Date
June 17, 2025, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.146101] ================================================================== [ 20.146199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.146363] Read of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.146449] [ 20.146796] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.147020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.147088] Hardware name: linux,dummy-virt (DT) [ 20.147522] Call trace: [ 20.147620] show_stack+0x20/0x38 (C) [ 20.147827] dump_stack_lvl+0x8c/0xd0 [ 20.147882] print_report+0x118/0x608 [ 20.148217] kasan_report+0xdc/0x128 [ 20.148298] kasan_check_range+0x100/0x1a8 [ 20.148612] __kasan_check_read+0x20/0x30 [ 20.148721] copy_user_test_oob+0x3c8/0xec8 [ 20.148899] kunit_try_run_case+0x170/0x3f0 [ 20.149052] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.149134] kthread+0x328/0x630 [ 20.149180] ret_from_fork+0x10/0x20 [ 20.149550] [ 20.149711] Allocated by task 294: [ 20.149786] kasan_save_stack+0x3c/0x68 [ 20.149973] kasan_save_track+0x20/0x40 [ 20.150118] kasan_save_alloc_info+0x40/0x58 [ 20.150207] __kasan_kmalloc+0xd4/0xd8 [ 20.150323] __kmalloc_noprof+0x198/0x4c8 [ 20.150399] kunit_kmalloc_array+0x34/0x88 [ 20.150457] copy_user_test_oob+0xac/0xec8 [ 20.150498] kunit_try_run_case+0x170/0x3f0 [ 20.150674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.150900] kthread+0x328/0x630 [ 20.151107] ret_from_fork+0x10/0x20 [ 20.151282] [ 20.151340] The buggy address belongs to the object at fff00000c522f000 [ 20.151340] which belongs to the cache kmalloc-128 of size 128 [ 20.151539] The buggy address is located 0 bytes inside of [ 20.151539] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.151610] [ 20.151760] The buggy address belongs to the physical page: [ 20.151843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.152025] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.152392] page_type: f5(slab) [ 20.152610] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.152872] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.153161] page dumped because: kasan: bad access detected [ 20.153315] [ 20.153449] Memory state around the buggy address: [ 20.153489] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.153638] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.153876] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.154068] ^ [ 20.154260] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.154320] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.154363] ================================================================== [ 20.137592] ================================================================== [ 20.138002] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.138278] Write of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.138342] [ 20.138387] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.138741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.138883] Hardware name: linux,dummy-virt (DT) [ 20.138966] Call trace: [ 20.139081] show_stack+0x20/0x38 (C) [ 20.139178] dump_stack_lvl+0x8c/0xd0 [ 20.139417] print_report+0x118/0x608 [ 20.139644] kasan_report+0xdc/0x128 [ 20.139770] kasan_check_range+0x100/0x1a8 [ 20.139865] __kasan_check_write+0x20/0x30 [ 20.139963] copy_user_test_oob+0x35c/0xec8 [ 20.140050] kunit_try_run_case+0x170/0x3f0 [ 20.140168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.140253] kthread+0x328/0x630 [ 20.140537] ret_from_fork+0x10/0x20 [ 20.140635] [ 20.140757] Allocated by task 294: [ 20.140828] kasan_save_stack+0x3c/0x68 [ 20.140980] kasan_save_track+0x20/0x40 [ 20.141039] kasan_save_alloc_info+0x40/0x58 [ 20.141180] __kasan_kmalloc+0xd4/0xd8 [ 20.141223] __kmalloc_noprof+0x198/0x4c8 [ 20.141527] kunit_kmalloc_array+0x34/0x88 [ 20.141875] copy_user_test_oob+0xac/0xec8 [ 20.141960] kunit_try_run_case+0x170/0x3f0 [ 20.142221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.142301] kthread+0x328/0x630 [ 20.142352] ret_from_fork+0x10/0x20 [ 20.142486] [ 20.142593] The buggy address belongs to the object at fff00000c522f000 [ 20.142593] which belongs to the cache kmalloc-128 of size 128 [ 20.142665] The buggy address is located 0 bytes inside of [ 20.142665] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.142934] [ 20.142970] The buggy address belongs to the physical page: [ 