Date
June 20, 2025, 12:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.518870] ================================================================== [ 36.519744] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 36.520030] Write of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.520188] [ 36.520356] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.520578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.520650] Hardware name: linux,dummy-virt (DT) [ 36.520733] Call trace: [ 36.520802] show_stack+0x20/0x38 (C) [ 36.521306] dump_stack_lvl+0x8c/0xd0 [ 36.521515] print_report+0x118/0x608 [ 36.521653] kasan_report+0xdc/0x128 [ 36.521802] kasan_check_range+0x100/0x1a8 [ 36.521940] __kasan_check_write+0x20/0x30 [ 36.522368] copy_user_test_oob+0x234/0xec8 [ 36.522683] kunit_try_run_case+0x170/0x3f0 [ 36.522900] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.523041] kthread+0x328/0x630 [ 36.523193] ret_from_fork+0x10/0x20 [ 36.523325] [ 36.523385] Allocated by task 296: [ 36.523478] kasan_save_stack+0x3c/0x68 [ 36.523585] kasan_save_track+0x20/0x40 [ 36.523695] kasan_save_alloc_info+0x40/0x58 [ 36.523817] __kasan_kmalloc+0xd4/0xd8 [ 36.523926] __kmalloc_noprof+0x198/0x4c8 [ 36.524045] kunit_kmalloc_array+0x34/0x88 [ 36.524145] copy_user_test_oob+0xac/0xec8 [ 36.524247] kunit_try_run_case+0x170/0x3f0 [ 36.524382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.524484] kthread+0x328/0x630 [ 36.524661] ret_from_fork+0x10/0x20 [ 36.524938] [ 36.524996] The buggy address belongs to the object at fff00000c6515800 [ 36.524996] which belongs to the cache kmalloc-128 of size 128 [ 36.525208] The buggy address is located 0 bytes inside of [ 36.525208] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.525368] [ 36.525422] The buggy address belongs to the physical page: [ 36.525739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.526006] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.526144] page_type: f5(slab) [ 36.526261] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.526407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.526603] page dumped because: kasan: bad access detected [ 36.526805] [ 36.526861] Memory state around the buggy address: [ 36.526961] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.527087] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.527549] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.527831] ^ [ 36.528443] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.528928] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.529096] ================================================================== [ 36.594303] ================================================================== [ 36.594468] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 36.594634] Read of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.594774] [ 36.594863] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.595098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.595169] Hardware name: linux,dummy-virt (DT) [ 36.595259] Call trace: [ 36.595619] show_stack+0x20/0x38 (C) [ 36.595908] dump_stack_lvl+0x8c/0xd0 [ 36.596197] print_report+0x118/0x608 [ 36.596765] kasan_report+0xdc/0x128 [ 36.597022] kasan_check_range+0x100/0x1a8 [ 36.597314] __kasan_check_read+0x20/0x30 [ 36.597679] copy_user_test_oob+0x3c8/0xec8 [ 36.597796] kunit_try_run_case+0x170/0x3f0 [ 36.597912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.598403] kthread+0x328/0x630 [ 36.598523] ret_from_fork+0x10/0x20 [ 36.599195] [ 36.599306] Allocated by task 296: [ 36.599513] kasan_save_stack+0x3c/0x68 [ 36.599650] kasan_save_track+0x20/0x40 [ 36.599740] kasan_save_alloc_info+0x40/0x58 [ 36.600097] __kasan_kmalloc+0xd4/0xd8 [ 36.600214] __kmalloc_noprof+0x198/0x4c8 [ 36.600388] kunit_kmalloc_array+0x34/0x88 [ 36.600524] copy_user_test_oob+0xac/0xec8 [ 36.600757] kunit_try_run_case+0x170/0x3f0 [ 36.601124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.601244] kthread+0x328/0x630 [ 36.601437] ret_from_fork+0x10/0x20 [ 36.601659] [ 36.601724] The buggy address belongs to the object at fff00000c6515800 [ 36.601724] which belongs to the cache kmalloc-128 of size 128 [ 36.601970] The buggy address is located 0 bytes inside of [ 36.601970] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.602303] [ 36.602366] The buggy address belongs to the physical page: [ 