Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.677989] ================================================================== [ 34.678208] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.678396] Write of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.678532] [ 34.678624] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.678822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.678910] Hardware name: linux,dummy-virt (DT) [ 34.679012] Call trace: [ 34.679093] show_stack+0x20/0x38 (C) [ 34.679229] dump_stack_lvl+0x8c/0xd0 [ 34.679356] print_report+0x118/0x608 [ 34.679478] kasan_report+0xdc/0x128 [ 34.679596] kasan_check_range+0x100/0x1a8 [ 34.679723] __kasan_check_write+0x20/0x30 [ 34.679844] copy_user_test_oob+0x234/0xec8 [ 34.679976] kunit_try_run_case+0x170/0x3f0 [ 34.680197] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.680333] kthread+0x328/0x630 [ 34.680446] ret_from_fork+0x10/0x20 [ 34.680595] [ 34.680675] Allocated by task 296: [ 34.680760] kasan_save_stack+0x3c/0x68 [ 34.680913] kasan_save_track+0x20/0x40 [ 34.681006] kasan_save_alloc_info+0x40/0x58 [ 34.681180] __kasan_kmalloc+0xd4/0xd8 [ 34.681271] __kmalloc_noprof+0x198/0x4c8 [ 34.681370] kunit_kmalloc_array+0x34/0x88 [ 34.681513] copy_user_test_oob+0xac/0xec8 [ 34.681635] kunit_try_run_case+0x170/0x3f0 [ 34.681750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.681902] kthread+0x328/0x630 [ 34.681982] ret_from_fork+0x10/0x20 [ 34.682071] [ 34.682128] The buggy address belongs to the object at fff00000c7741400 [ 34.682128] which belongs to the cache kmalloc-128 of size 128 [ 34.682298] The buggy address is located 0 bytes inside of [ 34.682298] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.683190] [ 34.683513] The buggy address belongs to the physical page: [ 34.683673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.683832] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.684234] page_type: f5(slab) [ 34.684348] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.684482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.684599] page dumped because: kasan: bad access detected [ 34.684687] [ 34.684738] Memory state around the buggy address: [ 34.684861] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.684992] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.685110] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.685230] ^ [ 34.685386] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.685485] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.685578] ================================================================== [ 34.753175] ================================================================== [ 34.753695] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.753847] Write of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.753966] [ 34.754057] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.754281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.754357] Hardware name: linux,dummy-virt (DT) [ 34.754438] Call trace: [ 34.755130] show_stack+0x20/0x38 (C) [ 34.755347] dump_stack_lvl+0x8c/0xd0 [ 34.755700] print_report+0x118/0x608 [ 34.756490] kasan_report+0xdc/0x128 [ 34.756750] kasan_check_range+0x100/0x1a8 [ 34.757108] __kasan_check_write+0x20/0x30 [ 34.757394] copy_user_test_oob+0x434/0xec8 [ 34.758251] kunit_try_run_case+0x170/0x3f0 [ 34.758454] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.758766] kthread+0x328/0x630 [ 34.758933] ret_from_fork+0x10/0x20 [ 34.759624] [ 34.759787] Allocated by task 296: [ 34.759937] kasan_save_stack+0x3c/0x68 [ 34.760057] kasan_save_track+0x20/0x40 [ 34.760630] kasan_save_alloc_info+0x40/0x58 [ 34.761133] __kasan_kmalloc+0xd4/0xd8 [ 34.761567] __kmalloc_noprof+0x198/0x4c8 [ 34.762044] kunit_kmalloc_array+0x34/0x88 [ 34.762345] copy_user_test_oob+0xac/0xec8 [ 34.762684] kunit_try_run_case+0x170/0x3f0 [ 34.763046] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.763165] kthread+0x328/0x630 [ 34.763252] ret_from_fork+0x10/0x20 [ 34.763350] [ 34.764573] The buggy address belongs to the object at fff00000c7741400 [ 34.764573] which belongs to the cache kmalloc-128 of size 128 [ 34.765002] The buggy address is located 0 bytes inside of [ 34.765002] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.765355] [ 34.766381] The buggy address belongs to the physical page: [ 