Date
June 16, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.010499] ================================================================== [ 23.010577] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 23.010657] Read of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 23.010718] [ 23.010765] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.010901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.010938] Hardware name: linux,dummy-virt (DT) [ 23.010979] Call trace: [ 23.011156] show_stack+0x20/0x38 (C) [ 23.011249] dump_stack_lvl+0x8c/0xd0 [ 23.011307] print_report+0x118/0x608 [ 23.011361] kasan_report+0xdc/0x128 [ 23.011415] kasan_check_range+0x100/0x1a8 [ 23.011500] __kasan_check_read+0x20/0x30 [ 23.011574] copy_user_test_oob+0x728/0xec8 [ 23.011631] kunit_try_run_case+0x170/0x3f0 [ 23.011690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.011805] kthread+0x328/0x630 [ 23.011932] ret_from_fork+0x10/0x20 [ 23.011997] [ 23.012022] Allocated by task 294: [ 23.012061] kasan_save_stack+0x3c/0x68 [ 23.012111] kasan_save_track+0x20/0x40 [ 23.012159] kasan_save_alloc_info+0x40/0x58 [ 23.012201] __kasan_kmalloc+0xd4/0xd8 [ 23.012246] __kmalloc_noprof+0x198/0x4c8 [ 23.012290] kunit_kmalloc_array+0x34/0x88 [ 23.012335] copy_user_test_oob+0xac/0xec8 [ 23.012379] kunit_try_run_case+0x170/0x3f0 [ 23.012423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.012475] kthread+0x328/0x630 [ 23.012515] ret_from_fork+0x10/0x20 [ 23.012559] [ 23.012584] The buggy address belongs to the object at fff00000c6587700 [ 23.012584] which belongs to the cache kmalloc-128 of size 128 [ 23.012653] The buggy address is located 0 bytes inside of [ 23.012653] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.012724] [ 23.012753] The buggy address belongs to the physical page: [ 23.012794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.012870] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.012959] page_type: f5(slab) [ 23.013009] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.013112] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.013172] page dumped because: kasan: bad access detected [ 23.013218] [ 23.013245] Memory state around the buggy address: [ 23.013306] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.013365] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.013422] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.013472] ^ [ 23.013522] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.013576] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.013641] ================================================================== [ 22.999532] ================================================================== [ 22.999649] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 22.999754] Write of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 22.999822] [ 23.000225] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.000534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.000573] Hardware name: linux,dummy-virt (DT) [ 23.000980] Call trace: [ 23.001103] show_stack+0x20/0x38 (C) [ 23.001312] dump_stack_lvl+0x8c/0xd0 [ 23.001405] print_report+0x118/0x608 [ 23.001557] kasan_report+0xdc/0x128 [ 23.001633] kasan_check_range+0x100/0x1a8 [ 23.001695] __kasan_check_write+0x20/0x30 [ 23.001814] copy_user_test_oob+0x234/0xec8 [ 23.001887] kunit_try_run_case+0x170/0x3f0 [ 23.001954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.002020] kthread+0x328/0x630 [ 23.002074] ret_from_fork+0x10/0x20 [ 23.002142] [ 23.002170] Allocated by task 294: [ 23.002209] kasan_save_stack+0x3c/0x68 [ 23.002278] kasan_save_track+0x20/0x40 [ 23.002328] kasan_save_alloc_info+0x40/0x58 [ 23.002557] __kasan_kmalloc+0xd4/0xd8 [ 23.002642] __kmalloc_noprof+0x198/0x4c8 [ 23.002693] kunit_kmalloc_array+0x34/0x88 [ 23.002740] copy_user_test_oob+0xac/0xec8 [ 23.002788] kunit_try_run_case+0x170/0x3f0 [ 23.002849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.002906] kthread+0x328/0x630 [ 23.003167] ret_from_fork+0x10/0x20 [ 23.003297] [ 23.003334] The buggy address belongs to the object at fff00000c6587700 [ 23.003334] which belongs to the cache kmalloc-128 of size 128 [ 23.003449] The buggy address is located 0 bytes inside of [ 23.003449] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.003523] [ 23.003553] The buggy address belongs to the physical page: [ 23.003597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.003668] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.003731] page_type: f5(slab) [ 23.003787] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.003863] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.003915] page dumped because: kasan: bad access detected [ 23.003954] [ 23.003980] Memory state around the buggy address: [ 23.004034] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.004089] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.004316] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.004485] ^ [ 23.004638] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.004701] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.004778] ================================================================== [ 23.031851] ================================================================== [ 23.031906] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 23.031965] Write of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 23.032023] [ 23.032064] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.032163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.032197] Hardware name: linux,dummy-virt (DT) [ 23.032238] Call trace: [ 23.032267] show_stack+0x20/0x38 (C) [ 23.032325] dump_stack_lvl+0x8c/0xd0 [ 23.032376] print_report+0x118/0x608 [ 23.032429] kasan_report+0xdc/0x128 [ 23.032481] kasan_check_range+0x100/0x1a8 [ 23.033050] __kasan_check_write+0x20/0x30 [ 23.033136] copy_user_test_oob+0x434/0xec8 [ 23.033544] kunit_try_run_case+0x170/0x3f0 [ 23.033623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.033886] kthread+0x328/0x630 [ 23.033989] ret_from_fork+0x10/0x20 [ 23.034057] [ 23.034188] Allocated by task 294: [ 23.034307] kasan_save_stack+0x3c/0x68 [ 23.034368] kasan_save_track+0x20/0x40 [ 23.034417] kasan_save_alloc_info+0x40/0x58 [ 23.034465] __kasan_kmalloc+0xd4/0xd8 [ 23.034514] __kmalloc_noprof+0x198/0x4c8 [ 23.034692] kunit_kmalloc_array+0x34/0x88 [ 23.034749] copy_user_test_oob+0xac/0xec8 [ 23.034822] kunit_try_run_case+0x170/0x3f0 [ 23.034938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.035059] kthread+0x328/0x630 [ 23.035153] ret_from_fork+0x10/0x20 [ 23.035212] [ 23.035503] The buggy address belongs to the object at fff00000c6587700 [ 23.035503] which belongs to the cache kmalloc-128 of size 128 [ 23.035587] The buggy address is located 0 bytes inside of [ 23.035587] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.035667] [ 23.035695] The buggy address belongs to the physical page: [ 23.035736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.035796] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.035867] page_type: f5(slab) [ 23.035917] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.035979] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.036039] page dumped because: kasan: bad access detected [ 23.036120] [ 23.036167] Memory state around the buggy address: [ 23.036366] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.036477] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.036697] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.037227] ^ [ 23.037302] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.037359] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.037405] ================================================================== [ 23.019962] ================================================================== [ 23.020148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 23.020416] Write of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 23.020588] [ 23.020770] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.021023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.021065] Hardware name: linux,dummy-virt (DT) [ 23.021247] Call trace: [ 23.021285] show_stack+0x20/0x38 (C) [ 23.021406] dump_stack_lvl+0x8c/0xd0 [ 23.021479] print_report+0x118/0x608 [ 23.021600] kasan_report+0xdc/0x128 [ 23.021667] kasan_check_range+0x100/0x1a8 [ 23.021862] __kasan_check_write+0x20/0x30 [ 23.021925] copy_user_test_oob+0x35c/0xec8 [ 23.022003] kunit_try_run_case+0x170/0x3f0 [ 23.022243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.022447] kthread+0x328/0x630 [ 23.022530] ret_from_fork+0x10/0x20 [ 23.022593] [ 23.022625] Allocated by task 294: [ 23.022880] kasan_save_stack+0x3c/0x68 [ 23.022981] kasan_save_track+0x20/0x40 [ 23.023156] kasan_save_alloc_info+0x40/0x58 [ 23.023210] __kasan_kmalloc+0xd4/0xd8 [ 23.023416] __kmalloc_noprof+0x198/0x4c8 [ 23.023525] kunit_kmalloc_array+0x34/0x88 [ 23.023651] copy_user_test_oob+0xac/0xec8 [ 23.023710] kunit_try_run_case+0x170/0x3f0 [ 23.023759] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.023815] kthread+0x328/0x630 [ 23.023866] ret_from_fork+0x10/0x20 [ 23.024265] [ 23.024301] The buggy address belongs to the object at fff00000c6587700 [ 23.024301] which belongs to the cache kmalloc-128 of size 128 [ 23.024534] The buggy address is located 0 bytes inside of [ 23.024534] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.024701] [ 23.025067] The buggy address belongs to the physical page: [ 23.025133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.025370] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.025510] page_type: f5(slab) [ 23.025582] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.025788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.025911] page dumped because: kasan: bad access detected [ 23.026017] [ 23.026112] Memory state around the buggy address: [ 23.026280] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.026375] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.026433] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.026481] ^ [ 23.026537] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.026592] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.026643] ================================================================== [ 23.038976] ================================================================== [ 23.039053] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 23.039122] Read of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 23.039185] [ 23.039229] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.039334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.039368] Hardware name: linux,dummy-virt (DT) [ 23.039409] Call trace: [ 23.039439] show_stack+0x20/0x38 (C) [ 23.039499] dump_stack_lvl+0x8c/0xd0 [ 23.039882] print_report+0x118/0x608 [ 23.039961] kasan_report+0xdc/0x128 [ 23.040160] kasan_check_range+0x100/0x1a8 [ 23.040223] __kasan_check_read+0x20/0x30 [ 23.040511] copy_user_test_oob+0x4a0/0xec8 [ 23.040739] kunit_try_run_case+0x170/0x3f0 [ 23.040996] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.041110] kthread+0x328/0x630 [ 23.041313] ret_from_fork+0x10/0x20 [ 23.041474] [ 23.041511] Allocated by task 294: [ 23.041568] kasan_save_stack+0x3c/0x68 [ 23.041702] kasan_save_track+0x20/0x40 [ 23.041752] kasan_save_alloc_info+0x40/0x58 [ 23.041872] __kasan_kmalloc+0xd4/0xd8 [ 23.042236] __kmalloc_noprof+0x198/0x4c8 [ 23.042310] kunit_kmalloc_array+0x34/0x88 [ 23.042566] copy_user_test_oob+0xac/0xec8 [ 23.042669] kunit_try_run_case+0x170/0x3f0 [ 23.042820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.042897] kthread+0x328/0x630 [ 23.042941] ret_from_fork+0x10/0x20 [ 23.042988] [ 23.043259] The buggy address belongs to the object at fff00000c6587700 [ 23.043259] which belongs to the cache kmalloc-128 of size 128 [ 23.043699] The buggy address is located 0 bytes inside of [ 23.043699] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.043879] [ 23.043913] The buggy address belongs to the physical page: [ 23.043955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.044115] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.044230] page_type: f5(slab) [ 23.044304] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.044364] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.044414] page dumped because: kasan: bad access detected [ 23.044595] [ 23.044634] Memory state around the buggy address: [ 23.044865] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.045008] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.045066] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.045115] ^ [ 23.045276] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.045496] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.045548] ================================================================== [ 23.027250] ================================================================== [ 23.027323] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 23.027395] Read of size 121 at addr fff00000c6587700 by task kunit_try_catch/294 [ 23.027461] [ 