Date
June 23, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 37.332680] ================================================================== [ 37.332786] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 37.332907] Write of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.333483] [ 37.333714] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.335060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.335228] Hardware name: linux,dummy-virt (DT) [ 37.335455] Call trace: [ 37.336220] show_stack+0x20/0x38 (C) [ 37.336353] dump_stack_lvl+0x8c/0xd0 [ 37.337706] print_report+0x118/0x608 [ 37.338494] kasan_report+0xdc/0x128 [ 37.339179] kasan_check_range+0x100/0x1a8 [ 37.339882] __kasan_check_write+0x20/0x30 [ 37.340337] copy_user_test_oob+0x35c/0xec8 [ 37.340513] kunit_try_run_case+0x170/0x3f0 [ 37.340634] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.341267] kthread+0x328/0x630 [ 37.341758] ret_from_fork+0x10/0x20 [ 37.342345] [ 37.342418] Allocated by task 297: [ 37.342757] kasan_save_stack+0x3c/0x68 [ 37.343177] kasan_save_track+0x20/0x40 [ 37.343287] kasan_save_alloc_info+0x40/0x58 [ 37.343384] __kasan_kmalloc+0xd4/0xd8 [ 37.343474] __kmalloc_noprof+0x198/0x4c8 [ 37.343572] kunit_kmalloc_array+0x34/0x88 [ 37.343890] copy_user_test_oob+0xac/0xec8 [ 37.344171] kunit_try_run_case+0x170/0x3f0 [ 37.344569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.345218] kthread+0x328/0x630 [ 37.345336] ret_from_fork+0x10/0x20 [ 37.345435] [ 37.346113] The buggy address belongs to the object at fff00000c7801300 [ 37.346113] which belongs to the cache kmalloc-128 of size 128 [ 37.346896] The buggy address is located 0 bytes inside of [ 37.346896] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.347529] [ 37.347588] The buggy address belongs to the physical page: [ 37.347666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.347809] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.348167] page_type: f5(slab) [ 37.348381] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.348509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.348613] page dumped because: kasan: bad access detected [ 37.348691] [ 37.348738] Memory state around the buggy address: [ 37.348817] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.348930] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.349129] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.349234] ^ [ 37.349356] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.349560] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.350268] ================================================================== [ 37.280098] ================================================================== [ 37.280341] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 37.280506] Write of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.280633] [ 37.280724] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.280926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.280994] Hardware name: linux,dummy-virt (DT) [ 37.281628] Call trace: [ 37.281708] show_stack+0x20/0x38 (C) [ 37.281874] dump_stack_lvl+0x8c/0xd0 [ 37.282121] print_report+0x118/0x608 [ 37.282258] kasan_report+0xdc/0x128 [ 37.282375] kasan_check_range+0x100/0x1a8 [ 37.282496] __kasan_check_write+0x20/0x30 [ 37.282635] copy_user_test_oob+0x234/0xec8 [ 37.282794] kunit_try_run_case+0x170/0x3f0 [ 37.282953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.283226] kthread+0x328/0x630 [ 37.283366] ret_from_fork+0x10/0x20 [ 37.283639] [ 37.283937] Allocated by task 297: [ 37.284077] kasan_save_stack+0x3c/0x68 [ 37.284199] kasan_save_track+0x20/0x40 [ 37.284488] kasan_save_alloc_info+0x40/0x58 [ 37.284737] __kasan_kmalloc+0xd4/0xd8 [ 37.284909] __kmalloc_noprof+0x198/0x4c8 [ 37.285392] kunit_kmalloc_array+0x34/0x88 [ 37.285774] copy_user_test_oob+0xac/0xec8 [ 37.285943] kunit_try_run_case+0x170/0x3f0 [ 37.286100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.286209] kthread+0x328/0x630 [ 37.286330] ret_from_fork+0x10/0x20 [ 37.286754] [ 37.286853] The buggy address belongs to the object at fff00000c7801300 [ 37.286853] which belongs to the cache kmalloc-128 of size 128 [ 37.287003] The buggy address is located 0 bytes inside of [ 37.287003] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.287191] [ 37.287255] The buggy address belongs to the physical page: [ 37.287340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.287607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.287745] page_type: f5(slab) [ 