20.143008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.143077] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.143134] page_type: f5(slab) [ 20.143178] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.143236] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.143295] page dumped because: kasan: bad access detected [ 20.143331] [ 20.143352] Memory state around the buggy address: [ 20.143389] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.143443] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.143498] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.143544] ^ [ 20.143589] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.143650] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.143692] ================================================================== [ 20.121457] ================================================================== [ 20.121574] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.121647] Read of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.121962] [ 20.122286] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.122572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.122610] Hardware name: linux,dummy-virt (DT) [ 20.122649] Call trace: [ 20.122869] show_stack+0x20/0x38 (C) [ 20.123052] dump_stack_lvl+0x8c/0xd0 [ 20.123174] print_report+0x118/0x608 [ 20.123558] kasan_report+0xdc/0x128 [ 20.123647] kasan_check_range+0x100/0x1a8 [ 20.124038] __kasan_check_read+0x20/0x30 [ 20.124174] copy_user_test_oob+0x728/0xec8 [ 20.124281] kunit_try_run_case+0x170/0x3f0 [ 20.124575] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.124642] kthread+0x328/0x630 [ 20.124690] ret_from_fork+0x10/0x20 [ 20.124793] [ 20.124819] Allocated by task 294: [ 20.124859] kasan_save_stack+0x3c/0x68 [ 20.124906] kasan_save_track+0x20/0x40 [ 20.124957] kasan_save_alloc_info+0x40/0x58 [ 20.125008] __kasan_kmalloc+0xd4/0xd8 [ 20.125047] __kmalloc_noprof+0x198/0x4c8 [ 20.125089] kunit_kmalloc_array+0x34/0x88 [ 20.125129] copy_user_test_oob+0xac/0xec8 [ 20.125171] kunit_try_run_case+0x170/0x3f0 [ 20.125212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.125262] kthread+0x328/0x630 [ 20.125310] ret_from_fork+0x10/0x20 [ 20.125366] [ 20.125397] The buggy address belongs to the object at fff00000c522f000 [ 20.125397] which belongs to the cache kmalloc-128 of size 128 [ 20.125462] The buggy address is located 0 bytes inside of [ 20.125462] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.125529] [ 20.125589] The buggy address belongs to the physical page: [ 20.125635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.125694] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.125753] page_type: f5(slab) [ 20.125796] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.125856] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.125910] page dumped because: kasan: bad access detected [ 20.126672] [ 20.126946] Memory state around the buggy address: [ 20.127228] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.127675] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.127935] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.128114] ^ [ 20.128287] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.128360] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.128427] ================================================================== [ 20.155965] ================================================================== [ 20.156054] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.156140] Write of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.156352] [ 20.156399] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.156759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.156960] Hardware name: linux,dummy-virt (DT) [ 20.157037] Call trace: [ 20.157064] show_stack+0x20/0x38 (C) [ 20.157127] dump_stack_lvl+0x8c/0xd0 [ 20.157180] print_report+0x118/0x608 [ 20.157229] kasan_report+0xdc/0x128 [ 20.157279] kasan_check_range+0x100/0x1a8 [ 20.157330] __kasan_check_write+0x20/0x30 [ 20.157378] copy_user_test_oob+0x434/0xec8 [ 20.157429] kunit_try_run_case+0x170/0x3f0 [ 20.157480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.157589] kthread+0x328/0x630 [ 20.157645] ret_from_fork+0x10/0x20 [ 20.157697] [ 20.157717] Allocated by task 294: [ 20.157749] kasan_save_stack+0x3c/0x68 [ 20.157792] kasan_save_track+0x20/0x40 [ 20.157841] kasan_save_alloc_info+0x40/0x58 [ 20.157881] __kasan_kmalloc+0xd4/0xd8 [ 20.157921] __kmalloc_noprof+0x198/0x4c8 [ 20.158637] kunit_kmalloc_array+0x34/0x88 [ 20.158735] copy_user_test_oob+0xac/0xec8 [ 20.158812] kunit_try_run_case+0x170/0x3f0 [ 20.158854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.159216] kthread+0x328/0x630 [ 20.159420] ret_from_fork+0x10/0x20 [ 20.159502] [ 20.159853] The buggy address belongs to the object at fff00000c522f000 [ 20.159853] which belongs to the cache kmalloc-128 of size 128 [ 20.160044] The buggy address is located 0 bytes inside of [ 20.160044] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.160396] [ 20.160628] The buggy address belongs to the physical page: [ 20.160704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.160772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.161135] page_type: f5(slab) [ 20.161587] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.161821] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.161999] page dumped because: kasan: bad access detected [ 20.162049] [ 20.162237] Memory state around the buggy address: [ 20.162369] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.162582] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.162667] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.162716] ^ [ 20.162938] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.163152] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.163247] ================================================================== [ 20.164592] ================================================================== [ 20.164655] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.164708] Read of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.164972] [ 20.165017] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.165406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.165562] Hardware name: linux,dummy-virt (DT) [ 20.165614] Call trace: [ 20.165641] show_stack+0x20/0x38 (C) [ 20.165695] dump_stack_lvl+0x8c/0xd0 [ 20.165920] print_report+0x118/0x608 [ 20.166132] kasan_report+0xdc/0x128 [ 20.166267] kasan_check_range+0x100/0x1a8 [ 20.166365] __kasan_check_read+0x20/0x30 [ 20.166483] copy_user_test_oob+0x4a0/0xec8 [ 20.166556] kunit_try_run_case+0x170/0x3f0 [ 20.166613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.166988] kthread+0x328/0x630 [ 20.167048] ret_from_fork+0x10/0x20 [ 20.167099] [ 20.167120] Allocated by task 294: [ 20.167152] kasan_save_stack+0x3c/0x68 [ 20.167195] kasan_save_track+0x20/0x40 [ 20.167238] kasan_save_alloc_info+0x40/0x58 [ 20.167277] __kasan_kmalloc+0xd4/0xd8 [ 20.167315] __kmalloc_noprof+0x198/0x4c8 [ 20.167356] kunit_kmalloc_array+0x34/0x88 [ 20.167395] copy_user_test_oob+0xac/0xec8 [ 20.167436] kunit_try_run_case+0x170/0x3f0 [ 20.167478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.167524] kthread+0x328/0x630 [ 20.167560] ret_from_fork+0x10/0x20 [ 20.167603] [ 20.167624] The buggy address belongs to the object at fff00000c522f000 [ 20.167624] which belongs to the cache kmalloc-128 of size 128 [ 20.167687] The buggy address is located 0 bytes inside of [ 20.167687] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.167754] [ 20.167778] The buggy address belongs to the physical page: [ 20.167812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.167869] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.167921] page_type: f5(slab) [ 20.167974] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.168028] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.168374] page dumped because: kasan: bad access detected [ 20.168519] [ 20.168544] Memory state around the buggy address: [ 20.168592] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168641] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168686] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.168727] ^ [ 20.168774] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168831] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168879] ================================================================== [ 20.105086] ================================================================== [ 20.105545] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.105976] Write of size 121 at addr fff00000c522f000 by task kunit_try_catch/294 [ 20.106061] [ 20.106131] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 