23.027505] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 23.027611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.027647] Hardware name: linux,dummy-virt (DT) [ 23.027685] Call trace: [ 23.027717] show_stack+0x20/0x38 (C) [ 23.027775] dump_stack_lvl+0x8c/0xd0 [ 23.027829] print_report+0x118/0x608 [ 23.028593] kasan_report+0xdc/0x128 [ 23.028802] kasan_check_range+0x100/0x1a8 [ 23.028888] __kasan_check_read+0x20/0x30 [ 23.029019] copy_user_test_oob+0x3c8/0xec8 [ 23.029088] kunit_try_run_case+0x170/0x3f0 [ 23.029156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.029218] kthread+0x328/0x630 [ 23.029269] ret_from_fork+0x10/0x20 [ 23.029584] [ 23.029631] Allocated by task 294: [ 23.029711] kasan_save_stack+0x3c/0x68 [ 23.029778] kasan_save_track+0x20/0x40 [ 23.029852] kasan_save_alloc_info+0x40/0x58 [ 23.029909] __kasan_kmalloc+0xd4/0xd8 [ 23.029956] __kmalloc_noprof+0x198/0x4c8 [ 23.030020] kunit_kmalloc_array+0x34/0x88 [ 23.030109] copy_user_test_oob+0xac/0xec8 [ 23.030197] kunit_try_run_case+0x170/0x3f0 [ 23.030288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.030345] kthread+0x328/0x630 [ 23.030389] ret_from_fork+0x10/0x20 [ 23.030439] [ 23.030469] The buggy address belongs to the object at fff00000c6587700 [ 23.030469] which belongs to the cache kmalloc-128 of size 128 [ 23.030553] The buggy address is located 0 bytes inside of [ 23.030553] allocated 120-byte region [fff00000c6587700, fff00000c6587778) [ 23.030692] [ 23.030749] The buggy address belongs to the physical page: [ 23.030847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106587 [ 23.030916] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.030978] page_type: f5(slab) [ 23.031033] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.031096] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.031148] page dumped because: kasan: bad access detected [ 23.031187] [ 23.031213] Memory state around the buggy address: [ 23.031254] fff00000c6587600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.031313] fff00000c6587680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.031369] >fff00000c6587700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.031419] ^ [ 23.031470] fff00000c6587780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.031518] fff00000c6587800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.031565] ==================================================================
[ 15.576169] ================================================================== [ 15.576888] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.577549] Read of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.578223] [ 15.578420] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.578487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.578500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.578522] Call Trace: [ 15.578551] <TASK> [ 15.578570] dump_stack_lvl+0x73/0xb0 [ 15.578599] print_report+0xd1/0x650 [ 15.578623] ? __virt_addr_valid+0x1db/0x2d0 [ 15.578648] ? copy_user_test_oob+0x604/0x10f0 [ 15.578672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.578695] ? copy_user_test_oob+0x604/0x10f0 [ 15.578719] kasan_report+0x141/0x180 [ 15.578741] ? copy_user_test_oob+0x604/0x10f0 [ 15.578769] kasan_check_range+0x10c/0x1c0 [ 15.578794] __kasan_check_read+0x15/0x20 [ 15.578815] copy_user_test_oob+0x604/0x10f0 [ 15.578840] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.578863] ? finish_task_switch.isra.0+0x153/0x700 [ 15.578884] ? __switch_to+0x47/0xf50 [ 15.578909] ? __schedule+0x10cc/0x2b60 [ 15.578942] ? __pfx_read_tsc+0x10/0x10 [ 15.578964] ? ktime_get_ts64+0x86/0x230 [ 15.578989] kunit_try_run_case+0x1a5/0x480 [ 15.579014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.579058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.579080] ? __kthread_parkme+0x82/0x180 [ 15.579101] ? preempt_count_sub+0x50/0x80 [ 15.579125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.579173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.579196] kthread+0x337/0x6f0 [ 15.579216] ? trace_preempt_on+0x20/0xc0 [ 15.579242] ? __pfx_kthread+0x10/0x10 [ 15.579263] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.579283] ? calculate_sigpending+0x7b/0xa0 [ 15.579308] ? __pfx_kthread+0x10/0x10 [ 15.579329] ret_from_fork+0x116/0x1d0 [ 15.579348] ? __pfx_kthread+0x10/0x10 [ 