad access detected [ 29.224491] [ 29.224515] Memory state around the buggy address: [ 29.224545] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.224694] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.224747] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.224924] ^ [ 29.225046] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.225153] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.225297] ================================================================== [ 29.179437] ================================================================== [ 29.179546] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.179616] Write of size 1 at addr fff00000c97e28ea by task kunit_try_catch/190 [ 29.180028] [ 29.180151] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.180299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.180400] Hardware name: linux,dummy-virt (DT) [ 29.180487] Call trace: [ 29.180510] show_stack+0x20/0x38 (C) [ 29.180560] dump_stack_lvl+0x8c/0xd0 [ 29.180635] print_report+0x118/0x5d0 [ 29.180678] kasan_report+0xdc/0x128 [ 29.180720] __asan_report_store1_noabort+0x20/0x30 [ 29.181039] krealloc_less_oob_helper+0xae4/0xc50 [ 29.181263] krealloc_less_oob+0x20/0x38 [ 29.181523] kunit_try_run_case+0x170/0x3f0 [ 29.181709] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.181832] kthread+0x328/0x630 [ 29.181901] ret_from_fork+0x10/0x20 [ 29.182037] [ 29.182097] Allocated by task 190: [ 29.182127] kasan_save_stack+0x3c/0x68 [ 29.182332] kasan_save_track+0x20/0x40 [ 29.182430] kasan_save_alloc_info+0x40/0x58 [ 29.182571] __kasan_krealloc+0x118/0x178 [ 29.182616] krealloc_noprof+0x128/0x360 [ 29.182753] krealloc_less_oob_helper+0x168/0xc50 [ 29.182919] krealloc_less_oob+0x20/0x38 [ 29.183099] kunit_try_run_case+0x170/0x3f0 [ 29.183167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.183210] kthread+0x328/0x630 [ 29.183377] ret_from_fork+0x10/0x20 [ 29.183583] [ 29.183751] The buggy address belongs to the object at fff00000c97e2800 [ 29.183751] which belongs to the cache kmalloc-256 of size 256 [ 29.183809] The buggy address is located 33 bytes to the right of [ 29.183809] allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9) [ 29.183894] [ 29.184069] The buggy address belongs to the physical page: [ 29.184434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.184515] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.184720] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.184846] page_type: f5(slab) [ 29.185160] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.185382] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.185578] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.185682] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.185794] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.185843] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.186028] page dumped because: kasan: bad access detected [ 29.186109] [ 29.186188] Memory state around the buggy address: [ 29.186326] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.186574] fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.186645] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.186916] ^ [ 29.186963] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.187133] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.187274] ================================================================== [ 29.148689] ================================================================== [ 29.148893] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 29.148993] Write of size 1 at addr fff00000c97e28c9 by task kunit_try_catch/190 [ 29.149371] [ 29.149407] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.149544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.149571] Hardware name: linux,dummy-virt (DT) [ 29.149601] Call trace: [ 29.149630] show_stack+0x20/0x38 (C) [ 29.149715] dump_stack_lvl+0x8c/0xd0 [ 29.149922] print_report+0x118/0x5d0 [ 29.150047] kasan_report+0xdc/0x128 [ 29.150116] __asan_report_store1_noabort+0x20/0x30 [ 29.150171] krealloc_less_oob_helper+0xa48/0xc50 [ 29.150355] krealloc_less_oob+0x20/0x38 [ 29.150401] kunit_try_run_case+0x170/0x3f0 [ 29.150457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.150684] kthread+0x328/0x630 [ 29.150777] ret_from_fork+0x10/0x20 [ 29.150864] [ 29.150945] Allocated by task 190: [ 29.150995] kasan_save_stack+0x3c/0x68 [ 29.151035] kasan_save_track+0x20/0x40 [ 29.151080] kasan_save_alloc_info+0x40/0x58 [ 29.151116] __kasan_krealloc+0x118/0x178 [ 29.151153] krealloc_noprof+0x128/0x360 [ 29.151190] krealloc_less_oob_helper+0x168/0xc50 [ 29.151228] krealloc_less_oob+0x20/0x38 [ 29.151264] kunit_try_run_case+0x170/0x3f0 [ 29.151486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.151537] kthread+0x328/0x630 [ 29.151568] ret_from_fork+0x10/0x20 [ 29.152167] [ 29.152189] The buggy address belongs to the object at fff00000c97e2800 [ 29.152189] which belongs to the cache kmalloc-256 of size 256 [ 29.152244] The buggy address is located 0 bytes to the right of [ 29.152244] allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9) [ 29.152702] [ 29.152762] The buggy address belongs to the physical page: [ 29.152848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.152899] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.152945] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.153022] page_type: f5(slab) [ 29.153110] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.153318] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.153433] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.153558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.153689] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.153736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.153775] page dumped because: kasan: bad access detected [ 29.153850] [ 29.153890] Memory state around the buggy address: [ 29.153920] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.154399] fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.154561] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.154598] ^ [ 29.154639] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.154678] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.154714] ================================================================== [ 29.155862] ================================================================== [ 29.156247] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.156306] Write of size 1 at addr fff00000c97e28d0 by task kunit_try_catch/190 [ 29.156533] [ 29.156725] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.156890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.156916] Hardware name: linux,dummy-virt (DT) [ 29.156946] Call trace: [ 29.157011] show_stack+0x20/0x38 (C) [ 29.157238] dump_stack_lvl+0x8c/0xd0 [ 29.157317] print_report+0x118/0x5d0 [ 29.157360] kasan_report+0xdc/0x128 [ 29.157441] __asan_report_store1_noabort+0x20/0x30 [ 29.157642] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.157711] krealloc_less_oob+0x20/0x38 [ 29.157757] kunit_try_run_case+0x170/0x3f0 [ 29.157806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.157859] kthread+0x328/0x630 [ 29.157936] ret_from_fork+0x10/0x20 [ 29.158000] [ 29.158070] Allocated by task 190: [ 29.158097] kasan_save_stack+0x3c/0x68 [ 29.158137] kasan_save_track+0x20/0x40 [ 29.158174] kasan_save_alloc_info+0x40/0x58 [ 29.158210] __kasan_krealloc+0x118/0x178 [ 29.158247] krealloc_noprof+0x128/0x360 [ 29.158595] krealloc_less_oob_helper+0x168/0xc50 [ 29.159033] krealloc_less_oob+0x20/0x38 [ 29.159089] kunit_try_run_case+0x170/0x3f0 [ 29.159306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.159355] kthread+0x328/0x630 [ 29.159386] ret_from_fork+0x10/0x20 [ 29.159421] [ 29.159440] The buggy address belongs to the object at fff00000c97e2800 [ 29.159440] which belongs to the cache kmalloc-256 of size 256 [ 29.159495] The buggy address is located 7 bytes to the right of [ 29.159495] allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9) [ 29.159569] [ 29.159587] The buggy address belongs to the physical page: [ 29.159665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.159716] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.159919] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.159984] page_type: f5(slab) [ 29.160021] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.160081] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.160130] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.160179] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.160226] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.160272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.160310] page dumped because: kasan: bad access detected [ 29.160340] [ 29.160360] Memory state around the buggy address: [ 29.160739] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.160800] fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.160933] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.160970] ^ [ 29.161006] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.161535] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.161645] ================================================================== [ 29.227518] ================================================================== [ 29.227576] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.227660] Write of size 1 at addr fff00000c9b020da by task kunit_try_catch/194 [ 29.227990] [ 29.228017] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.228128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.228153] Hardware name: linux,dummy-virt (DT) [ 29.228182] Call trace: [ 29.228225] show_stack+0x20/0x38 (C) [ 29.228273] dump_stack_lvl+0x8c/0xd0 [ 29.228319] print_report+0x118/0x5d0 [ 29.228361] kasan_report+0xdc/0x128 [ 29.228403] __asan_report_store1_noabort+0x20/0x30 [ 29.228451] krealloc_less_oob_helper+0xa80/0xc50 [ 29.228499] krealloc_large_less_oob+0x20/0x38 [ 29.228546] kunit_try_run_case+0x170/0x3f0 [ 29.228679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.228893] kthread+0x328/0x630 [ 29.228934] ret_from_fork+0x10/0x20 [ 29.229041] [ 29.229087] The buggy address belongs to the physical page: [ 29.229116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.229166] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.229212] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.229306] page_type: f8(unknown) [ 29.229488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.229716] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.229810] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.230009] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.230462] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.230531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.230570] page dumped because: kasan: bad access detected [ 29.230600] [ 29.230617] Memory state around the buggy address: [ 29.230647] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.230689] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.230730] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.230777] ^ [ 29.230812] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.230852] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.230932] ================================================================== [ 29.188032] ================================================================== [ 29.188098] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.188147] Write of size 1 at addr fff00000c97e28eb by task kunit_try_catch/190 [ 29.188195] [ 29.188224] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.188305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.188330] Hardware name: linux,dummy-virt (DT) [ 29.188360] Call trace: [ 29.188381] show_stack+0x20/0x38 (C) [ 29.188427] dump_stack_lvl+0x8c/0xd0 [ 29.188472] print_report+0x118/0x5d0 [ 29.188515] kasan_report+0xdc/0x128 [ 29.188556] __asan_report_store1_noabort+0x20/0x30 [ 29.188604] krealloc_less_oob_helper+0xa58/0xc50 [ 29.188652] krealloc_less_oob+0x20/0x38 [ 29.188697] kunit_try_run_case+0x170/0x3f0 [ 29.188744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.188796] kthread+0x328/0x630 [ 29.188837] ret_from_fork+0x10/0x20 [ 29.188882] [ 29.188899] Allocated by task 190: [ 29.188926] kasan_save_stack+0x3c/0x68 [ 29.188966] kasan_save_track+0x20/0x40 [ 29.189003] kasan_save_alloc_info+0x40/0x58 [ 29.189038] __kasan_krealloc+0x118/0x178 [ 29.189094] krealloc_noprof+0x128/0x360 [ 29.189131] krealloc_less_oob_helper+0x168/0xc50 [ 29.189169] krealloc_less_oob+0x20/0x38 [ 29.189204] kunit_try_run_case+0x170/0x3f0 [ 29.189241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.189283] kthread+0x328/0x630 [ 29.189314] ret_from_fork+0x10/0x20 [ 29.189348] [ 29.189366] The buggy address belongs to the object at fff00000c97e2800 [ 29.189366] which belongs to the cache kmalloc-256 of size 256 [ 29.189419] The buggy address is located 34 bytes to the right of [ 29.189419] allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9) [ 29.189480] [ 29.189498] The buggy address belongs to the physical page: [ 29.189527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.189576] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.189620] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.189667] page_type: f5(slab) [ 29.189703] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.189752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.189800] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.189847] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.189894] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.189941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.189979] page dumped because: kasan: bad access detected [ 29.190008] [ 29.190026] Memory state around the buggy address: [ 29.190085] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.190130] fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.190208] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.190264] ^ [ 29.190303] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.190344] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.190381] ================================================================== [ 29.165633] ================================================================== [ 29.165688] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 29.165739] Write of size 1 at addr fff00000c97e28da by task kunit_try_catch/190 [ 29.165788] [ 29.165817] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.165898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.165924] Hardware name: linux,dummy-virt (DT) [ 29.165955] Call trace: [ 29.166684] show_stack+0x20/0x38 (C) [ 29.166996] dump_stack_lvl+0x8c/0xd0 [ 29.167224] print_report+0x118/0x5d0 [ 29.167409] kasan_report+0xdc/0x128 [ 29.167963] __asan_report_store1_noabort+0x20/0x30 [ 29.168554] krealloc_less_oob_helper+0xa80/0xc50 [ 29.169294] krealloc_less_oob+0x20/0x38 [ 29.169811] kunit_try_run_case+0x170/0x3f0 [ 29.169874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.170596] kthread+0x328/0x630 [ 29.170654] ret_from_fork+0x10/0x20 [ 29.171176] [ 29.171521] Allocated by task 190: [ 29.171666] kasan_save_stack+0x3c/0x68 [ 29.171713] kasan_save_track+0x20/0x40 [ 29.171751] kasan_save_alloc_info+0x40/0x58 [ 29.172308] __kasan_krealloc+0x118/0x178 [ 29.172361] krealloc_noprof+0x128/0x360 [ 29.172399] krealloc_less_oob_helper+0x168/0xc50 [ 29.172438] krealloc_less_oob+0x20/0x38 [ 29.172621] kunit_try_run_case+0x170/0x3f0 [ 29.172706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.172797] kthread+0x328/0x630 [ 29.172938] ret_from_fork+0x10/0x20 [ 29.173002] [ 29.173203] The buggy address belongs to the object at fff00000c97e2800 [ 29.173203] which belongs to the cache kmalloc-256 of size 256 [ 29.173555] The buggy address is located 17 bytes to the right of [ 29.173555] allocated 201-byte region [fff00000c97e2800, fff00000c97e28c9) [ 29.173880] [ 29.174108] The buggy address belongs to the physical page: [ 29.174143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.174458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.174516] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.174941] page_type: f5(slab) [ 29.174984] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.175425] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.175531] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.175781] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.176068] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.176131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.176321] page dumped