36.602478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.602632] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.602830] page_type: f5(slab) [ 36.603053] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.603497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.603718] page dumped because: kasan: bad access detected [ 36.603879] [ 36.604159] Memory state around the buggy address: [ 36.604273] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.604387] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.604622] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.604787] ^ [ 36.604918] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.605302] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.605589] ================================================================== [ 36.621437] ================================================================== [ 36.621589] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 36.622004] Read of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.622136] [ 36.622235] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.622470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.622550] Hardware name: linux,dummy-virt (DT) [ 36.622645] Call trace: [ 36.622714] show_stack+0x20/0x38 (C) [ 36.622913] dump_stack_lvl+0x8c/0xd0 [ 36.623042] print_report+0x118/0x608 [ 36.623164] kasan_report+0xdc/0x128 [ 36.623304] kasan_check_range+0x100/0x1a8 [ 36.623439] __kasan_check_read+0x20/0x30 [ 36.623725] copy_user_test_oob+0x4a0/0xec8 [ 36.624087] kunit_try_run_case+0x170/0x3f0 [ 36.624208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.624420] kthread+0x328/0x630 [ 36.624541] ret_from_fork+0x10/0x20 [ 36.624690] [ 36.624746] Allocated by task 296: [ 36.624830] kasan_save_stack+0x3c/0x68 [ 36.624940] kasan_save_track+0x20/0x40 [ 36.625036] kasan_save_alloc_info+0x40/0x58 [ 36.625120] __kasan_kmalloc+0xd4/0xd8 [ 36.625190] __kmalloc_noprof+0x198/0x4c8 [ 36.625292] kunit_kmalloc_array+0x34/0x88 [ 36.625386] copy_user_test_oob+0xac/0xec8 [ 36.625487] kunit_try_run_case+0x170/0x3f0 [ 36.625587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.625719] kthread+0x328/0x630 [ 36.625801] ret_from_fork+0x10/0x20 [ 36.626285] [ 36.626386] The buggy address belongs to the object at fff00000c6515800 [ 36.626386] which belongs to the cache kmalloc-128 of size 128 [ 36.628376] The buggy address is located 0 bytes inside of [ 36.628376] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.628476] [ 36.628511] The buggy address belongs to the physical page: [ 36.628588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.628763] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.629419] page_type: f5(slab) [ 36.629522] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.629862] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.629999] page dumped because: kasan: bad access detected [ 36.630272] [ 36.630326] Memory state around the buggy address: [ 36.630478] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.630697] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.631179] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.631404] ^ [ 36.631617] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.632009] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.632177] ================================================================== [ 36.543586] ================================================================== [ 36.543828] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 36.544045] Read of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.544188] [ 36.544285] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.544658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.544742] Hardware name: linux,dummy-virt (DT) [ 36.544837] Call trace: [ 36.544904] show_stack+0x20/0x38 (C) [ 36.545039] dump_stack_lvl+0x8c/0xd0 [ 36.545159] print_report+0x118/0x608 [ 36.545281] kasan_report+0xdc/0x128 [ 36.545381] kasan_check_range+0x100/0x1a8 [ 36.545479] __kasan_check_read+0x20/0x30 [ 36.545630] copy_user_test_oob+0x728/0xec8 [ 36.545782] kunit_try_run_case+0x170/0x3f0 [ 36.545893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.546001] kthread+0x328/0x630 [ 36.546081] ret_from_fork+0x10/0x20 [ 36.546178] [ 36.546226] Allocated by task 296: [ 36.546297] kasan_save_stack+0x3c/0x68 [ 36.546416] kasan_save_track+0x20/0x40 [ 36.546511] kasan_save_alloc_info+0x40/0x58 [ 36.546663] __kasan_kmalloc+0xd4/0xd8 [ 