15.579369] ret_from_fork_asm+0x1a/0x30 [ 15.579419] </TASK> [ 15.579431] [ 15.591791] Allocated by task 311: [ 15.592078] kasan_save_stack+0x45/0x70 [ 15.592277] kasan_save_track+0x18/0x40 [ 15.592651] kasan_save_alloc_info+0x3b/0x50 [ 15.593012] __kasan_kmalloc+0xb7/0xc0 [ 15.593140] __kmalloc_noprof+0x1c9/0x500 [ 15.593273] kunit_kmalloc_array+0x25/0x60 [ 15.593513] copy_user_test_oob+0xab/0x10f0 [ 15.593917] kunit_try_run_case+0x1a5/0x480 [ 15.594305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.594800] kthread+0x337/0x6f0 [ 15.595114] ret_from_fork+0x116/0x1d0 [ 15.595478] ret_from_fork_asm+0x1a/0x30 [ 15.595743] [ 15.595811] The buggy address belongs to the object at ffff8881028df100 [ 15.595811] which belongs to the cache kmalloc-128 of size 128 [ 15.596173] The buggy address is located 0 bytes inside of [ 15.596173] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.596885] [ 15.597063] The buggy address belongs to the physical page: [ 15.597572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.598262] flags: 0x200000000000000(node=0|zone=2) [ 15.598722] page_type: f5(slab) [ 15.599038] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.599711] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.600205] page dumped because: kasan: bad access detected [ 15.600403] [ 15.600571] Memory state around the buggy address: [ 15.601015] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.601643] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.602126] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.602333] ^ [ 15.602951] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.603587] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.604020] ================================================================== [ 15.512424] ================================================================== [ 15.512692] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.512925] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.513161] [ 15.513244] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.513291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.513327] Call Trace: [ 15.513343] <TASK> [ 15.513361] dump_stack_lvl+0x73/0xb0 [ 15.513390] print_report+0xd1/0x650 [ 15.513413] ? __virt_addr_valid+0x1db/0x2d0 [ 15.513436] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.513482] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513506] kasan_report+0x141/0x180 [ 15.513528] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513556] kasan_check_range+0x10c/0x1c0 [ 15.513580] __kasan_check_write+0x18/0x20 [ 15.513599] copy_user_test_oob+0x3fd/0x10f0 [ 15.513624] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.513647] ? finish_task_switch.isra.0+0x153/0x700 [ 15.513671] ? __switch_to+0x47/0xf50 [ 15.513702] ? __schedule+0x10cc/0x2b60 [ 15.513724] ? __pfx_read_tsc+0x10/0x10 [ 15.513745] ? ktime_get_ts64+0x86/0x230 [ 15.513771] kunit_try_run_case+0x1a5/0x480 [ 15.513794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.513816] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.513839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.513861] ? __kthread_parkme+0x82/0x180 [ 15.513881] ? preempt_count_sub+0x50/0x80 [ 15.513904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.513937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.513959] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.513982] kthread+0x337/0x6f0 [ 15.514002] ? trace_preempt_on+0x20/0xc0 [ 15.514026] ? __pfx_kthread+0x10/0x10 [ 15.514047] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514068] ? calculate_sigpending+0x7b/0xa0 [ 15.514092] ? __pfx_kthread+0x10/0x10 [ 15.514114] ret_from_fork+0x116/0x1d0 [ 15.514132] ? __pfx_kthread+0x10/0x10 [ 15.514152] ret_from_fork_asm+0x1a/0x30 [ 15.514183] </TASK> [ 15.514194] [ 15.522253] Allocated by task 311: [ 15.522623] kasan_save_stack+0x45/0x70 [ 15.522784] kasan_save_track+0x18/0x40 [ 15.522915] kasan_save_alloc_info+0x3b/0x50 [ 15.523072] __kasan_kmalloc+0xb7/0xc0 [ 15.523199] __kmalloc_noprof+0x1c9/0x500 [ 15.523335] kunit_kmalloc_array+0x25/0x60 [ 15.523475] copy_user_test_oob+0xab/0x10f0 [ 15.523614] kunit_try_run_case+0x1a5/0x480 [ 15.523752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.523918] kthread+0x337/0x6f0 [ 15.524053] ret_from_fork+0x116/0x1d0 [ 15.524204] ret_from_fork_asm+0x1a/0x30 [ 15.524337] [ 