20.106243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.106386] Hardware name: linux,dummy-virt (DT) [ 20.106464] Call trace: [ 20.106603] show_stack+0x20/0x38 (C) [ 20.106669] dump_stack_lvl+0x8c/0xd0 [ 20.106726] print_report+0x118/0x608 [ 20.107049] kasan_report+0xdc/0x128 [ 20.107175] kasan_check_range+0x100/0x1a8 [ 20.107322] __kasan_check_write+0x20/0x30 [ 20.107471] copy_user_test_oob+0x234/0xec8 [ 20.107559] kunit_try_run_case+0x170/0x3f0 [ 20.107728] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.107893] kthread+0x328/0x630 [ 20.108155] ret_from_fork+0x10/0x20 [ 20.108299] [ 20.108402] Allocated by task 294: [ 20.108461] kasan_save_stack+0x3c/0x68 [ 20.108802] kasan_save_track+0x20/0x40 [ 20.108895] kasan_save_alloc_info+0x40/0x58 [ 20.108978] __kasan_kmalloc+0xd4/0xd8 [ 20.109051] __kmalloc_noprof+0x198/0x4c8 [ 20.109114] kunit_kmalloc_array+0x34/0x88 [ 20.109341] copy_user_test_oob+0xac/0xec8 [ 20.109398] kunit_try_run_case+0x170/0x3f0 [ 20.109478] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.109551] kthread+0x328/0x630 [ 20.109619] ret_from_fork+0x10/0x20 [ 20.109687] [ 20.110025] The buggy address belongs to the object at fff00000c522f000 [ 20.110025] which belongs to the cache kmalloc-128 of size 128 [ 20.110140] The buggy address is located 0 bytes inside of [ 20.110140] allocated 120-byte region [fff00000c522f000, fff00000c522f078) [ 20.110334] [ 20.110392] The buggy address belongs to the physical page: [ 20.110695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10522f [ 20.110827] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.110902] page_type: f5(slab) [ 20.110972] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.111069] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.111138] page dumped because: kasan: bad access detected [ 20.111204] [ 20.111262] Memory state around the buggy address: [ 20.111352] fff00000c522ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.111429] fff00000c522ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.111477] >fff00000c522f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.111783] ^ [ 20.111859] fff00000c522f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.111919] fff00000c522f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.112002] ==================================================================
[ 24.865460] ================================================================== [ 24.866172] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 24.866859] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.867566] [ 24.867814] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.867954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.867993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.868053] Call Trace: [ 24.868099] <TASK> [ 24.868145] dump_stack_lvl+0x73/0xb0 [ 24.868274] print_report+0xd1/0x650 [ 24.868356] ? __virt_addr_valid+0x1db/0x2d0 [ 24.868426] ? copy_user_test_oob+0x557/0x10f0 [ 24.868480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.868551] ? copy_user_test_oob+0x557/0x10f0 [ 24.868628] kasan_report+0x141/0x180 [ 24.868749] ? copy_user_test_oob+0x557/0x10f0 [ 24.868887] kasan_check_range+0x10c/0x1c0 [ 24.868973] __kasan_check_write+0x18/0x20 [ 24.869043] copy_user_test_oob+0x557/0x10f0 [ 24.869128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.869203] ? finish_task_switch.isra.0+0x153/0x700 [ 24.869330] ? __switch_to+0x47/0xf50 [ 24.869417] ? __schedule+0x10cc/0x2b60 [ 24.869543] ? __pfx_read_tsc+0x10/0x10 [ 24.869648] ? ktime_get_ts64+0x86/0x230 [ 24.869733] kunit_try_run_case+0x1a5/0x480 [ 24.869808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.869902] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.869975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.870052] ? __kthread_parkme+0x82/0x180 [ 24.870120] ? preempt_count_sub+0x50/0x80 [ 24.870197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.870322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.870401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.870480] kthread+0x337/0x6f0 [ 24.870549] ? trace_preempt_on+0x20/0xc0 [ 24.870687] ? __pfx_kthread+0x10/0x10 [ 24.870795] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.870972] ? calculate_sigpending+0x7b/0xa0 [ 24.871055] ? __pfx_kthread+0x10/0x10 [ 24.871116] ret_from_fork+0x116/0x1d0 [ 24.871149] ? __pfx_kthread+0x10/0x10 [ 