because: kasan: bad access detected [ 29.176364] [ 29.176396] Memory state around the buggy address: [ 29.176428] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.176476] fff00000c97e2800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.176517] >fff00000c97e2880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 29.176553] ^ [ 29.177165] fff00000c97e2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.177214] fff00000c97e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.177394] ================================================================== [ 29.236587] ================================================================== [ 29.236631] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 29.236679] Write of size 1 at addr fff00000c9b020eb by task kunit_try_catch/194 [ 29.236738] [ 29.236823] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.236907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.236936] Hardware name: linux,dummy-virt (DT) [ 29.236975] Call trace: [ 29.237045] show_stack+0x20/0x38 (C) [ 29.237110] dump_stack_lvl+0x8c/0xd0 [ 29.237162] print_report+0x118/0x5d0 [ 29.237262] kasan_report+0xdc/0x128 [ 29.237374] __asan_report_store1_noabort+0x20/0x30 [ 29.237589] krealloc_less_oob_helper+0xa58/0xc50 [ 29.237638] krealloc_large_less_oob+0x20/0x38 [ 29.237692] kunit_try_run_case+0x170/0x3f0 [ 29.237848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.238013] kthread+0x328/0x630 [ 29.238076] ret_from_fork+0x10/0x20 [ 29.238130] [ 29.238149] The buggy address belongs to the physical page: [ 29.238178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.238227] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.238271] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.238342] page_type: f8(unknown) [ 29.238514] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.238613] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.238680] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.238913] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.239132] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.239187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.239226] page dumped because: kasan: bad access detected [ 29.239262] [ 29.239280] Memory state around the buggy address: [ 29.239310] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.239564] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.239606] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.239757] ^ [ 29.239812] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.239852] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.239888] ================================================================== [ 29.225563] ================================================================== [ 29.225605] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 29.225676] Write of size 1 at addr fff00000c9b020d0 by task kunit_try_catch/194 [ 29.225735] [ 29.225762] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.225842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.225867] Hardware name: linux,dummy-virt (DT) [ 29.225896] Call trace: [ 29.225933] show_stack+0x20/0x38 (C) [ 29.225981] dump_stack_lvl+0x8c/0xd0 [ 29.226027] print_report+0x118/0x5d0 [ 29.226079] kasan_report+0xdc/0x128 [ 29.226131] __asan_report_store1_noabort+0x20/0x30 [ 29.226333] krealloc_less_oob_helper+0xb9c/0xc50 [ 29.226383] krealloc_large_less_oob+0x20/0x38 [ 29.226431] kunit_try_run_case+0x170/0x3f0 [ 29.226480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.226532] kthread+0x328/0x630 [ 29.226573] ret_from_fork+0x10/0x20 [ 29.226618] [ 29.226636] The buggy address belongs to the physical page: [ 29.226665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.226717] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.226762] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.226809] page_type: f8(unknown) [ 29.226846] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.226895] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.226944] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.226991] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.227038] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.227096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.227134] page dumped because: kasan: bad access detected [ 29.227173] [ 29.227191] Memory state around the buggy address: [ 29.227219] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.227259] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.227300] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.227347] ^ [ 29.227381] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.227433] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.227469] ================================================================== [ 29.232293] ================================================================== [ 29.232339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 29.232389] Write of size 1 at addr fff00000c9b020ea by task kunit_try_catch/194 [ 29.232452] [ 29.232571] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.232900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.232927] Hardware name: linux,dummy-virt (DT) [ 29.232956] Call trace: [ 29.232978] show_stack+0x20/0x38 (C) [ 29.233026] dump_stack_lvl+0x8c/0xd0 [ 29.233086] print_report+0x118/0x5d0 [ 29.233129] kasan_report+0xdc/0x128 [ 29.233171] __asan_report_store1_noabort+0x20/0x30 [ 29.233225] krealloc_less_oob_helper+0xae4/0xc50 [ 29.233456] krealloc_large_less_oob+0x20/0x38 [ 29.233528] kunit_try_run_case+0x170/0x3f0 [ 29.233681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.233812] kthread+0x328/0x630 [ 29.234005] ret_from_fork+0x10/0x20 [ 29.234060] [ 29.234079] The buggy address belongs to the physical page: [ 29.234108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.234157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.234202] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.234250] page_type: f8(unknown) [ 29.234296] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.234380] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.234763] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.235079] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.235185] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.235307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.235346] page dumped because: kasan: bad access detected [ 29.235376] [ 29.235393] Memory state around the buggy address: [ 29.235423] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.235616] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.235899] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 29.235936] ^ [ 29.236017] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.236131] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.236169] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 29.125855] ================================================================== [ 29.125910] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 29.125962] Write of size 1 at addr fff00000c97e26eb by task kunit_try_catch/188 [ 29.126255] [ 29.126423] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.126688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.126814] Hardware name: linux,dummy-virt (DT) [ 29.126856] Call trace: [ 29.126885] show_stack+0x20/0x38 (C) [ 29.127078] dump_stack_lvl+0x8c/0xd0 [ 29.127128] print_report+0x118/0x5d0 [ 29.127170] kasan_report+0xdc/0x128 [ 29.127212] __asan_report_store1_noabort+0x20/0x30 [ 29.127259] krealloc_more_oob_helper+0x60c/0x678 [ 29.128016] krealloc_more_oob+0x20/0x38 [ 29.128080] kunit_try_run_case+0x170/0x3f0 [ 29.128130] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.128183] kthread+0x328/0x630 [ 29.128376] ret_from_fork+0x10/0x20 [ 29.128495] [ 29.128555] Allocated by task 188: [ 29.128586] kasan_save_stack+0x3c/0x68 [ 29.128637] kasan_save_track+0x20/0x40 [ 29.128750] kasan_save_alloc_info+0x40/0x58 [ 29.128786] __kasan_krealloc+0x118/0x178 [ 29.128823] krealloc_noprof+0x128/0x360 [ 29.128861] krealloc_more_oob_helper+0x168/0x678 [ 29.129158] krealloc_more_oob+0x20/0x38 [ 29.129230] kunit_try_run_case+0x170/0x3f0 [ 29.129309] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.129352] kthread+0x328/0x630 [ 29.129571] ret_from_fork+0x10/0x20 [ 29.129606] [ 29.129626] The