34.766487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.766632] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.767071] page_type: f5(slab) [ 34.767439] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.767617] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.767730] page dumped because: kasan: bad access detected [ 34.767825] [ 34.767896] Memory state around the buggy address: [ 34.768076] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.768404] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.768669] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.768924] ^ [ 34.769153] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.769914] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.770054] ================================================================== [ 34.740620] ================================================================== [ 34.740760] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.740918] Read of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.741054] [ 34.741149] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.741381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.742439] Hardware name: linux,dummy-virt (DT) [ 34.742615] Call trace: [ 34.742722] show_stack+0x20/0x38 (C) [ 34.743126] dump_stack_lvl+0x8c/0xd0 [ 34.743504] print_report+0x118/0x608 [ 34.744004] kasan_report+0xdc/0x128 [ 34.744257] kasan_check_range+0x100/0x1a8 [ 34.744507] __kasan_check_read+0x20/0x30 [ 34.744943] copy_user_test_oob+0x3c8/0xec8 [ 34.745081] kunit_try_run_case+0x170/0x3f0 [ 34.745289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.745488] kthread+0x328/0x630 [ 34.745652] ret_from_fork+0x10/0x20 [ 34.745840] [ 34.745934] Allocated by task 296: [ 34.746023] kasan_save_stack+0x3c/0x68 [ 34.746134] kasan_save_track+0x20/0x40 [ 34.746237] kasan_save_alloc_info+0x40/0x58 [ 34.746344] __kasan_kmalloc+0xd4/0xd8 [ 34.746489] __kmalloc_noprof+0x198/0x4c8 [ 34.746632] kunit_kmalloc_array+0x34/0x88 [ 34.746718] copy_user_test_oob+0xac/0xec8 [ 34.746795] kunit_try_run_case+0x170/0x3f0 [ 34.746909] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.747035] kthread+0x328/0x630 [ 34.747155] ret_from_fork+0x10/0x20 [ 34.747289] [ 34.747354] The buggy address belongs to the object at fff00000c7741400 [ 34.747354] which belongs to the cache kmalloc-128 of size 128 [ 34.747521] The buggy address is located 0 bytes inside of [ 34.747521] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.747674] [ 34.747733] The buggy address belongs to the physical page: [ 34.747815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.748024] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.748203] page_type: f5(slab) [ 34.748332] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.748478] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.748619] page dumped because: kasan: bad access detected [ 34.748723] [ 34.748775] Memory state around the buggy address: [ 34.748896] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.749124] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.749305] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.749440] ^ [ 34.749640] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.749760] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.750392] ================================================================== [ 34.728497] ================================================================== [ 34.728674] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.728840] Write of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.728990] [ 34.729082] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.729535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.729912] Hardware name: linux,dummy-virt (DT) [ 34.730006] Call trace: [ 34.730092] show_stack+0x20/0x38 (C) [ 34.730229] dump_stack_lvl+0x8c/0xd0 [ 34.730386] print_report+0x118/0x608 [ 34.730511] kasan_report+0xdc/0x128 [ 34.730648] kasan_check_range+0x100/0x1a8 [ 34.730816] __kasan_check_write+0x20/0x30 [ 34.731056] copy_user_test_oob+0x35c/0xec8 [ 34.731183] kunit_try_run_case+0x170/0x3f0 [ 34.731301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.731424] kthread+0x328/0x630 [ 34.731537] ret_from_fork+0x10/0x20 [ 34.731674] [ 34.731729] Allocated by task 296: [ 34.731818] kasan_save_stack+0x3c/0x68 [ 34.731974] kasan_save_track+0x20/0x40 [ 34.732074] kasan_save_alloc_info+0x40/0x58 [ 34.732228] __kasan_kmalloc+0xd4/0xd8 [ 