24.871182] ret_from_fork_asm+0x1a/0x30 [ 24.871257] </TASK> [ 24.871282] [ 24.885853] Allocated by task 312: [ 24.886175] kasan_save_stack+0x45/0x70 [ 24.886563] kasan_save_track+0x18/0x40 [ 24.886955] kasan_save_alloc_info+0x3b/0x50 [ 24.887427] __kasan_kmalloc+0xb7/0xc0 [ 24.887814] __kmalloc_noprof+0x1c9/0x500 [ 24.888171] kunit_kmalloc_array+0x25/0x60 [ 24.888583] copy_user_test_oob+0xab/0x10f0 [ 24.889020] kunit_try_run_case+0x1a5/0x480 [ 24.889371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.889725] kthread+0x337/0x6f0 [ 24.890095] ret_from_fork+0x116/0x1d0 [ 24.890517] ret_from_fork_asm+0x1a/0x30 [ 24.890949] [ 24.891151] The buggy address belongs to the object at ffff8881033b2200 [ 24.891151] which belongs to the cache kmalloc-128 of size 128 [ 24.891996] The buggy address is located 0 bytes inside of [ 24.891996] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.892974] [ 24.893198] The buggy address belongs to the physical page: [ 24.893732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.894401] flags: 0x200000000000000(node=0|zone=2) [ 24.894806] page_type: f5(slab) [ 24.895180] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.895779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.896436] page dumped because: kasan: bad access detected [ 24.896882] [ 24.897091] Memory state around the buggy address: [ 24.897549] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.898006] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.898561] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.899255] ^ [ 24.899789] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900338] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900929] ================================================================== [ 24.902096] ================================================================== [ 24.904352] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 24.904920] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.905357] [ 24.905545] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.905660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.905692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.905745] Call Trace: [ 24.905794] <TASK> [ 24.905887] dump_stack_lvl+0x73/0xb0 [ 24.905973] print_report+0xd1/0x650 [ 24.906054] ? __virt_addr_valid+0x1db/0x2d0 [ 24.906130] ? copy_user_test_oob+0x604/0x10f0 [ 24.906247] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.906334] ? copy_user_test_oob+0x604/0x10f0 [ 24.906414] kasan_report+0x141/0x180 [ 24.906488] ? copy_user_test_oob+0x604/0x10f0 [ 24.906578] kasan_check_range+0x10c/0x1c0 [ 24.906658] __kasan_check_read+0x15/0x20 [ 24.906729] copy_user_test_oob+0x604/0x10f0 [ 24.906816] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.906909] ? finish_task_switch.isra.0+0x153/0x700 [ 24.906983] ? __switch_to+0x47/0xf50 [ 24.907066] ? __schedule+0x10cc/0x2b60 [ 24.907140] ? __pfx_read_tsc+0x10/0x10 [ 24.907207] ? ktime_get_ts64+0x86/0x230 [ 24.907331] kunit_try_run_case+0x1a5/0x480 [ 24.907409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.907481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.907557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.907640] ? __kthread_parkme+0x82/0x180 [ 24.907711] ? preempt_count_sub+0x50/0x80 [ 24.907787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.907889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.907971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908051] kthread+0x337/0x6f0 [ 24.908127] ? trace_preempt_on+0x20/0xc0 [ 24.908207] ? __pfx_kthread+0x10/0x10 [ 24.908329] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908411] ? calculate_sigpending+0x7b/0xa0 [ 24.908494] ? __pfx_kthread+0x10/0x10 [ 24.908564] ret_from_fork+0x116/0x1d0 [ 24.908596] ? __pfx_kthread+0x10/0x10 [ 24.908629] ret_from_fork_asm+0x1a/0x30 [ 24.908673] </TASK> [ 24.908689] [ 24.921623] Allocated by task 312: [ 24.921981] kasan_save_stack+0x45/0x70 [ 24.922379] kasan_save_track+0x18/0x40 [ 24.922757] kasan_save_alloc_info+0x3b/0x50 [ 24.923153] __kasan_kmalloc+0xb7/0xc0 [ 24.923595] __kmalloc_noprof+0x1c9/0x500 [ 24.923969] kunit_kmalloc_array+0x25/0x60 [ 24.924362] copy_user_test_oob+0xab/0x10f0 [ 24.924739] kunit_try_run_case+0x1a5/0x480 [ 24.925153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.925552] kthread+0x337/0x6f0 [ 24.925785] ret_from_fork+0x116/0x1d0 [ 