36.546785] __kmalloc_noprof+0x198/0x4c8 [ 36.546915] kunit_kmalloc_array+0x34/0x88 [ 36.547050] copy_user_test_oob+0xac/0xec8 [ 36.547188] kunit_try_run_case+0x170/0x3f0 [ 36.547312] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.547450] kthread+0x328/0x630 [ 36.547541] ret_from_fork+0x10/0x20 [ 36.547674] [ 36.547729] The buggy address belongs to the object at fff00000c6515800 [ 36.547729] which belongs to the cache kmalloc-128 of size 128 [ 36.547893] The buggy address is located 0 bytes inside of [ 36.547893] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.548086] [ 36.548230] The buggy address belongs to the physical page: [ 36.548398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.548641] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.548796] page_type: f5(slab) [ 36.548912] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.549032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.549174] page dumped because: kasan: bad access detected [ 36.549243] [ 36.549283] Memory state around the buggy address: [ 36.549388] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.549495] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.549623] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.549731] ^ [ 36.549883] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.550054] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.550190] ================================================================== [ 36.579521] ================================================================== [ 36.580028] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 36.580198] Write of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.580411] [ 36.580724] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.581283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.581375] Hardware name: linux,dummy-virt (DT) [ 36.581571] Call trace: [ 36.581727] show_stack+0x20/0x38 (C) [ 36.582304] dump_stack_lvl+0x8c/0xd0 [ 36.582460] print_report+0x118/0x608 [ 36.582577] kasan_report+0xdc/0x128 [ 36.583120] kasan_check_range+0x100/0x1a8 [ 36.583365] __kasan_check_write+0x20/0x30 [ 36.583597] copy_user_test_oob+0x35c/0xec8 [ 36.583741] kunit_try_run_case+0x170/0x3f0 [ 36.583869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.584010] kthread+0x328/0x630 [ 36.584621] ret_from_fork+0x10/0x20 [ 36.584894] [ 36.584991] Allocated by task 296: [ 36.585274] kasan_save_stack+0x3c/0x68 [ 36.585632] kasan_save_track+0x20/0x40 [ 36.585750] kasan_save_alloc_info+0x40/0x58 [ 36.585854] __kasan_kmalloc+0xd4/0xd8 [ 36.586023] __kmalloc_noprof+0x198/0x4c8 [ 36.586134] kunit_kmalloc_array+0x34/0x88 [ 36.586326] copy_user_test_oob+0xac/0xec8 [ 36.586718] kunit_try_run_case+0x170/0x3f0 [ 36.587239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.587592] kthread+0x328/0x630 [ 36.587709] ret_from_fork+0x10/0x20 [ 36.587798] [ 36.587856] The buggy address belongs to the object at fff00000c6515800 [ 36.587856] which belongs to the cache kmalloc-128 of size 128 [ 36.588025] The buggy address is located 0 bytes inside of [ 36.588025] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.588198] [ 36.588258] The buggy address belongs to the physical page: [ 36.588695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.588860] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.588986] page_type: f5(slab) [ 36.589075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.589173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.589491] page dumped because: kasan: bad access detected [ 36.589690] [ 36.589742] Memory state around the buggy address: [ 36.589870] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.590069] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.590190] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.590302] ^ [ 36.590448] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.590685] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.591053] ================================================================== [ 36.608066] ================================================================== [ 36.608338] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 36.608591] Write of size 121 at addr fff00000c6515800 by task kunit_try_catch/296 [ 36.608952] [ 36.609050] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 36.609381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.609521] Hardware name: linux,dummy-virt (DT) [ 