34.732364] __kmalloc_noprof+0x198/0x4c8 [ 34.732897] kunit_kmalloc_array+0x34/0x88 [ 34.733032] copy_user_test_oob+0xac/0xec8 [ 34.733138] kunit_try_run_case+0x170/0x3f0 [ 34.733331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.733587] kthread+0x328/0x630 [ 34.733712] ret_from_fork+0x10/0x20 [ 34.733810] [ 34.734052] The buggy address belongs to the object at fff00000c7741400 [ 34.734052] which belongs to the cache kmalloc-128 of size 128 [ 34.734233] The buggy address is located 0 bytes inside of [ 34.734233] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.734401] [ 34.734494] The buggy address belongs to the physical page: [ 34.734589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.734795] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.735048] page_type: f5(slab) [ 34.735269] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.735598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.735709] page dumped because: kasan: bad access detected [ 34.736549] [ 34.736620] Memory state around the buggy address: [ 34.736808] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.736941] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.737062] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.737163] ^ [ 34.737274] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.737383] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.738500] ================================================================== [ 34.772185] ================================================================== [ 34.772408] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.772773] Read of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.773000] [ 34.773158] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.773645] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.773728] Hardware name: linux,dummy-virt (DT) [ 34.773813] Call trace: [ 34.773885] show_stack+0x20/0x38 (C) [ 34.774111] dump_stack_lvl+0x8c/0xd0 [ 34.774327] print_report+0x118/0x608 [ 34.774656] kasan_report+0xdc/0x128 [ 34.774797] kasan_check_range+0x100/0x1a8 [ 34.774929] __kasan_check_read+0x20/0x30 [ 34.775067] copy_user_test_oob+0x4a0/0xec8 [ 34.775670] kunit_try_run_case+0x170/0x3f0 [ 34.775897] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.776258] kthread+0x328/0x630 [ 34.776369] ret_from_fork+0x10/0x20 [ 34.776851] [ 34.776927] Allocated by task 296: [ 34.777509] kasan_save_stack+0x3c/0x68 [ 34.777650] kasan_save_track+0x20/0x40 [ 34.777754] kasan_save_alloc_info+0x40/0x58 [ 34.777854] __kasan_kmalloc+0xd4/0xd8 [ 34.777946] __kmalloc_noprof+0x198/0x4c8 [ 34.778021] kunit_kmalloc_array+0x34/0x88 [ 34.778518] copy_user_test_oob+0xac/0xec8 [ 34.778927] kunit_try_run_case+0x170/0x3f0 [ 34.779064] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.779775] kthread+0x328/0x630 [ 34.780304] ret_from_fork+0x10/0x20 [ 34.780627] [ 34.780700] The buggy address belongs to the object at fff00000c7741400 [ 34.780700] which belongs to the cache kmalloc-128 of size 128 [ 34.780930] The buggy address is located 0 bytes inside of [ 34.780930] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.781095] [ 34.781798] The buggy address belongs to the physical page: [ 34.781947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.782393] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.782779] page_type: f5(slab) [ 34.782993] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.783146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.783462] page dumped because: kasan: bad access detected [ 34.783570] [ 34.783632] Memory state around the buggy address: [ 34.784283] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.784645] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.784757] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.784863] ^ [ 34.784988] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.785735] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.785938] ================================================================== [ 34.697097] ================================================================== [ 34.697613] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.698696] Read of size 121 at addr fff00000c7741400 by task kunit_try_catch/296 [ 34.699584] [ 34.699735] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 34.700796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.701159] Hardware name: linux,dummy-virt (DT) [ 34.701394] Call trace: [ 34.701662] show_stack+0x20/0x38 (C) [ 34.702078] dump_stack_lvl+0x8c/0xd0 [ 34.702642] print_report+0x118/0x608 [ 34.702746] kasan_report+0xdc/0x128 [ 34.703273] kasan_check_range+0x100/0x1a8 [ 34.703521] __kasan_check_read+0x20/0x30 [ 34.703708] copy_user_test_oob+0x728/0xec8 [ 34.703866] kunit_try_run_case+0x170/0x3f0 [ 34.704060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.704191] kthread+0x328/0x630 [ 34.704302] ret_from_fork+0x10/0x20 [ 34.704447] [ 34.704517] Allocated by task 296: [ 34.704625] kasan_save_stack+0x3c/0x68 [ 34.704755] kasan_save_track+0x20/0x40 [ 34.704868] kasan_save_alloc_info+0x40/0x58 [ 34.705030] __kasan_kmalloc+0xd4/0xd8 [ 34.705163] __kmalloc_noprof+0x198/0x4c8 [ 34.705296] kunit_kmalloc_array+0x34/0x88 [ 34.705440] copy_user_test_oob+0xac/0xec8 [ 34.705533] kunit_try_run_case+0x170/0x3f0 [ 34.705624] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.705738] kthread+0x328/0x630 [ 34.706018] ret_from_fork+0x10/0x20 [ 34.706118] [ 34.706167] The buggy address belongs to the object at fff00000c7741400 [ 34.706167] which belongs to the cache kmalloc-128 of size 128 [ 34.706316] The buggy address is located 0 bytes inside of [ 34.706316] allocated 120-byte region [fff00000c7741400, fff00000c7741478) [ 34.706485] [ 34.706556] The buggy address belongs to the physical page: [ 34.706687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107741 [ 34.706845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.707148] page_type: f5(slab) [ 34.707275] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.707615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.707745] page dumped because: kasan: bad access detected [ 34.707885] [ 34.707953] Memory state around the buggy address: [ 34.708116] fff00000c7741300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.708401] fff00000c7741380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.708530] >fff00000c7741400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.708640] ^ [ 34.708748] fff00000c7741480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.708853] fff00000c7741500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.708968] ==================================================================
[ 30.542383] ================================================================== [ 30.542791] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.544414] Read of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.544845] [ 30.545136] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.545285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.545315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.545364] Call Trace: [ 30.545412] <TASK> [ 30.545490] dump_stack_lvl+0x73/0xb0 [ 30.545591] print_report+0xd1/0x650 [ 30.545643] ? __virt_addr_valid+0x1db/0x2d0 [ 30.545697] ? copy_user_test_oob+0x604/0x10f0 [ 30.545781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.545856] ? copy_user_test_oob+0x604/0x10f0 [ 30.545908] kasan_report+0x141/0x180 [ 30.545976] ? copy_user_test_oob+0x604/0x10f0 [ 30.546066] kasan_check_range+0x10c/0x1c0 [ 30.546150] __kasan_check_read+0x15/0x20 [ 30.546191] copy_user_test_oob+0x604/0x10f0 [ 30.546221] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.546246] ? finish_task_switch.isra.0+0x153/0x700 [ 30.546272] ? __switch_to+0x47/0xf50 [ 30.546305] ? __schedule+0x10cc/0x2b60 [ 30.546349] ? __pfx_read_tsc+0x10/0x10 [ 30.546388] ? ktime_get_ts64+0x86/0x230 [ 30.546418] kunit_try_run_case+0x1a5/0x480 [ 30.546447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.546471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.546497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.546523] ? __kthread_parkme+0x82/0x180 [ 30.546547] ? preempt_count_sub+0x50/0x80 [ 30.546573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.546598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.546625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.546650] kthread+0x337/0x6f0 [ 30.546672] ? trace_preempt_on+0x20/0xc0 [ 30.546699] ? __pfx_kthread+0x10/0x10 [ 30.546722] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.546745] ? calculate_sigpending+0x7b/0xa0 [ 30.546772] ? __pfx_kthread+0x10/0x10 [ 30.546796] ret_from_fork+0x116/0x1d0 [ 30.546818] ? __pfx_kthread+0x10/0x10 [ 30.546841] ret_from_fork_asm+0x1a/0x30 [ 30.546874] </TASK> [ 30.546889] [ 