24.926055] ret_from_fork_asm+0x1a/0x30 [ 24.929370] [ 24.929527] The buggy address belongs to the object at ffff8881033b2200 [ 24.929527] which belongs to the cache kmalloc-128 of size 128 [ 24.930147] The buggy address is located 0 bytes inside of [ 24.930147] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.931205] [ 24.931339] The buggy address belongs to the physical page: [ 24.931622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.932158] flags: 0x200000000000000(node=0|zone=2) [ 24.932603] page_type: f5(slab) [ 24.932985] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.936566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.937032] page dumped because: kasan: bad access detected [ 24.941147] [ 24.941344] Memory state around the buggy address: [ 24.941611] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.942002] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.942644] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.943361] ^ [ 24.944023] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.944795] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.945505] ================================================================== [ 24.788364] ================================================================== [ 24.788871] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 24.789543] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.790096] [ 24.790451] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.790586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.790627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.790686] Call Trace: [ 24.790729] <TASK> [ 24.790774] dump_stack_lvl+0x73/0xb0 [ 24.790876] print_report+0xd1/0x650 [ 24.790955] ? __virt_addr_valid+0x1db/0x2d0 [ 24.791033] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.791188] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791313] kasan_report+0x141/0x180 [ 24.791394] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791486] kasan_check_range+0x10c/0x1c0 [ 24.791576] __kasan_check_write+0x18/0x20 [ 24.791646] copy_user_test_oob+0x3fd/0x10f0 [ 24.791692] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.791729] ? finish_task_switch.isra.0+0x153/0x700 [ 24.791762] ? __switch_to+0x47/0xf50 [ 24.791798] ? __schedule+0x10cc/0x2b60 [ 24.791845] ? __pfx_read_tsc+0x10/0x10 [ 24.791886] ? ktime_get_ts64+0x86/0x230 [ 24.791923] kunit_try_run_case+0x1a5/0x480 [ 24.791961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.791995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.792024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.792060] ? __kthread_parkme+0x82/0x180 [ 24.792090] ? preempt_count_sub+0x50/0x80 [ 24.792122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.792156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.792189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.792265] kthread+0x337/0x6f0 [ 24.792302] ? trace_preempt_on+0x20/0xc0 [ 24.792340] ? __pfx_kthread+0x10/0x10 [ 24.792370] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.792405] ? calculate_sigpending+0x7b/0xa0 [ 24.792441] ? __pfx_kthread+0x10/0x10 [ 24.792474] ret_from_fork+0x116/0x1d0 [ 24.792502] ? __pfx_kthread+0x10/0x10 [ 24.792532] ret_from_fork_asm+0x1a/0x30 [ 24.792577] </TASK> [ 24.792593] [ 24.807082] Allocated by task 312: [ 24.807643] kasan_save_stack+0x45/0x70 [ 24.808081] kasan_save_track+0x18/0x40 [ 24.809079] kasan_save_alloc_info+0x3b/0x50 [ 24.809512] __kasan_kmalloc+0xb7/0xc0 [ 24.809797] __kmalloc_noprof+0x1c9/0x500 [ 24.810110] kunit_kmalloc_array+0x25/0x60 [ 24.810754] copy_user_test_oob+0xab/0x10f0 [ 24.812456] kunit_try_run_case+0x1a5/0x480 [ 24.813089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813593] kthread+0x337/0x6f0 [ 24.813990] ret_from_fork+0x116/0x1d0 [ 24.814330] ret_from_fork_asm+0x1a/0x30 [ 24.814768] [ 24.814986] The buggy address belongs to the object at ffff8881033b2200 [ 24.814986] which belongs to the cache kmalloc-128 of size 128 [ 24.816360] The buggy address is located 0 bytes inside of [ 24.816360] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.817663] [ 24.817881] The buggy address belongs to the physical page: [ 24.818373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.818996] flags: 0x200000000000000(node=0|zone=2) [ 24.819409] page_type: f5(slab) [ 