buggy address belongs to the object at fff00000c97e2600 [ 29.129626] which belongs to the cache kmalloc-256 of size 256 [ 29.129822] The buggy address is located 0 bytes to the right of [ 29.129822] allocated 235-byte region [fff00000c97e2600, fff00000c97e26eb) [ 29.130187] [ 29.130280] The buggy address belongs to the physical page: [ 29.130314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.130397] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.130616] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.130681] page_type: f5(slab) [ 29.130779] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.130914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.131013] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.131319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.131606] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.131878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.132129] page dumped because: kasan: bad access detected [ 29.132163] [ 29.132182] Memory state around the buggy address: [ 29.132214] fff00000c97e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132257] fff00000c97e2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.132297] >fff00000c97e2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 29.132333] ^ [ 29.132594] fff00000c97e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132663] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132700] ================================================================== [ 29.195168] ================================================================== [ 29.195221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 29.195274] Write of size 1 at addr fff00000c9b020eb by task kunit_try_catch/192 [ 29.199142] [ 29.199696] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.199784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.199811] Hardware name: linux,dummy-virt (DT) [ 29.200729] Call trace: [ 29.202390] show_stack+0x20/0x38 (C) [ 29.202895] dump_stack_lvl+0x8c/0xd0 [ 29.203555] print_report+0x118/0x5d0 [ 29.204166] kasan_report+0xdc/0x128 [ 29.204226] __asan_report_store1_noabort+0x20/0x30 [ 29.204869] krealloc_more_oob_helper+0x60c/0x678 [ 29.205554] krealloc_large_more_oob+0x20/0x38 [ 29.205984] kunit_try_run_case+0x170/0x3f0 [ 29.206539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.207168] kthread+0x328/0x630 [ 29.207458] ret_from_fork+0x10/0x20 [ 29.208289] [ 29.208804] The buggy address belongs to the physical page: [ 29.208877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.209368] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.209488] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.210181] page_type: f8(unknown) [ 29.210416] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.210769] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.211166] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.211763] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.212131] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.212325] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.212451] page dumped because: kasan: bad access detected [ 29.213023] [ 29.213046] Memory state around the buggy address: [ 29.213388] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.213437] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.213479] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 29.213515] ^ [ 29.213961] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.214100] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.214140] ================================================================== [ 29.215609] ================================================================== [ 29.215721] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 29.215774] Write of size 1 at addr fff00000c9b020f0 by task kunit_try_catch/192 [ 29.215822] [ 29.215852] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.215983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.216037] Hardware name: linux,dummy-virt (DT) [ 29.216087] Call trace: [ 29.216109] show_stack+0x20/0x38 (C) [ 29.216172] dump_stack_lvl+0x8c/0xd0 [ 29.216230] print_report+0x118/0x5d0 [ 29.216275] kasan_report+0xdc/0x128 [ 29.216328] __asan_report_store1_noabort+0x20/0x30 [ 29.216519] krealloc_more_oob_helper+0x5c0/0x678 [ 29.216615] krealloc_large_more_oob+0x20/0x38 [ 29.216666] kunit_try_run_case+0x170/0x3f0 [ 29.216716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.216770] kthread+0x328/0x630 [ 29.216812] ret_from_fork+0x10/0x20 [ 29.216860] [ 29.216886] The buggy address belongs to the physical page: [ 29.217026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00 [ 29.217102] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.217148] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.217198] page_type: f8(unknown) [ 29.217313] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.217362] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.217411] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.217458] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.217505] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff [ 29.217628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.217779] page dumped because: kasan: bad access detected [ 29.217809] [ 29.217826] Memory state around the buggy address: [ 29.217855] fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.217896] fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.217971] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 29.218007] ^ [ 29.218045] fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.218094] fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.218130] ================================================================== [ 29.134822] ================================================================== [ 29.134869] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 29.134919] Write of size 1 at addr fff00000c97e26f0 by task kunit_try_catch/188 [ 29.135206] [ 29.135423] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.135912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.135962] Hardware name: linux,dummy-virt (DT) [ 29.136030] Call trace: [ 29.136146] show_stack+0x20/0x38 (C) [ 29.136285] dump_stack_lvl+0x8c/0xd0 [ 29.136381] print_report+0x118/0x5d0 [ 29.136425] kasan_report+0xdc/0x128 [ 29.136523] __asan_report_store1_noabort+0x20/0x30 [ 29.136571] krealloc_more_oob_helper+0x5c0/0x678 [ 29.136640] krealloc_more_oob+0x20/0x38 [ 29.136854] kunit_try_run_case+0x170/0x3f0 [ 29.136904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.137071] kthread+0x328/0x630 [ 29.137119] ret_from_fork+0x10/0x20 [ 29.137219] [ 29.137313] Allocated by task 188: [ 29.137381] kasan_save_stack+0x3c/0x68 [ 29.137468] kasan_save_track+0x20/0x40 [ 29.137506] kasan_save_alloc_info+0x40/0x58 [ 29.137542] __kasan_krealloc+0x118/0x178 [ 29.137579] krealloc_noprof+0x128/0x360 [ 29.137643] krealloc_more_oob_helper+0x168/0x678 [ 29.137802] krealloc_more_oob+0x20/0x38 [ 29.137838] kunit_try_run_case+0x170/0x3f0 [ 29.137876] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.137918] kthread+0x328/0x630 [ 29.137949] ret_from_fork+0x10/0x20 [ 29.137983] [ 29.138002] The buggy address belongs to the object at fff00000c97e2600 [ 29.138002] which belongs to the cache kmalloc-256 of size 256 [ 29.138067] The buggy address is located 5 bytes to the right of [ 29.138067] allocated 235-byte region [fff00000c97e2600, fff00000c97e26eb) [ 29.138128] [ 29.138147] The buggy address belongs to the physical page: [ 29.138178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2 [ 29.138227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.138317] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.138498] page_type: f5(slab) [ 29.138803] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.138958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.139307] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 29.139811] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.140003] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff [ 29.140067] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.140107] page dumped because: kasan: bad access detected [ 29.140137] [ 29.140155] Memory state around the buggy address: [ 