30.555906] Allocated by task 314: [ 30.556358] kasan_save_stack+0x45/0x70 [ 30.556820] kasan_save_track+0x18/0x40 [ 30.557316] kasan_save_alloc_info+0x3b/0x50 [ 30.557706] __kasan_kmalloc+0xb7/0xc0 [ 30.558040] __kmalloc_noprof+0x1c9/0x500 [ 30.558387] kunit_kmalloc_array+0x25/0x60 [ 30.558730] copy_user_test_oob+0xab/0x10f0 [ 30.559186] kunit_try_run_case+0x1a5/0x480 [ 30.559599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.560157] kthread+0x337/0x6f0 [ 30.560497] ret_from_fork+0x116/0x1d0 [ 30.560768] ret_from_fork_asm+0x1a/0x30 [ 30.561056] [ 30.561271] The buggy address belongs to the object at ffff888103782f00 [ 30.561271] which belongs to the cache kmalloc-128 of size 128 [ 30.561962] The buggy address is located 0 bytes inside of [ 30.561962] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.562839] [ 30.563029] The buggy address belongs to the physical page: [ 30.564663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.565238] flags: 0x200000000000000(node=0|zone=2) [ 30.566421] page_type: f5(slab) [ 30.566659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.566871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.567811] page dumped because: kasan: bad access detected [ 30.568584] [ 30.568709] Memory state around the buggy address: [ 30.569095] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.569590] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.570395] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.570722] ^ [ 30.571371] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.571729] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.572547] ================================================================== [ 30.445569] ================================================================== [ 30.446094] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.446826] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.447447] [ 30.447636] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.447750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.447770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.447798] Call Trace: [ 30.447823] <TASK> [ 30.447850] dump_stack_lvl+0x73/0xb0 [ 30.447912] print_report+0xd1/0x650 [ 30.447984] ? __virt_addr_valid+0x1db/0x2d0 [ 30.448396] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.448456] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448484] kasan_report+0x141/0x180 [ 30.448510] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.448541] kasan_check_range+0x10c/0x1c0 [ 30.448569] __kasan_check_write+0x18/0x20 [ 30.448595] copy_user_test_oob+0x3fd/0x10f0 [ 30.448624] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.448649] ? finish_task_switch.isra.0+0x153/0x700 [ 30.448676] ? __switch_to+0x47/0xf50 [ 30.448705] ? __schedule+0x10cc/0x2b60 [ 30.448732] ? __pfx_read_tsc+0x10/0x10 [ 30.448756] ? ktime_get_ts64+0x86/0x230 [ 30.448786] kunit_try_run_case+0x1a5/0x480 [ 30.448815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.448840] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.448867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.448893] ? __kthread_parkme+0x82/0x180 [ 30.448931] ? preempt_count_sub+0x50/0x80 [ 30.448964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.448990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.449018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.449044] kthread+0x337/0x6f0 [ 30.449067] ? trace_preempt_on+0x20/0xc0 [ 30.449093] ? __pfx_kthread+0x10/0x10 [ 30.449131] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.449155] ? calculate_sigpending+0x7b/0xa0 [ 30.449183] ? __pfx_kthread+0x10/0x10 [ 30.449207] ret_from_fork+0x116/0x1d0 [ 30.449230] ? __pfx_kthread+0x10/0x10 [ 30.449253] ret_from_fork_asm+0x1a/0x30 [ 30.449286] </TASK> [ 30.449301] [ 30.464205] Allocated by task 314: [ 30.464515] kasan_save_stack+0x45/0x70 [ 30.464820] kasan_save_track+0x18/0x40 [ 30.465129] kasan_save_alloc_info+0x3b/0x50 [ 30.465713] __kasan_kmalloc+0xb7/0xc0 [ 30.466085] __kmalloc_noprof+0x1c9/0x500 [ 30.466289] kunit_kmalloc_array+0x25/0x60 [ 30.466476] copy_user_test_oob+0xab/0x10f0 [ 30.467021] kunit_try_run_case+0x1a5/0x480 [ 30.467490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.467963] kthread+0x337/0x6f0 [ 30.468292] ret_from_fork+0x116/0x1d0 [ 30.468564] ret_from_fork_asm+0x1a/0x30 [ 30.468848] [ 30.469384] The buggy address belongs to the object at