36.609654] Call trace: [ 36.609912] show_stack+0x20/0x38 (C) [ 36.610053] dump_stack_lvl+0x8c/0xd0 [ 36.610172] print_report+0x118/0x608 [ 36.610290] kasan_report+0xdc/0x128 [ 36.610406] kasan_check_range+0x100/0x1a8 [ 36.610525] __kasan_check_write+0x20/0x30 [ 36.610976] copy_user_test_oob+0x434/0xec8 [ 36.611173] kunit_try_run_case+0x170/0x3f0 [ 36.611423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.612026] kthread+0x328/0x630 [ 36.612243] ret_from_fork+0x10/0x20 [ 36.612436] [ 36.612493] Allocated by task 296: [ 36.612685] kasan_save_stack+0x3c/0x68 [ 36.612787] kasan_save_track+0x20/0x40 [ 36.612862] kasan_save_alloc_info+0x40/0x58 [ 36.613154] __kasan_kmalloc+0xd4/0xd8 [ 36.613278] __kmalloc_noprof+0x198/0x4c8 [ 36.613391] kunit_kmalloc_array+0x34/0x88 [ 36.613634] copy_user_test_oob+0xac/0xec8 [ 36.613843] kunit_try_run_case+0x170/0x3f0 [ 36.614054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.614167] kthread+0x328/0x630 [ 36.614571] ret_from_fork+0x10/0x20 [ 36.614826] [ 36.614886] The buggy address belongs to the object at fff00000c6515800 [ 36.614886] which belongs to the cache kmalloc-128 of size 128 [ 36.615067] The buggy address is located 0 bytes inside of [ 36.615067] allocated 120-byte region [fff00000c6515800, fff00000c6515878) [ 36.615236] [ 36.615293] The buggy address belongs to the physical page: [ 36.615379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106515 [ 36.615546] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.615688] page_type: f5(slab) [ 36.615805] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.616495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 36.616693] page dumped because: kasan: bad access detected [ 36.616899] [ 36.616953] Memory state around the buggy address: [ 36.617248] fff00000c6515700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.617379] fff00000c6515780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.617478] >fff00000c6515800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.617591] ^ [ 36.617840] fff00000c6515880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.618088] fff00000c6515900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.618621] ==================================================================
[ 30.729477] ================================================================== [ 30.730639] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.731290] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.731874] [ 30.732108] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.732253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.732289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.732345] Call Trace: [ 30.732395] <TASK> [ 30.732450] dump_stack_lvl+0x73/0xb0 [ 30.732529] print_report+0xd1/0x650 [ 30.732580] ? __virt_addr_valid+0x1db/0x2d0 [ 30.732645] ? copy_user_test_oob+0x557/0x10f0 [ 30.732722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.732800] ? copy_user_test_oob+0x557/0x10f0 [ 30.732864] kasan_report+0x141/0x180 [ 30.732934] ? copy_user_test_oob+0x557/0x10f0 [ 30.733004] kasan_check_range+0x10c/0x1c0 [ 30.733063] __kasan_check_write+0x18/0x20 [ 30.733119] copy_user_test_oob+0x557/0x10f0 [ 30.733174] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.733220] ? finish_task_switch.isra.0+0x153/0x700 [ 30.733272] ? __switch_to+0x47/0xf50 [ 30.733333] ? __schedule+0x10cc/0x2b60 [ 30.733387] ? __pfx_read_tsc+0x10/0x10 [ 30.733437] ? ktime_get_ts64+0x86/0x230 [ 30.733665] kunit_try_run_case+0x1a5/0x480 [ 30.734578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.734644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.734703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.734759] ? __kthread_parkme+0x82/0x180 [ 30.734814] ? preempt_count_sub+0x50/0x80 [ 30.734870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.734929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.734986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.735043] kthread+0x337/0x6f0 [ 30.735092] ? trace_preempt_on+0x20/0xc0 [ 30.736087] ? __pfx_kthread+0x10/0x10 [ 30.736222] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.736281] ? calculate_sigpending+0x7b/0xa0 [ 30.736343] ? __pfx_kthread+0x10/0x10 [ 30.736396] ret_from_fork+0x116/0x1d0 [ 30.736458] ? __pfx_kthread+0x10/0x10 [ 30.736513] ret_from_fork_asm+0x1a/0x30 [ 30.736587] </TASK> [ 30.736620] [ 30.746193] Allocated by task 314: [ 