37.287897] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.288043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.288157] page dumped because: kasan: bad access detected [ 37.288235] [ 37.288283] Memory state around the buggy address: [ 37.288408] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.288520] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.288626] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.288726] ^ [ 37.288875] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.288984] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.289618] ================================================================== [ 37.302652] ================================================================== [ 37.303556] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 37.304219] Read of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.304375] [ 37.304452] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.304930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.305086] Hardware name: linux,dummy-virt (DT) [ 37.305225] Call trace: [ 37.305291] show_stack+0x20/0x38 (C) [ 37.305444] dump_stack_lvl+0x8c/0xd0 [ 37.305696] print_report+0x118/0x608 [ 37.305938] kasan_report+0xdc/0x128 [ 37.306286] kasan_check_range+0x100/0x1a8 [ 37.306451] __kasan_check_read+0x20/0x30 [ 37.306690] copy_user_test_oob+0x728/0xec8 [ 37.307143] kunit_try_run_case+0x170/0x3f0 [ 37.307426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.307600] kthread+0x328/0x630 [ 37.307783] ret_from_fork+0x10/0x20 [ 37.307943] [ 37.308002] Allocated by task 297: [ 37.308103] kasan_save_stack+0x3c/0x68 [ 37.308209] kasan_save_track+0x20/0x40 [ 37.308388] kasan_save_alloc_info+0x40/0x58 [ 37.308583] __kasan_kmalloc+0xd4/0xd8 [ 37.308868] __kmalloc_noprof+0x198/0x4c8 [ 37.308996] kunit_kmalloc_array+0x34/0x88 [ 37.309129] copy_user_test_oob+0xac/0xec8 [ 37.309437] kunit_try_run_case+0x170/0x3f0 [ 37.309716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.309845] kthread+0x328/0x630 [ 37.310123] ret_from_fork+0x10/0x20 [ 37.310326] [ 37.310381] The buggy address belongs to the object at fff00000c7801300 [ 37.310381] which belongs to the cache kmalloc-128 of size 128 [ 37.310661] The buggy address is located 0 bytes inside of [ 37.310661] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.310845] [ 37.310913] The buggy address belongs to the physical page: [ 37.311178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.312327] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.312524] page_type: f5(slab) [ 37.312632] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.312760] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.312914] page dumped because: kasan: bad access detected [ 37.313059] [ 37.313145] Memory state around the buggy address: [ 37.313396] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.313510] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.313617] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.313713] ^ [ 37.313814] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.313920] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.314015] ================================================================== [ 37.376958] ================================================================== [ 37.377190] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 37.377472] Read of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.377697] [ 37.377904] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.378220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.378292] Hardware name: linux,dummy-virt (DT) [ 37.378374] Call trace: [ 37.378560] show_stack+0x20/0x38 (C) [ 37.378715] dump_stack_lvl+0x8c/0xd0 [ 37.378872] print_report+0x118/0x608 [ 37.379088] kasan_report+0xdc/0x128 [ 37.379277] kasan_check_range+0x100/0x1a8 [ 37.379501] __kasan_check_read+0x20/0x30 [ 37.379660] copy_user_test_oob+0x4a0/0xec8 [ 37.379850] kunit_try_run_case+0x170/0x3f0 [ 37.380054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.380216] kthread+0x328/0x630 [ 37.380995] ret_from_fork+0x10/0x20 [ 37.381192] [ 37.381327] Allocated by task 297: [ 37.381406] kasan_save_stack+0x3c/0x68 [ 37.381509] kasan_save_track+0x20/0x40 [ 37.381613] kasan_save_alloc_info+0x40/0x58 [ 37.381733] __kasan_kmalloc+0xd4/0xd8 [ 37.381857] __kmalloc_noprof+0x198/0x4c8 [ 37.382147] kunit_kmalloc_array+0x34/0x88 [ 37.382290] copy_user_test_oob+0xac/0xec8 [ 37.382391] kunit_try_run_case+0x170/0x3f0 [ 37.382493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.382666] kthread+0x328/0x630 [ 37.382790] ret_from_fork+0x10/0x20 [ 37.383022] [ 37.383141] The buggy address belongs to the object at fff00000c7801300 [ 37.383141] which belongs to the cache kmalloc-128 of size 128 [ 37.383353] The buggy address is located 0 bytes inside of [ 37.383353] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.383589] [ 37.383654] The buggy address belongs to the physical page: [ 37.383743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.383885] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.384014] page_type: f5(slab) [ 37.384259] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.384617] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.384909] page dumped because: kasan: bad access detected [ 37.385107] [ 37.385165] Memory state around the buggy address: [ 37.385282] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.385397] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.385542] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.385641] ^ [ 37.385747] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.385851] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.385944] ================================================================== [ 37.368233] ================================================================== [ 37.368407] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 37.368559] Write of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.368698] [ 37.368794] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.369233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.369430] Hardware name: linux,dummy-virt (DT) [ 37.369562] Call trace: [ 37.369670] show_stack+0x20/0x38 (C) [ 37.369903] dump_stack_lvl+0x8c/0xd0 [ 37.370050] print_report+0x118/0x608 [ 37.370173] kasan_report+0xdc/0x128 [ 37.370290] kasan_check_range+0x100/0x1a8 [ 37.370426] __kasan_check_write+0x20/0x30 [ 37.370633] copy_user_test_oob+0x434/0xec8 [ 37.370845] kunit_try_run_case+0x170/0x3f0 [ 37.371020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.371180] kthread+0x328/0x630 [ 37.371310] ret_from_fork+0x10/0x20 [ 37.371429] [ 37.371569] Allocated by task 297: [ 37.371680] kasan_save_stack+0x3c/0x68 [ 37.371790] kasan_save_track+0x20/0x40 [ 37.371884] kasan_save_alloc_info+0x40/0x58 [ 37.371980] __kasan_kmalloc+0xd4/0xd8 [ 37.372097] __kmalloc_noprof+0x198/0x4c8 [ 37.372194] kunit_kmalloc_array+0x34/0x88 [ 37.372288] copy_user_test_oob+0xac/0xec8 [ 37.372385] kunit_try_run_case+0x170/0x3f0 [ 37.372482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.372612] kthread+0x328/0x630 [ 37.372722] ret_from_fork+0x10/0x20 [ 37.372918] [ 37.372976] The buggy address belongs to the object at fff00000c7801300 [ 37.372976] which belongs to the cache kmalloc-128 of size 128 [ 37.373183] The buggy address is located 0 bytes inside of [ 37.373183] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.373428] [ 37.373492] The buggy address belongs to the physical page: [ 37.373596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.373827] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.374057] page_type: f5(slab) [ 37.374172] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.374299] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.374399] page dumped because: kasan: bad access detected [ 37.374539] [ 37.374608] Memory state around the buggy address: [ 37.374801] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.374951] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.375143] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.375243] ^ [ 37.375413] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.375529] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.375633] ================================================================== [ 37.352200] ================================================================== [ 37.352304] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 37.352421] Read of size 121 at addr fff00000c7801300 by task kunit_try_catch/297 [ 37.352551] [ 37.352625] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 37.352832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.352903] Hardware name: linux,dummy-virt (DT) [ 37.352974] Call trace: [ 37.353051] show_stack+0x20/0x38 (C) [ 37.353174] dump_stack_lvl+0x8c/0xd0 [ 37.353288] print_report+0x118/0x608 [ 37.353418] kasan_report+0xdc/0x128 [ 37.353564] kasan_check_range+0x100/0x1a8 [ 37.354165] __kasan_check_read+0x20/0x30 [ 37.354614] copy_user_test_oob+0x3c8/0xec8 [ 