ffff888103782f00 [ 30.469384] which belongs to the cache kmalloc-128 of size 128 [ 30.470405] The buggy address is located 0 bytes inside of [ 30.470405] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.471296] [ 30.471533] The buggy address belongs to the physical page: [ 30.471882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.472278] flags: 0x200000000000000(node=0|zone=2) [ 30.472619] page_type: f5(slab) [ 30.472857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.473800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.474576] page dumped because: kasan: bad access detected [ 30.474992] [ 30.475172] Memory state around the buggy address: [ 30.475412] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.475940] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.476403] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.476689] ^ [ 30.477470] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.478182] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.478817] ================================================================== [ 30.511355] ================================================================== [ 30.512291] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.512708] Write of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.513165] [ 30.513434] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.513572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.513603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.513654] Call Trace: [ 30.513728] <TASK> [ 30.513792] dump_stack_lvl+0x73/0xb0 [ 30.513887] print_report+0xd1/0x650 [ 30.514225] ? __virt_addr_valid+0x1db/0x2d0 [ 30.514281] ? copy_user_test_oob+0x557/0x10f0 [ 30.514310] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.514340] ? copy_user_test_oob+0x557/0x10f0 [ 30.514366] kasan_report+0x141/0x180 [ 30.514391] ? copy_user_test_oob+0x557/0x10f0 [ 30.514421] kasan_check_range+0x10c/0x1c0 [ 30.514446] __kasan_check_write+0x18/0x20 [ 30.514472] copy_user_test_oob+0x557/0x10f0 [ 30.514500] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.514525] ? finish_task_switch.isra.0+0x153/0x700 [ 30.514550] ? __switch_to+0x47/0xf50 [ 30.514579] ? __schedule+0x10cc/0x2b60 [ 30.514604] ? __pfx_read_tsc+0x10/0x10 [ 30.514629] ? ktime_get_ts64+0x86/0x230 [ 30.514657] kunit_try_run_case+0x1a5/0x480 [ 30.514686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.514711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.514736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.514761] ? __kthread_parkme+0x82/0x180 [ 30.514785] ? preempt_count_sub+0x50/0x80 [ 30.514812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.514838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.514864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.514890] kthread+0x337/0x6f0 [ 30.514922] ? trace_preempt_on+0x20/0xc0 [ 30.515192] ? __pfx_kthread+0x10/0x10 [ 30.515230] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.515258] ? calculate_sigpending+0x7b/0xa0 [ 30.515285] ? __pfx_kthread+0x10/0x10 [ 30.515310] ret_from_fork+0x116/0x1d0 [ 30.515336] ? __pfx_kthread+0x10/0x10 [ 30.515359] ret_from_fork_asm+0x1a/0x30 [ 30.515394] </TASK> [ 30.515410] [ 30.527857] Allocated by task 314: [ 30.528167] kasan_save_stack+0x45/0x70 [ 30.528584] kasan_save_track+0x18/0x40 [ 30.528917] kasan_save_alloc_info+0x3b/0x50 [ 30.529456] __kasan_kmalloc+0xb7/0xc0 [ 30.529762] __kmalloc_noprof+0x1c9/0x500 [ 30.530260] kunit_kmalloc_array+0x25/0x60 [ 30.530499] copy_user_test_oob+0xab/0x10f0 [ 30.530720] kunit_try_run_case+0x1a5/0x480 [ 30.531135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.531372] kthread+0x337/0x6f0 [ 30.531535] ret_from_fork+0x116/0x1d0 [ 30.531658] ret_from_fork_asm+0x1a/0x30 [ 30.531755] [ 30.531816] The buggy address belongs to the object at ffff888103782f00 [ 30.531816] which belongs to the cache kmalloc-128 of size 128 [ 30.532714] The buggy address is located 0 bytes inside of [ 30.532714] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.533885] [ 30.534124] The buggy address belongs to the physical page: [ 30.534654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.535175] flags: 0x200000000000000(node=0|zone=2) [ 30.535603] page_type: f5(slab) [ 30.535880] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.536302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.536823] page dumped because: kasan: bad