30.746434] kasan_save_stack+0x45/0x70 [ 30.746877] kasan_save_track+0x18/0x40 [ 30.747243] kasan_save_alloc_info+0x3b/0x50 [ 30.747623] __kasan_kmalloc+0xb7/0xc0 [ 30.747953] __kmalloc_noprof+0x1c9/0x500 [ 30.748260] kunit_kmalloc_array+0x25/0x60 [ 30.748553] copy_user_test_oob+0xab/0x10f0 [ 30.748912] kunit_try_run_case+0x1a5/0x480 [ 30.749109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.749368] kthread+0x337/0x6f0 [ 30.749668] ret_from_fork+0x116/0x1d0 [ 30.749982] ret_from_fork_asm+0x1a/0x30 [ 30.750365] [ 30.750549] The buggy address belongs to the object at ffff888102337100 [ 30.750549] which belongs to the cache kmalloc-128 of size 128 [ 30.751337] The buggy address is located 0 bytes inside of [ 30.751337] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.751837] [ 30.751947] The buggy address belongs to the physical page: [ 30.752210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.752813] flags: 0x200000000000000(node=0|zone=2) [ 30.753252] page_type: f5(slab) [ 30.753558] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.754166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.754462] page dumped because: kasan: bad access detected [ 30.754723] [ 30.754883] Memory state around the buggy address: [ 30.755300] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.755843] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.756232] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.756718] ^ [ 30.756990] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.757286] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.757681] ================================================================== [ 30.759374] ================================================================== [ 30.760088] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.760730] Read of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.761130] [ 30.761319] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.761437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.761478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.761529] Call Trace: [ 30.761575] <TASK> [ 30.761624] dump_stack_lvl+0x73/0xb0 [ 30.761703] print_report+0xd1/0x650 [ 30.761787] ? __virt_addr_valid+0x1db/0x2d0 [ 30.761843] ? copy_user_test_oob+0x604/0x10f0 [ 30.761899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.761952] ? copy_user_test_oob+0x604/0x10f0 [ 30.762000] kasan_report+0x141/0x180 [ 30.762063] ? copy_user_test_oob+0x604/0x10f0 [ 30.762131] kasan_check_range+0x10c/0x1c0 [ 30.762227] __kasan_check_read+0x15/0x20 [ 30.762282] copy_user_test_oob+0x604/0x10f0 [ 30.762343] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.762396] ? finish_task_switch.isra.0+0x153/0x700 [ 30.762463] ? __switch_to+0x47/0xf50 [ 30.762519] ? __schedule+0x10cc/0x2b60 [ 30.762563] ? __pfx_read_tsc+0x10/0x10 [ 30.762610] ? ktime_get_ts64+0x86/0x230 [ 30.762662] kunit_try_run_case+0x1a5/0x480 [ 30.762746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.762794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.762856] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.762910] ? __kthread_parkme+0x82/0x180 [ 30.762957] ? preempt_count_sub+0x50/0x80 [ 30.763006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.763053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.763098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.763179] kthread+0x337/0x6f0 [ 30.763228] ? trace_preempt_on+0x20/0xc0 [ 30.763281] ? __pfx_kthread+0x10/0x10 [ 30.763329] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.763377] ? calculate_sigpending+0x7b/0xa0 [ 30.763433] ? __pfx_kthread+0x10/0x10 [ 30.763495] ret_from_fork+0x116/0x1d0 [ 30.763536] ? __pfx_kthread+0x10/0x10 [ 30.763585] ret_from_fork_asm+0x1a/0x30 [ 30.763656] </TASK> [ 30.763690] [ 30.775393] Allocated by task 314: [ 30.775652] kasan_save_stack+0x45/0x70 [ 30.776058] kasan_save_track+0x18/0x40 [ 30.776392] kasan_save_alloc_info+0x3b/0x50 [ 30.776608] __kasan_kmalloc+0xb7/0xc0 [ 30.776915] __kmalloc_noprof+0x1c9/0x500 [ 30.777170] kunit_kmalloc_array+0x25/0x60 [ 30.777562] copy_user_test_oob+0xab/0x10f0 [ 30.777788] kunit_try_run_case+0x1a5/0x480 [ 30.777983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.778476] kthread+0x337/0x6f0 [ 30.778787] ret_from_fork+0x116/0x1d0 [ 30.779026] ret_from_fork_asm+0x1a/0x30 [ 30.779303] [ 30.779402] The buggy address belongs to the object at ffff888102337100 [ 