29.140185] fff00000c97e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.140225] fff00000c97e2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.140265] >fff00000c97e2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 29.140301] ^ [ 29.140517] fff00000c97e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.140622] fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.140691] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 29.114647] ================================================================== [ 29.114924] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 29.115453] Read of size 1 at addr fff00000c9b40000 by task kunit_try_catch/186 [ 29.115685] [ 29.115719] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.115939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.115965] Hardware name: linux,dummy-virt (DT) [ 29.116116] Call trace: [ 29.116142] show_stack+0x20/0x38 (C) [ 29.116195] dump_stack_lvl+0x8c/0xd0 [ 29.116598] print_report+0x118/0x5d0 [ 29.116683] kasan_report+0xdc/0x128 [ 29.116726] __asan_report_load1_noabort+0x20/0x30 [ 29.116774] page_alloc_uaf+0x328/0x350 [ 29.116821] kunit_try_run_case+0x170/0x3f0 [ 29.117117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.117407] kthread+0x328/0x630 [ 29.117463] ret_from_fork+0x10/0x20 [ 29.117589] [ 29.117615] The buggy address belongs to the physical page: [ 29.117693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b40 [ 29.117778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.117870] page_type: f0(buddy) [ 29.118258] raw: 0bfffe0000000000 fff00000ff6161b0 fff00000ff6161b0 0000000000000000 [ 29.118340] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 29.118379] page dumped because: kasan: bad access detected [ 29.118409] [ 29.118428] Memory state around the buggy address: [ 29.118459] fff00000c9b3ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.118869] fff00000c9b3ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.118913] >fff00000c9b40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.118949] ^ [ 29.118977] fff00000c9b40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.119480] fff00000c9b40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.119529] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 29.092938] ================================================================== [ 29.093022] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 29.093240] Free of addr fff00000c9afc001 by task kunit_try_catch/182 [ 29.093592] [ 29.093772] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.094050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.094332] Hardware name: linux,dummy-virt (DT) [ 29.094370] Call trace: [ 29.094546] show_stack+0x20/0x38 (C) [ 29.094776] dump_stack_lvl+0x8c/0xd0 [ 29.094831] print_report+0x118/0x5d0 [ 29.094881] kasan_report_invalid_free+0xc0/0xe8 [ 29.095032] __kasan_kfree_large+0x5c/0xa8 [ 29.095158] free_large_kmalloc+0x68/0x150 [ 29.095204] kfree+0x270/0x3c8 [ 29.095246] kmalloc_large_invalid_free+0x108/0x270 [ 29.095294] kunit_try_run_case+0x170/0x3f0 [ 29.095343] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.095394] kthread+0x328/0x630 [ 29.095435] ret_from_fork+0x10/0x20 [ 29.095482] [ 29.095508] The buggy address belongs to the physical page: [ 29.095668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109afc [ 29.095720] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.095787] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.095836] page_type: f8(unknown) [ 29.096173] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.096376] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.096425] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.096472] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.096519] head: 0bfffe0000000002 ffffc1ffc326bf01 00000000ffffffff 00000000ffffffff [ 29.096751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.096793] page dumped because: kasan: bad access detected [ 29.097259] [ 29.097326] Memory state around the buggy address: [ 29.097411] fff00000c9afbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.097522] fff00000c9afbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.097608] >fff00000c9afc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.097645] ^ [ 29.097672] fff00000c9afc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.098074] fff00000c9afc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.098220] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 29.079238] ================================================================== [ 29.079606] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 29.079788] Read of size 1 at addr fff00000c9afc000 by task kunit_try_catch/180 [ 29.079838] [ 29.079869] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.079951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.079977] Hardware name: linux,dummy-virt (DT) [ 29.080657] Call trace: [ 29.080812] show_stack+0x20/0x38 (C) [ 29.080868] dump_stack_lvl+0x8c/0xd0 [ 29.080915] print_report+0x118/0x5d0 [ 29.081253] kasan_report+0xdc/0x128 [ 29.081484] __asan_report_load1_noabort+0x20/0x30 [ 29.081539] kmalloc_large_uaf+0x2cc/0x2f8 [ 29.081886] kunit_try_run_case+0x170/0x3f0 [ 29.082180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.082296] kthread+0x328/0x630 [ 29.082345] ret_from_fork+0x10/0x20 [ 29.082549] [ 29.082649] The buggy address belongs to the physical page: [ 29.082684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109afc [ 29.082941] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.083005] raw: 0bfffe0000000000 ffffc1ffc326c008 fff00000da461d00 0000000000000000 [ 29.083063] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.083522] page dumped because: kasan: bad access detected [ 29.083561] [ 29.083599] Memory state around the buggy address: [ 29.083746] fff00000c9afbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.083822] fff00000c9afbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.083864] >fff00000c9afc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.083900] ^ [ 29.083934] fff00000c9afc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.083974] fff00000c9afc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.084009] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 29.063509] ================================================================== [ 29.063576] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 29.063703] Write of size 1 at addr fff00000c9afa00a by task kunit_try_catch/178 [ 29.063823] [ 29.063856] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.064749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.064785] Hardware name: linux,dummy-virt (DT) [ 29.064869] Call trace: [ 29.064892] show_stack+0x20/0x38 (C) [ 29.065206] dump_stack_lvl+0x8c/0xd0 [ 29.065306] print_report+0x118/0x5d0 [ 29.065368] kasan_report+0xdc/0x128 [ 29.065558] __asan_report_store1_noabort+0x20/0x30 [ 29.065652] kmalloc_large_oob_right+0x278/0x2b8 [ 29.065805] kunit_try_run_case+0x170/0x3f0 [ 29.065855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.066091] kthread+0x328/0x630 [ 29.066148] ret_from_fork+0x10/0x20 [ 29.066448] [ 29.066544] The buggy address belongs to the physical page: [ 29.066577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109af8 [ 29.066627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.066682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.066824] page_type: f8(unknown) [ 29.067116] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.067475] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.067592] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.067700] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 29.067971] head: 0bfffe0000000002 ffffc1ffc326be01 00000000ffffffff 00000000ffffffff [ 29.068215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 29.068257] page dumped because: kasan: bad access detected [ 29.068340] [ 29.068413] Memory state around the buggy address: [ 29.068486] fff00000c9af9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.068527] fff00000c9af9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.068588] >fff00000c9afa000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.068627] ^ [ 29.068656] fff00000c9afa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.068695] fff00000c9afa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.068731] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 