24.819698] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.820782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.821485] page dumped because: kasan: bad access detected [ 24.822194] [ 24.822487] Memory state around the buggy address: [ 24.823115] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.824526] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.825020] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.825549] ^ [ 24.826068] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.826588] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.827396] ================================================================== [ 24.828590] ================================================================== [ 24.829241] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 24.830149] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.830657] [ 24.830985] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.831146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.831347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.831408] Call Trace: [ 24.831495] <TASK> [ 24.831556] dump_stack_lvl+0x73/0xb0 [ 24.831787] print_report+0xd1/0x650 [ 24.831897] ? __virt_addr_valid+0x1db/0x2d0 [ 24.832114] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.832405] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832485] kasan_report+0x141/0x180 [ 24.832560] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832646] kasan_check_range+0x10c/0x1c0 [ 24.832725] __kasan_check_read+0x15/0x20 [ 24.832792] copy_user_test_oob+0x4aa/0x10f0 [ 24.832897] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.832974] ? finish_task_switch.isra.0+0x153/0x700 [ 24.833051] ? __switch_to+0x47/0xf50 [ 24.833136] ? __schedule+0x10cc/0x2b60 [ 24.833257] ? __pfx_read_tsc+0x10/0x10 [ 24.833362] ? ktime_get_ts64+0x86/0x230 [ 24.833441] kunit_try_run_case+0x1a5/0x480 [ 24.833502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.833539] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.833569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.833607] ? __kthread_parkme+0x82/0x180 [ 24.833637] ? preempt_count_sub+0x50/0x80 [ 24.833671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.833707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.833740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.833774] kthread+0x337/0x6f0 [ 24.833803] ? trace_preempt_on+0x20/0xc0 [ 24.833862] ? __pfx_kthread+0x10/0x10 [ 24.833897] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.833934] ? calculate_sigpending+0x7b/0xa0 [ 24.833971] ? __pfx_kthread+0x10/0x10 [ 24.834002] ret_from_fork+0x116/0x1d0 [ 24.834028] ? __pfx_kthread+0x10/0x10 [ 24.834058] ret_from_fork_asm+0x1a/0x30 [ 24.834100] </TASK> [ 24.834116] [ 24.848546] Allocated by task 312: [ 24.848802] kasan_save_stack+0x45/0x70 [ 24.849250] kasan_save_track+0x18/0x40 [ 24.849638] kasan_save_alloc_info+0x3b/0x50 [ 24.850099] __kasan_kmalloc+0xb7/0xc0 [ 24.850565] __kmalloc_noprof+0x1c9/0x500 [ 24.850975] kunit_kmalloc_array+0x25/0x60 [ 24.851444] copy_user_test_oob+0xab/0x10f0 [ 24.851858] kunit_try_run_case+0x1a5/0x480 [ 24.852338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.852698] kthread+0x337/0x6f0 [ 24.852976] ret_from_fork+0x116/0x1d0 [ 24.853425] ret_from_fork_asm+0x1a/0x30 [ 24.853842] [ 24.854081] The buggy address belongs to the object at ffff8881033b2200 [ 24.854081] which belongs to the cache kmalloc-128 of size 128 [ 24.855153] The buggy address is located 0 bytes inside of [ 24.855153] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.855972] [ 24.856244] The buggy address belongs to the physical page: [ 24.856740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.857448] flags: 0x200000000000000(node=0|zone=2) [ 24.857917] page_type: f5(slab) [ 24.858293] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.858963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.859607] page dumped because: kasan: bad access detected [ 24.860100] [ 24.860366] Memory state around the buggy address: [ 24.860732] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.861309] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861743] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.862334] ^ [ 24.862976] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863444] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863886] ==================================================================