30.779402] which belongs to the cache kmalloc-128 of size 128 [ 30.779993] The buggy address is located 0 bytes inside of [ 30.779993] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.780867] [ 30.781074] The buggy address belongs to the physical page: [ 30.781399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.781756] flags: 0x200000000000000(node=0|zone=2) [ 30.781982] page_type: f5(slab) [ 30.782169] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.782775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.783364] page dumped because: kasan: bad access detected [ 30.783724] [ 30.783885] Memory state around the buggy address: [ 30.784095] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.784555] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.784932] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.785449] ^ [ 30.785749] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.786033] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.786611] ================================================================== [ 30.701597] ================================================================== [ 30.702281] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.702867] Read of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.703313] [ 30.703525] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.703644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.703679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.703732] Call Trace: [ 30.703780] <TASK> [ 30.703829] dump_stack_lvl+0x73/0xb0 [ 30.703906] print_report+0xd1/0x650 [ 30.703963] ? __virt_addr_valid+0x1db/0x2d0 [ 30.704015] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704076] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.704146] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704195] kasan_report+0x141/0x180 [ 30.704248] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.704311] kasan_check_range+0x10c/0x1c0 [ 30.704362] __kasan_check_read+0x15/0x20 [ 30.704417] copy_user_test_oob+0x4aa/0x10f0 [ 30.704492] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.704544] ? finish_task_switch.isra.0+0x153/0x700 [ 30.704597] ? __switch_to+0x47/0xf50 [ 30.704668] ? __schedule+0x10cc/0x2b60 [ 30.704737] ? __pfx_read_tsc+0x10/0x10 [ 30.704789] ? ktime_get_ts64+0x86/0x230 [ 30.704840] kunit_try_run_case+0x1a5/0x480 [ 30.704895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.704953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.705006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.705077] ? __kthread_parkme+0x82/0x180 [ 30.705130] ? preempt_count_sub+0x50/0x80 [ 30.705178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.705240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.705311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.705367] kthread+0x337/0x6f0 [ 30.705415] ? trace_preempt_on+0x20/0xc0 [ 30.705486] ? __pfx_kthread+0x10/0x10 [ 30.705533] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.705601] ? calculate_sigpending+0x7b/0xa0 [ 30.705652] ? __pfx_kthread+0x10/0x10 [ 30.705703] ret_from_fork+0x116/0x1d0 [ 30.705758] ? __pfx_kthread+0x10/0x10 [ 30.705825] ret_from_fork_asm+0x1a/0x30 [ 30.705900] </TASK> [ 30.705932] [ 30.715980] Allocated by task 314: [ 30.716501] kasan_save_stack+0x45/0x70 [ 30.716932] kasan_save_track+0x18/0x40 [ 30.717288] kasan_save_alloc_info+0x3b/0x50 [ 30.717596] __kasan_kmalloc+0xb7/0xc0 [ 30.717789] __kmalloc_noprof+0x1c9/0x500 [ 30.717975] kunit_kmalloc_array+0x25/0x60 [ 30.718187] copy_user_test_oob+0xab/0x10f0 [ 30.718586] kunit_try_run_case+0x1a5/0x480 [ 30.718953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.719438] kthread+0x337/0x6f0 [ 30.719746] ret_from_fork+0x116/0x1d0 [ 30.720071] ret_from_fork_asm+0x1a/0x30 [ 30.720462] [ 30.720592] The buggy address belongs to the object at ffff888102337100 [ 30.720592] which belongs to the cache kmalloc-128 of size 128 [ 30.721133] The buggy address is located 0 bytes inside of [ 30.721133] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.721934] [ 30.722134] The buggy address belongs to the physical page: [ 30.722372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.722928] flags: 0x200000000000000(node=0|zone=2) [ 30.723436] page_type: f5(slab) [ 30.723617] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.724107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.724606] page dumped because: kasan: bad access detected [ 30.724839] [ 30.725009] Memory state around the buggy address: [ 30.725409] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.725812] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.726292] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.726743] ^ [ 30.727015] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727275] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.727543] ================================================================== [ 30.674748] ================================================================== [ 30.675199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.675603] Write of size 121 at addr ffff888102337100 by task kunit_try_catch/314 [ 30.676209] [ 30.676412] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 30.676538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.676572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.676627] Call Trace: [ 30.676669] <TASK> [ 30.676713] dump_stack_lvl+0x73/0xb0 [ 30.676802] print_report+0xd1/0x650 [ 30.676874] ? __virt_addr_valid+0x1db/0x2d0 [ 30.676936] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.677065] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677121] kasan_report+0x141/0x180 [ 30.677169] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.677228] kasan_check_range+0x10c/0x1c0 [ 30.677276] __kasan_check_write+0x18/0x20 [ 30.677327] copy_user_test_oob+0x3fd/0x10f0 [ 30.677386] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.677435] ? finish_task_switch.isra.0+0x153/0x700 [ 30.677506] ? __switch_to+0x47/0xf50 [ 30.677564] ? __schedule+0x10cc/0x2b60 [ 30.677615] ? __pfx_read_tsc+0x10/0x10 [ 30.677661] ? ktime_get_ts64+0x86/0x230 [ 30.677730] kunit_try_run_case+0x1a5/0x480 [ 30.677811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.677858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.677901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.677936] ? __kthread_parkme+0x82/0x180 [ 30.677962] ? preempt_count_sub+0x50/0x80 [ 30.677989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.678016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.678058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.678086] kthread+0x337/0x6f0 [ 30.678110] ? trace_preempt_on+0x20/0xc0 [ 30.678138] ? __pfx_kthread+0x10/0x10 [ 30.678176] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.678212] ? calculate_sigpending+0x7b/0xa0 [ 30.678241] ? __pfx_kthread+0x10/0x10 [ 30.678266] ret_from_fork+0x116/0x1d0 [ 30.678289] ? __pfx_kthread+0x10/0x10 [ 30.678313] ret_from_fork_asm+0x1a/0x30 [ 30.678349] </TASK> [ 30.678366] [ 30.688340] Allocated by task 314: [ 30.688616] kasan_save_stack+0x45/0x70 [ 30.688865] kasan_save_track+0x18/0x40 [ 30.689045] kasan_save_alloc_info+0x3b/0x50 [ 30.689407] __kasan_kmalloc+0xb7/0xc0 [ 30.689744] __kmalloc_noprof+0x1c9/0x500 [ 30.690091] kunit_kmalloc_array+0x25/0x60 [ 30.690411] copy_user_test_oob+0xab/0x10f0 [ 30.690623] kunit_try_run_case+0x1a5/0x480 [ 30.690820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.691044] kthread+0x337/0x6f0 [ 30.691448] ret_from_fork+0x116/0x1d0 [ 30.691793] ret_from_fork_asm+0x1a/0x30 [ 30.692182] [ 30.692377] The buggy address belongs to the object at ffff888102337100 [ 30.692377] which belongs to the cache kmalloc-128 of size 128 [ 30.693353] The buggy address is located 0 bytes inside of [ 30.693353] allocated 120-byte region [ffff888102337100, ffff888102337178) [ 30.694052] [ 30.694300] The buggy address belongs to the physical page: [ 30.694751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102337 [ 30.695187] flags: 0x200000000000000(node=0|zone=2) [ 30.695629] page_type: f5(slab) [ 30.695908] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.696372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.696827] page dumped because: kasan: bad access detected [ 30.697153] [ 30.697340] Memory state around the buggy address: [ 30.697559] ffff888102337000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.698098] ffff888102337080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698571] >ffff888102337100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.698852] ^ [ 30.699123] ffff888102337180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699382] ffff888102337200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.699930] ==================================================================