29.051509] ================================================================== [ 29.051587] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 29.051678] Write of size 1 at addr fff00000c667df00 by task kunit_try_catch/176 [ 29.051818] [ 29.051859] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.052123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.052233] Hardware name: linux,dummy-virt (DT) [ 29.052322] Call trace: [ 29.052345] show_stack+0x20/0x38 (C) [ 29.052396] dump_stack_lvl+0x8c/0xd0 [ 29.052462] print_report+0x118/0x5d0 [ 29.052717] kasan_report+0xdc/0x128 [ 29.052812] __asan_report_store1_noabort+0x20/0x30 [ 29.052940] kmalloc_big_oob_right+0x2a4/0x2f0 [ 29.053063] kunit_try_run_case+0x170/0x3f0 [ 29.053184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.053279] kthread+0x328/0x630 [ 29.053586] ret_from_fork+0x10/0x20 [ 29.053778] [ 29.053874] Allocated by task 176: [ 29.053930] kasan_save_stack+0x3c/0x68 [ 29.053995] kasan_save_track+0x20/0x40 [ 29.054033] kasan_save_alloc_info+0x40/0x58 [ 29.054382] __kasan_kmalloc+0xd4/0xd8 [ 29.054495] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.054654] kmalloc_big_oob_right+0xb8/0x2f0 [ 29.054753] kunit_try_run_case+0x170/0x3f0 [ 29.054890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.054951] kthread+0x328/0x630 [ 29.054983] ret_from_fork+0x10/0x20 [ 29.055258] [ 29.055384] The buggy address belongs to the object at fff00000c667c000 [ 29.055384] which belongs to the cache kmalloc-8k of size 8192 [ 29.055510] The buggy address is located 0 bytes to the right of [ 29.055510] allocated 7936-byte region [fff00000c667c000, fff00000c667df00) [ 29.055572] [ 29.055591] The buggy address belongs to the physical page: [ 29.055646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106678 [ 29.055697] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.055861] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.056003] page_type: f5(slab) [ 29.056128] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 29.056230] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 29.056298] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 29.056375] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 29.056423] head: 0bfffe0000000003 ffffc1ffc3199e01 00000000ffffffff 00000000ffffffff [ 29.056668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 29.056758] page dumped because: kasan: bad access detected [ 29.056789] [ 29.056807] Memory state around the buggy address: [ 29.056929] fff00000c667de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.057158] fff00000c667de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.057392] >fff00000c667df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057433] ^ [ 29.057683] fff00000c667df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057809] fff00000c667e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057941] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 29.036971] ================================================================== [ 29.037026] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.037098] Write of size 1 at addr fff00000c57d4b78 by task kunit_try_catch/174 [ 29.037169] [ 29.037199] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.037417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.037445] Hardware name: linux,dummy-virt (DT) [ 29.037505] Call trace: [ 29.037585] show_stack+0x20/0x38 (C) [ 29.037789] dump_stack_lvl+0x8c/0xd0 [ 29.037905] print_report+0x118/0x5d0 [ 29.038006] kasan_report+0xdc/0x128 [ 29.038049] __asan_report_store1_noabort+0x20/0x30 [ 29.038145] kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.038255] kunit_try_run_case+0x170/0x3f0 [ 29.038310] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.038391] kthread+0x328/0x630 [ 29.038435] ret_from_fork+0x10/0x20 [ 29.038590] [ 29.038609] Allocated by task 174: [ 29.038637] kasan_save_stack+0x3c/0x68 [ 29.038820] kasan_save_track+0x20/0x40 [ 29.038934] kasan_save_alloc_info+0x40/0x58 [ 29.039011] __kasan_kmalloc+0xd4/0xd8 [ 29.039161] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.039207] kmalloc_track_caller_oob_right+0xa8/0x488 [ 29.039303] kunit_try_run_case+0x170/0x3f0 [ 29.039342] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.039425] kthread+0x328/0x630 [ 29.039504] ret_from_fork+0x10/0x20 [ 29.039539] [ 29.039583] The buggy address belongs to the object at fff00000c57d4b00 [ 29.039583] which belongs to the cache kmalloc-128 of size 128 [ 29.039668] The buggy address is located 0 bytes to the right of [ 29.039668] allocated 120-byte region [fff00000c57d4b00, fff00000c57d4b78) [ 29.039730] [ 29.039766] The buggy address belongs to the physical page: [ 29.040105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.040206] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.040376] page_type: f5(slab) [ 29.040484] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.040576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.040746] page dumped because: kasan: bad access detected [ 29.040828] [ 29.040847] Memory state around the buggy address: [ 29.040877] fff00000c57d4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.040943] fff00000c57d4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.040984] >fff00000c57d4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.041020] ^ [ 29.041069] fff00000c57d4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.041113] fff00000c57d4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.041148] ================================================================== [ 29.042184] ================================================================== [ 29.042238] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 29.042290] Write of size 1 at addr fff00000c57d4c78 by task kunit_try_catch/174 [ 29.042409] [ 29.042440] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.042710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.042746] Hardware name: linux,dummy-virt (DT) [ 29.042776] Call trace: [ 29.042797] show_stack+0x20/0x38 (C) [ 29.042847] dump_stack_lvl+0x8c/0xd0 [ 29.042894] print_report+0x118/0x5d0 [ 29.042937] kasan_report+0xdc/0x128 [ 29.042979] __asan_report_store1_noabort+0x20/0x30 [ 29.043026] kmalloc_track_caller_oob_right+0x418/0x488 [ 29.043088] kunit_try_run_case+0x170/0x3f0 [ 29.043142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.043235] kthread+0x328/0x630 [ 29.043363] ret_from_fork+0x10/0x20 [ 29.043440] [ 29.043459] Allocated by task 174: [ 29.043532] kasan_save_stack+0x3c/0x68 [ 29.043620] kasan_save_track+0x20/0x40 [ 29.043749] kasan_save_alloc_info+0x40/0x58 [ 29.043787] __kasan_kmalloc+0xd4/0xd8 [ 29.043915] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.044048] kmalloc_track_caller_oob_right+0x184/0x488 [ 29.044177] kunit_try_run_case+0x170/0x3f0 [ 29.044285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.044327] kthread+0x328/0x630 [ 29.044474] ret_from_fork+0x10/0x20 [ 29.044519] [ 29.044538] The buggy address belongs to the object at fff00000c57d4c00 [ 29.044538] which belongs to the cache kmalloc-128 of size 128 [ 29.044593] The buggy address is located 0 bytes to the right of [ 29.044593] allocated 120-byte region [fff00000c57d4c00, fff00000c57d4c78) [ 29.044654] [ 29.044674] The buggy address belongs to the physical page: [ 29.044781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.044944] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.045110] page_type: f5(slab) [ 29.045264] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.045413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.045534] page dumped because: kasan: bad access detected [ 29.045612] [ 29.045690] Memory state around the buggy address: [ 29.045721] fff00000c57d4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.045775] fff00000c57d4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.045948] >fff00000c57d4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.046132] ^ [ 29.046494] fff00000c57d4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.046590] fff00000c57d4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.046674] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 29.025535] ================================================================== [ 