15.524417] The buggy address belongs to the object at ffff8881028df100 [ 15.524417] which belongs to the cache kmalloc-128 of size 128 [ 15.524769] The buggy address is located 0 bytes inside of [ 15.524769] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.525116] [ 15.525185] The buggy address belongs to the physical page: [ 15.525357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.525698] flags: 0x200000000000000(node=0|zone=2) [ 15.525918] page_type: f5(slab) [ 15.526101] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.526422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.527337] page dumped because: kasan: bad access detected [ 15.527513] [ 15.527584] Memory state around the buggy address: [ 15.528139] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.528473] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.528760] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.529028] ^ [ 15.529267] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529723] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.530021] ================================================================== [ 15.530543] ================================================================== [ 15.530885] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.531231] Read of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.531727] [ 15.531809] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.531855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.531867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.531888] Call Trace: [ 15.531907] <TASK> [ 15.531925] dump_stack_lvl+0x73/0xb0 [ 15.531984] print_report+0xd1/0x650 [ 15.532009] ? __virt_addr_valid+0x1db/0x2d0 [ 15.532033] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.532095] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532120] kasan_report+0x141/0x180 [ 15.532142] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532171] kasan_check_range+0x10c/0x1c0 [ 15.532195] __kasan_check_read+0x15/0x20 [ 15.532215] copy_user_test_oob+0x4aa/0x10f0 [ 15.532241] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.532265] ? finish_task_switch.isra.0+0x153/0x700 [ 15.532288] ? __switch_to+0x47/0xf50 [ 15.532313] ? __schedule+0x10cc/0x2b60 [ 15.532336] ? __pfx_read_tsc+0x10/0x10 [ 15.532358] ? ktime_get_ts64+0x86/0x230 [ 15.532383] kunit_try_run_case+0x1a5/0x480 [ 15.532407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.532429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.532453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.532475] ? __kthread_parkme+0x82/0x180 [ 15.532496] ? preempt_count_sub+0x50/0x80 [ 15.532520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.532544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.532567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.532598] kthread+0x337/0x6f0 [ 15.532618] ? trace_preempt_on+0x20/0xc0 [ 15.532643] ? __pfx_kthread+0x10/0x10 [ 15.532664] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.532685] ? calculate_sigpending+0x7b/0xa0 [ 15.532709] ? __pfx_kthread+0x10/0x10 [ 15.532731] ret_from_fork+0x116/0x1d0 [ 15.532749] ? __pfx_kthread+0x10/0x10 [ 15.532770] ret_from_fork_asm+0x1a/0x30 [ 15.532801] </TASK> [ 15.532813] [ 15.539752] Allocated by task 311: [ 15.539941] kasan_save_stack+0x45/0x70 [ 15.540141] kasan_save_track+0x18/0x40 [ 15.540285] kasan_save_alloc_info+0x3b/0x50 [ 15.540523] __kasan_kmalloc+0xb7/0xc0 [ 15.540685] __kmalloc_noprof+0x1c9/0x500 [ 15.540848] kunit_kmalloc_array+0x25/0x60 [ 15.541006] copy_user_test_oob+0xab/0x10f0 [ 15.541211] kunit_try_run_case+0x1a5/0x480 [ 15.541420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.541644] kthread+0x337/0x6f0 [ 15.541796] ret_from_fork+0x116/0x1d0 [ 15.541972] ret_from_fork_asm+0x1a/0x30 [ 15.542141] [ 15.542208] The buggy address belongs to the object at ffff8881028df100 [ 15.542208] which belongs to the cache kmalloc-128 of size 128 [ 15.542944] The buggy address is located 0 bytes inside of [ 15.542944] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.543516] [ 15.543610] The buggy address belongs to the physical page: [ 15.543837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.544159] flags: 0x200000000000000(node=0|zone=2) [ 15.544355] page_type: f5(slab) [ 15.544576] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.544854] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.545161] page