37.354792] kunit_try_run_case+0x170/0x3f0 [ 37.354924] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.355090] kthread+0x328/0x630 [ 37.355235] ret_from_fork+0x10/0x20 [ 37.355379] [ 37.355554] Allocated by task 297: [ 37.356486] kasan_save_stack+0x3c/0x68 [ 37.356765] kasan_save_track+0x20/0x40 [ 37.356978] kasan_save_alloc_info+0x40/0x58 [ 37.357279] __kasan_kmalloc+0xd4/0xd8 [ 37.357549] __kmalloc_noprof+0x198/0x4c8 [ 37.357651] kunit_kmalloc_array+0x34/0x88 [ 37.357747] copy_user_test_oob+0xac/0xec8 [ 37.357847] kunit_try_run_case+0x170/0x3f0 [ 37.357944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.358073] kthread+0x328/0x630 [ 37.358173] ret_from_fork+0x10/0x20 [ 37.358288] [ 37.358350] The buggy address belongs to the object at fff00000c7801300 [ 37.358350] which belongs to the cache kmalloc-128 of size 128 [ 37.359302] The buggy address is located 0 bytes inside of [ 37.359302] allocated 120-byte region [fff00000c7801300, fff00000c7801378) [ 37.360301] [ 37.360418] The buggy address belongs to the physical page: [ 37.360558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107801 [ 37.360730] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.360872] page_type: f5(slab) [ 37.360986] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.361732] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.361836] page dumped because: kasan: bad access detected [ 37.362068] [ 37.362121] Memory state around the buggy address: [ 37.362200] fff00000c7801200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.362307] fff00000c7801280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.362412] >fff00000c7801300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.362501] ^ [ 37.362660] fff00000c7801380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.362783] fff00000c7801400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.362962] ==================================================================
[ 26.221357] ================================================================== [ 26.221672] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.221991] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.222408] [ 26.222770] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.223116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.223160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.223196] Call Trace: [ 26.223227] <TASK> [ 26.223254] dump_stack_lvl+0x73/0xb0 [ 26.223288] print_report+0xd1/0x650 [ 26.223308] ? __virt_addr_valid+0x1db/0x2d0 [ 26.223330] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223349] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.223370] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223410] kasan_report+0x141/0x180 [ 26.223431] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.223455] kasan_check_range+0x10c/0x1c0 [ 26.223475] __kasan_check_write+0x18/0x20 [ 26.223495] copy_user_test_oob+0x3fd/0x10f0 [ 26.223517] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.223536] ? finish_task_switch.isra.0+0x153/0x700 [ 26.223556] ? __switch_to+0x47/0xf50 [ 26.223579] ? __schedule+0x10cc/0x2b60 [ 26.223599] ? __pfx_read_tsc+0x10/0x10 [ 26.223618] ? ktime_get_ts64+0x86/0x230 [ 26.223639] kunit_try_run_case+0x1a5/0x480 [ 26.223661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.223681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.223700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.223720] ? __kthread_parkme+0x82/0x180 [ 26.223738] ? preempt_count_sub+0x50/0x80 [ 26.223757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.223778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.223798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.223819] kthread+0x337/0x6f0 [ 26.223861] ? trace_preempt_on+0x20/0xc0 [ 26.223912] ? __pfx_kthread+0x10/0x10 [ 26.223949] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.223985] ? calculate_sigpending+0x7b/0xa0 [ 26.224019] ? __pfx_kthread+0x10/0x10 [ 26.224050] ret_from_fork+0x116/0x1d0 [ 26.224082] ? __pfx_kthread+0x10/0x10 [ 26.224114] ret_from_fork_asm+0x1a/0x30 [ 26.224171] </TASK> [ 26.224192] [ 26.231758] Allocated by task 314: [ 26.231936] kasan_save_stack+0x45/0x70 [ 26.232101] kasan_save_track+0x18/0x40 [ 26.232248] kasan_save_alloc_info+0x3b/0x50 [ 26.232509] __kasan_kmalloc+0xb7/0xc0 [ 26.232758] __kmalloc_noprof+0x1c9/0x500 [ 26.233073] kunit_kmalloc_array+0x25/0x60 [ 26.233339] copy_user_test_oob+0xab/0x10f0 [ 26.233647] kunit_try_run_case+0x1a5/0x480 [ 