29.025596] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 29.025748] Read of size 1 at addr fff00000c9a0b000 by task kunit_try_catch/172 [ 29.025799] [ 29.025877] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.025969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.025995] Hardware name: linux,dummy-virt (DT) [ 29.026252] Call trace: [ 29.026286] show_stack+0x20/0x38 (C) [ 29.026339] dump_stack_lvl+0x8c/0xd0 [ 29.026457] print_report+0x118/0x5d0 [ 29.026502] kasan_report+0xdc/0x128 [ 29.026564] __asan_report_load1_noabort+0x20/0x30 [ 29.026618] kmalloc_node_oob_right+0x2f4/0x330 [ 29.026673] kunit_try_run_case+0x170/0x3f0 [ 29.026788] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.026842] kthread+0x328/0x630 [ 29.026929] ret_from_fork+0x10/0x20 [ 29.026978] [ 29.026996] Allocated by task 172: [ 29.027023] kasan_save_stack+0x3c/0x68 [ 29.027105] kasan_save_track+0x20/0x40 [ 29.027306] kasan_save_alloc_info+0x40/0x58 [ 29.027391] __kasan_kmalloc+0xd4/0xd8 [ 29.027429] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 29.027488] kmalloc_node_oob_right+0xbc/0x330 [ 29.027544] kunit_try_run_case+0x170/0x3f0 [ 29.027600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.027674] kthread+0x328/0x630 [ 29.027706] ret_from_fork+0x10/0x20 [ 29.027767] [ 29.027896] The buggy address belongs to the object at fff00000c9a0a000 [ 29.027896] which belongs to the cache kmalloc-4k of size 4096 [ 29.028094] The buggy address is located 0 bytes to the right of [ 29.028094] allocated 4096-byte region [fff00000c9a0a000, fff00000c9a0b000) [ 29.028241] [ 29.028337] The buggy address belongs to the physical page: [ 29.028677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a08 [ 29.028992] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.029042] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.029264] page_type: f5(slab) [ 29.029309] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 29.029358] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 29.029507] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122 [ 29.029623] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 29.029922] head: 0bfffe0000000003 ffffc1ffc3268201 00000000ffffffff 00000000ffffffff [ 29.030116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 29.030287] page dumped because: kasan: bad access detected [ 29.030468] [ 29.030550] Memory state around the buggy address: [ 29.030583] fff00000c9a0af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.031072] fff00000c9a0af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.031256] >fff00000c9a0b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.031483] ^ [ 29.031577] fff00000c9a0b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.031618] fff00000c9a0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.031987] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 29.013862] ================================================================== [ 29.013918] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 29.013969] Read of size 1 at addr fff00000c592c85f by task kunit_try_catch/170 [ 29.014017] [ 29.014047] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.014296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.014323] Hardware name: linux,dummy-virt (DT) [ 29.014606] Call trace: [ 29.014638] show_stack+0x20/0x38 (C) [ 29.014691] dump_stack_lvl+0x8c/0xd0 [ 29.014849] print_report+0x118/0x5d0 [ 29.014949] kasan_report+0xdc/0x128 [ 29.015029] __asan_report_load1_noabort+0x20/0x30 [ 29.015108] kmalloc_oob_left+0x2ec/0x320 [ 29.015163] kunit_try_run_case+0x170/0x3f0 [ 29.015249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.015302] kthread+0x328/0x630 [ 29.015344] ret_from_fork+0x10/0x20 [ 29.015390] [ 29.015876] Allocated by task 11: [ 29.015920] kasan_save_stack+0x3c/0x68 [ 29.015964] kasan_save_track+0x20/0x40 [ 29.016002] kasan_save_alloc_info+0x40/0x58 [ 29.016037] __kasan_kmalloc+0xd4/0xd8 [ 29.016140] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.016189] kvasprintf+0xe0/0x180 [ 29.016222] __kthread_create_on_node+0x16c/0x350 [ 29.016260] kthread_create_on_node+0xe4/0x130 [ 29.016296] create_worker+0x380/0x6b8 [ 29.016448] worker_thread+0x808/0xf38 [ 29.016635] kthread+0x328/0x630 [ 29.016842] ret_from_fork+0x10/0x20 [ 29.016921] [ 29.017064] The buggy address belongs to the object at fff00000c592c840 [ 29.017064] which belongs to the cache kmalloc-16 of size 16 [ 29.017178] The buggy address is located 19 bytes to the right of [ 29.017178] allocated 12-byte region [fff00000c592c840, fff00000c592c84c) [ 29.017499] [ 29.017752] The buggy address belongs to the physical page: [ 29.017830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 29.018128] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.018439] page_type: f5(slab) [ 29.018650] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.018780] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.018820] page dumped because: kasan: bad access detected [ 29.018986] [ 29.019355] Memory state around the buggy address: [ 29.019496] fff00000c592c700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.019538] fff00000c592c780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.019767] >fff00000c592c800: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc [ 29.019991] ^ [ 29.020035] fff00000c592c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.020183] fff00000c592c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.020220] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 29.004387] ================================================================== [ 29.004431] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 29.004479] Read of size 1 at addr fff00000c57d4a80 by task kunit_try_catch/168 [ 29.004526] [ 29.004554] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 29.004634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.004660] Hardware name: linux,dummy-virt (DT) [ 29.004688] Call trace: [ 29.004916] show_stack+0x20/0x38 (C) [ 29.004983] dump_stack_lvl+0x8c/0xd0 [ 29.005030] print_report+0x118/0x5d0 [ 29.005227] kasan_report+0xdc/0x128 [ 29.005272] __asan_report_load1_noabort+0x20/0x30 [ 29.005404] kmalloc_oob_right+0x5d0/0x660 [ 29.005479] kunit_try_run_case+0x170/0x3f0 [ 29.005540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.005594] kthread+0x328/0x630 [ 29.005635] ret_from_fork+0x10/0x20 [ 29.005900] [ 29.005927] Allocated by task 168: [ 29.005958] kasan_save_stack+0x3c/0x68 [ 29.006091] kasan_save_track+0x20/0x40 [ 29.006189] kasan_save_alloc_info+0x40/0x58 [ 29.006227] __kasan_kmalloc+0xd4/0xd8 [ 29.006263] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.006462] kmalloc_oob_right+0xb0/0x660 [ 29.006515] kunit_try_run_case+0x170/0x3f0 [ 29.006631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.006716] kthread+0x328/0x630 [ 29.006775] ret_from_fork+0x10/0x20 [ 29.006844] [ 29.006864] The buggy address belongs to the object at fff00000c57d4a00 [ 29.006864] which belongs to the cache kmalloc-128 of size 128 [ 29.006969] The buggy address is located 13 bytes to the right of [ 29.006969] allocated 115-byte region [fff00000c57d4a00, fff00000c57d4a73) [ 29.007237] [ 29.007392] The buggy address belongs to the physical page: [ 29.007429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.007484] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.007530] page_type: f5(slab) [ 29.007717] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.007922] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.008077] page dumped because: kasan: bad access detected [ 29.008166] [ 29.008184] Memory state around the buggy address: [ 29.008221] fff00000c57d4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.008262] fff00000c57d4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.008326] >fff00000c57d4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.008363] ^ [ 29.008390] fff00000c57d4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.008473] fff00000c57d4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.008624] ================================================================== [ 28.998544] ================================================================== [ 28.998606] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 28.998655] Write of size 1 at addr