dumped because: kasan: bad access detected [ 15.545371] [ 15.545491] Memory state around the buggy address: [ 15.545700] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.545980] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546218] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.546447] ^ [ 15.546751] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547144] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547351] ================================================================== [ 15.548051] ================================================================== [ 15.548486] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.548780] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.549113] [ 15.549313] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.549359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.549372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.549394] Call Trace: [ 15.549414] <TASK> [ 15.549430] dump_stack_lvl+0x73/0xb0 [ 15.549458] print_report+0xd1/0x650 [ 15.549480] ? __virt_addr_valid+0x1db/0x2d0 [ 15.549504] ? copy_user_test_oob+0x557/0x10f0 [ 15.549527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.549549] ? copy_user_test_oob+0x557/0x10f0 [ 15.549575] kasan_report+0x141/0x180 [ 15.549598] ? copy_user_test_oob+0x557/0x10f0 [ 15.549626] kasan_check_range+0x10c/0x1c0 [ 15.549650] __kasan_check_write+0x18/0x20 [ 15.549669] copy_user_test_oob+0x557/0x10f0 [ 15.549700] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.549723] ? finish_task_switch.isra.0+0x153/0x700 [ 15.549757] ? __switch_to+0x47/0xf50 [ 15.549782] ? __schedule+0x10cc/0x2b60 [ 15.549804] ? __pfx_read_tsc+0x10/0x10 [ 15.549825] ? ktime_get_ts64+0x86/0x230 [ 15.549849] kunit_try_run_case+0x1a5/0x480 [ 15.549873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.549896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.549919] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.550836] ? __kthread_parkme+0x82/0x180 [ 15.550863] ? preempt_count_sub+0x50/0x80 [ 15.550888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.550913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.550951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.550975] kthread+0x337/0x6f0 [ 15.550995] ? trace_preempt_on+0x20/0xc0 [ 15.551022] ? __pfx_kthread+0x10/0x10 [ 15.551043] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.551064] ? calculate_sigpending+0x7b/0xa0 [ 15.551088] ? __pfx_kthread+0x10/0x10 [ 15.551110] ret_from_fork+0x116/0x1d0 [ 15.551129] ? __pfx_kthread+0x10/0x10 [ 15.551150] ret_from_fork_asm+0x1a/0x30 [ 15.551181] </TASK> [ 15.551193] [ 15.563446] Allocated by task 311: [ 15.563803] kasan_save_stack+0x45/0x70 [ 15.564186] kasan_save_track+0x18/0x40 [ 15.564569] kasan_save_alloc_info+0x3b/0x50 [ 15.564972] __kasan_kmalloc+0xb7/0xc0 [ 15.565324] __kmalloc_noprof+0x1c9/0x500 [ 15.565716] kunit_kmalloc_array+0x25/0x60 [ 15.566043] copy_user_test_oob+0xab/0x10f0 [ 15.566180] kunit_try_run_case+0x1a5/0x480 [ 15.566315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.566753] kthread+0x337/0x6f0 [ 15.567072] ret_from_fork+0x116/0x1d0 [ 15.567441] ret_from_fork_asm+0x1a/0x30 [ 15.567806] [ 15.567971] The buggy address belongs to the object at ffff8881028df100 [ 15.567971] which belongs to the cache kmalloc-128 of size 128 [ 15.568616] The buggy address is located 0 bytes inside of [ 15.568616] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.569011] [ 15.569185] The buggy address belongs to the physical page: [ 15.569695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.570366] flags: 0x200000000000000(node=0|zone=2) [ 15.570829] page_type: f5(slab) [ 15.571149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.571821] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.572119] page dumped because: kasan: bad access detected [ 15.572280] [ 15.572343] Memory state around the buggy address: [ 15.572789] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.573436] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.574066] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.574622] ^ [ 15.574824] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.575038] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.575238] ==================================================================