access detected [ 30.537359] [ 30.537554] Memory state around the buggy address: [ 30.537833] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.538332] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.538938] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.539271] ^ [ 30.539830] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.540251] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.540707] ================================================================== [ 30.480171] ================================================================== [ 30.481823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.482362] Read of size 121 at addr ffff888103782f00 by task kunit_try_catch/314 [ 30.482967] [ 30.483191] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 30.483306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.483338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.483389] Call Trace: [ 30.483461] <TASK> [ 30.483521] dump_stack_lvl+0x73/0xb0 [ 30.483612] print_report+0xd1/0x650 [ 30.483664] ? __virt_addr_valid+0x1db/0x2d0 [ 30.483713] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.483821] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483877] kasan_report+0x141/0x180 [ 30.483929] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.483994] kasan_check_range+0x10c/0x1c0 [ 30.484049] __kasan_check_read+0x15/0x20 [ 30.484114] copy_user_test_oob+0x4aa/0x10f0 [ 30.484166] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.484194] ? finish_task_switch.isra.0+0x153/0x700 [ 30.484222] ? __switch_to+0x47/0xf50 [ 30.484252] ? __schedule+0x10cc/0x2b60 [ 30.484278] ? __pfx_read_tsc+0x10/0x10 [ 30.484303] ? ktime_get_ts64+0x86/0x230 [ 30.484331] kunit_try_run_case+0x1a5/0x480 [ 30.484360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.484385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.484411] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.484437] ? __kthread_parkme+0x82/0x180 [ 30.484460] ? preempt_count_sub+0x50/0x80 [ 30.484485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.484513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.484539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.484565] kthread+0x337/0x6f0 [ 30.484587] ? trace_preempt_on+0x20/0xc0 [ 30.484614] ? __pfx_kthread+0x10/0x10 [ 30.484638] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.484662] ? calculate_sigpending+0x7b/0xa0 [ 30.484688] ? __pfx_kthread+0x10/0x10 [ 30.484713] ret_from_fork+0x116/0x1d0 [ 30.484734] ? __pfx_kthread+0x10/0x10 [ 30.484758] ret_from_fork_asm+0x1a/0x30 [ 30.484792] </TASK> [ 30.484806] [ 30.496813] Allocated by task 314: [ 30.497168] kasan_save_stack+0x45/0x70 [ 30.497597] kasan_save_track+0x18/0x40 [ 30.497890] kasan_save_alloc_info+0x3b/0x50 [ 30.498172] __kasan_kmalloc+0xb7/0xc0 [ 30.498463] __kmalloc_noprof+0x1c9/0x500 [ 30.498685] kunit_kmalloc_array+0x25/0x60 [ 30.499012] copy_user_test_oob+0xab/0x10f0 [ 30.499324] kunit_try_run_case+0x1a5/0x480 [ 30.499535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.499761] kthread+0x337/0x6f0 [ 30.499963] ret_from_fork+0x116/0x1d0 [ 30.500333] ret_from_fork_asm+0x1a/0x30 [ 30.500679] [ 30.500859] The buggy address belongs to the object at ffff888103782f00 [ 30.500859] which belongs to the cache kmalloc-128 of size 128 [ 30.501883] The buggy address is located 0 bytes inside of [ 30.501883] allocated 120-byte region [ffff888103782f00, ffff888103782f78) [ 30.502731] [ 30.502859] The buggy address belongs to the physical page: [ 30.503119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103782 [ 30.503759] flags: 0x200000000000000(node=0|zone=2) [ 30.504299] page_type: f5(slab) [ 30.504646] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.505109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.505482] page dumped because: kasan: bad access detected [ 30.505990] [ 30.506149] Memory state around the buggy address: [ 30.506491] ffff888103782e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.506763] ffff888103782e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507051] >ffff888103782f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.507623] ^ [ 30.508478] ffff888103782f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.508745] ffff888103783000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.509792] ==================================================================