fff00000c57d4a78 by task kunit_try_catch/168 [ 28.998894] [ 28.998930] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 28.999296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.999339] Hardware name: linux,dummy-virt (DT) [ 28.999417] Call trace: [ 28.999441] show_stack+0x20/0x38 (C) [ 29.000049] dump_stack_lvl+0x8c/0xd0 [ 29.000165] print_report+0x118/0x5d0 [ 29.000211] kasan_report+0xdc/0x128 [ 29.000254] __asan_report_store1_noabort+0x20/0x30 [ 29.000302] kmalloc_oob_right+0x538/0x660 [ 29.000347] kunit_try_run_case+0x170/0x3f0 [ 29.000528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.000922] kthread+0x328/0x630 [ 29.001068] ret_from_fork+0x10/0x20 [ 29.001122] [ 29.001140] Allocated by task 168: [ 29.001170] kasan_save_stack+0x3c/0x68 [ 29.001338] kasan_save_track+0x20/0x40 [ 29.001376] kasan_save_alloc_info+0x40/0x58 [ 29.001711] __kasan_kmalloc+0xd4/0xd8 [ 29.001758] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.002124] kmalloc_oob_right+0xb0/0x660 [ 29.002259] kunit_try_run_case+0x170/0x3f0 [ 29.002353] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.002431] kthread+0x328/0x630 [ 29.002531] ret_from_fork+0x10/0x20 [ 29.002568] [ 29.002598] The buggy address belongs to the object at fff00000c57d4a00 [ 29.002598] which belongs to the cache kmalloc-128 of size 128 [ 29.002655] The buggy address is located 5 bytes to the right of [ 29.002655] allocated 115-byte region [fff00000c57d4a00, fff00000c57d4a73) [ 29.002721] [ 29.002741] The buggy address belongs to the physical page: [ 29.002769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 29.002839] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.002885] page_type: f5(slab) [ 29.002924] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.002973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.003035] page dumped because: kasan: bad access detected [ 29.003252] [ 29.003343] Memory state around the buggy address: [ 29.003396] fff00000c57d4900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.003463] fff00000c57d4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.003658] >fff00000c57d4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.003727] ^ [ 29.003851] fff00000c57d4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.003957] fff00000c57d4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.004101] ================================================================== [ 28.990882] ================================================================== [ 28.991357] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 28.992264] Write of size 1 at addr fff00000c57d4a73 by task kunit_try_catch/168 [ 28.992371] [ 28.993136] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 28.993283] Tainted: [N]=TEST [ 28.993316] Hardware name: linux,dummy-virt (DT) [ 28.993538] Call trace: [ 28.993715] show_stack+0x20/0x38 (C) [ 28.993854] dump_stack_lvl+0x8c/0xd0 [ 28.993910] print_report+0x118/0x5d0 [ 28.993955] kasan_report+0xdc/0x128 [ 28.993999] __asan_report_store1_noabort+0x20/0x30 [ 28.994048] kmalloc_oob_right+0x5a4/0x660 [ 28.994108] kunit_try_run_case+0x170/0x3f0 [ 28.994160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.994213] kthread+0x328/0x630 [ 28.994257] ret_from_fork+0x10/0x20 [ 28.994409] [ 28.994449] Allocated by task 168: [ 28.994567] kasan_save_stack+0x3c/0x68 [ 28.994633] kasan_save_track+0x20/0x40 [ 28.994672] kasan_save_alloc_info+0x40/0x58 [ 28.994709] __kasan_kmalloc+0xd4/0xd8 [ 28.994746] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.994788] kmalloc_oob_right+0xb0/0x660 [ 28.994826] kunit_try_run_case+0x170/0x3f0 [ 28.994864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.994908] kthread+0x328/0x630 [ 28.994939] ret_from_fork+0x10/0x20 [ 28.994992] [ 28.995064] The buggy address belongs to the object at fff00000c57d4a00 [ 28.995064] which belongs to the cache kmalloc-128 of size 128 [ 28.995157] The buggy address is located 0 bytes to the right of [ 28.995157] allocated 115-byte region [fff00000c57d4a00, fff00000c57d4a73) [ 28.995224] [ 28.995302] The buggy address belongs to the physical page: [ 28.995474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d4 [ 28.995820] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.996133] page_type: f5(slab) [ 28.996429] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 28.996491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.996597] page dumped because: kasan: bad access detected [ 28.996637] [ 28.996663] Memory state around the buggy address: [ 28.996880] fff00000c57d4900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.996944] fff00000c57d4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.996997] >fff00000c57d4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.997049] ^ [ 28.997147] fff00000c57d4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.997189] fff00000c57d4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.997251] ==================================================================
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 109.008506] WARNING: lib/math/int_log.c:120 at intlog10+0x38/0x48, CPU#1: kunit_try_catch/690 [ 109.010495] Modules linked in: [ 109.010944] CPU: 1 UID: 0 PID: 690 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 109.011611] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 109.012351] Hardware name: linux,dummy-virt (DT) [ 109.012835] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 109.013401] pc : intlog10+0x38/0x48 [ 109.013588] lr : intlog10_test+0xe4/0x200 [ 109.013776] sp : ffff8000823b7c10 [ 109.013929] x29: ffff8000823b7c90 x28: 0000000000000000 x27: 0000000000000000 [ 109.014691] x26: 1ffe0000182dc9a1 x25: 0000000000000000 x24: ffff8000823b7ce0 [ 109.015431] x23: ffff8000823b7d00 x22: 0000000000000000 x21: 1ffff00010476f82 [ 109.016243] x20: ffff9ae32200f0a0 x19: ffff800080087990 x18: 00000000cb2daa84 [ 109.017001] x17: 00000000dfc54fe7 x16: fff00000c92ecc3c x15: 000000002fa0d427 [ 109.017763] x14: 00000000bb2fbbdc x13: 1ffe00001b48bbdd x12: ffff735c64bd8f89 [ 109.018514] x11: 1ffff35c64bd8f88 x10: ffff735c64bd8f88 x9 : ffff9ae31f646624 [ 109.019118] x8 : ffff9ae325ec7c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 109.019457] x5 : ffff700010476f82 x4 : 1ffff00010010f3b x3 : 1ffff35c64401e14 [ 109.019924] x2 : 1ffff35c64401e14 x1 : 0000000000000003 x0 : 0000000000000000 [ 109.020294] Call trace: [ 109.020434] intlog10+0x38/0x48 (P) [ 109.020626] kunit_try_run_case+0x170/0x3f0 [ 109.020829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 109.021073] kthread+0x328/0x630 [ 109.021254] ret_from_fork+0x10/0x20 [ 109.021492] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 108.953813] WARNING: lib/math/int_log.c:63 at intlog2+0xd8/0xf8, CPU#1: kunit_try_catch/672 [ 108.957967] Modules linked in: [ 108.958509] CPU: 1 UID: 0 PID: 672 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 108.959786] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 108.960435] Hardware name: linux,dummy-virt (DT) [ 108.961043] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 108.961882] pc : intlog2+0xd8/0xf8 [ 108.962393] lr : intlog2_test+0xe4/0x200 [ 108.962967] sp : ffff8000823b7c10 [ 108.963433] x29: ffff8000823b7c90 x28: 0000000000000000 x27: 0000000000000000 [ 108.964483] x26: 1ffe0000182dc801 x25: 0000000000000000 x24: ffff8000823b7ce0 [ 108.965454] x23: ffff8000823b7d00 x22: 0000000000000000 x21: 1ffff00010476f82 [ 108.966377] x20: ffff9ae32200efa0 x19: ffff800080087990 x18: 000000001c8fb24e [ 108.967306] x17: 00000000344888c3 x16: fff00000c92ecc3c x15: 000000006c6417c0 [ 108.968419] x14: 00000000f1f1f1f1 x13: 1ffe00001b48bbdd x12: ffff735c64bd8f89 [ 108.968989] x11: 1ffff35c64bd8f88 x10: ffff735c64bd8f88 x9 : ffff9ae31f646824 [ 108.969370] x8 : ffff9ae325ec7c43 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 108.969712] x5 : ffff700010476f82 x4 : 1ffff00010010f3b x3 : 1ffff35c64401df4 [ 108.970293] x2 : 1ffff35c64401df4 x1 : 0000000000000003 x0 : 0000000000000000 [ 108.971207] Call trace: [ 108.971719] intlog2+0xd8/0xf8 (P) [ 108.972337] kunit_try_run_case+0x170/0x3f0 [ 108.972972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 108.973758] kthread+0x328/0x630 [ 108.974301] ret_from_fork+0x10/0x20 [ 108.974883] ---[ end trace 0000000000000000 ]---