26.233958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.234338] kthread+0x337/0x6f0 [ 26.234616] ret_from_fork+0x116/0x1d0 [ 26.234874] ret_from_fork_asm+0x1a/0x30 [ 26.235081] [ 26.235210] The buggy address belongs to the object at ffff888102c14900 [ 26.235210] which belongs to the cache kmalloc-128 of size 128 [ 26.235723] The buggy address is located 0 bytes inside of [ 26.235723] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.236256] [ 26.236411] The buggy address belongs to the physical page: [ 26.236650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.236923] flags: 0x200000000000000(node=0|zone=2) [ 26.237246] page_type: f5(slab) [ 26.237498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.237776] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.238106] page dumped because: kasan: bad access detected [ 26.238464] [ 26.238558] Memory state around the buggy address: [ 26.238736] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.239005] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.239221] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.239501] ^ [ 26.239962] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.240458] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.240920] ================================================================== [ 26.290442] ================================================================== [ 26.290921] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.291390] Read of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.291758] [ 26.291975] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.292060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.292084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.292120] Call Trace: [ 26.292146] <TASK> [ 26.292189] dump_stack_lvl+0x73/0xb0 [ 26.292243] print_report+0xd1/0x650 [ 26.292281] ? __virt_addr_valid+0x1db/0x2d0 [ 26.292320] ? copy_user_test_oob+0x604/0x10f0 [ 26.292361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.292433] ? copy_user_test_oob+0x604/0x10f0 [ 26.292475] kasan_report+0x141/0x180 [ 26.292513] ? copy_user_test_oob+0x604/0x10f0 [ 26.292558] kasan_check_range+0x10c/0x1c0 [ 26.292599] __kasan_check_read+0x15/0x20 [ 26.292656] copy_user_test_oob+0x604/0x10f0 [ 26.292701] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.292742] ? finish_task_switch.isra.0+0x153/0x700 [ 26.292781] ? __switch_to+0x47/0xf50 [ 26.292855] ? __schedule+0x10cc/0x2b60 [ 26.292916] ? __pfx_read_tsc+0x10/0x10 [ 26.292955] ? ktime_get_ts64+0x86/0x230 [ 26.292998] kunit_try_run_case+0x1a5/0x480 [ 26.293056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.293136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.293177] ? __kthread_parkme+0x82/0x180 [ 26.293227] ? preempt_count_sub+0x50/0x80 [ 26.293280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.293324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.293390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.293436] kthread+0x337/0x6f0 [ 26.293474] ? trace_preempt_on+0x20/0xc0 [ 26.293519] ? __pfx_kthread+0x10/0x10 [ 26.293559] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.293601] ? calculate_sigpending+0x7b/0xa0 [ 26.293644] ? __pfx_kthread+0x10/0x10 [ 26.293685] ret_from_fork+0x116/0x1d0 [ 26.293720] ? __pfx_kthread+0x10/0x10 [ 26.293754] ret_from_fork_asm+0x1a/0x30 [ 26.293807] </TASK> [ 26.293869] [ 26.301790] Allocated by task 314: [ 26.302052] kasan_save_stack+0x45/0x70 [ 26.302344] kasan_save_track+0x18/0x40 [ 26.302648] kasan_save_alloc_info+0x3b/0x50 [ 26.302999] __kasan_kmalloc+0xb7/0xc0 [ 26.303281] __kmalloc_noprof+0x1c9/0x500 [ 26.303588] kunit_kmalloc_array+0x25/0x60 [ 26.303904] copy_user_test_oob+0xab/0x10f0 [ 26.304207] kunit_try_run_case+0x1a5/0x480 [ 26.304532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.304925] kthread+0x337/0x6f0 [ 26.305118] ret_from_fork+0x116/0x1d0 [ 26.305371] ret_from_fork_asm+0x1a/0x30 [ 26.305649] [ 26.305794] The buggy address belongs to the object at ffff888102c14900 [ 26.305794] which belongs to the cache kmalloc-128 of size 128 [ 26.306184] The buggy address is located 0 bytes inside of [ 26.306184] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.306882] [ 26.307058] The buggy address belongs to the physical page: [ 26.307406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.307906] flags: 0x200000000000000(node=0|zone=2) [ 26.308164] page_type: f5(slab) [ 26.308338] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.308582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.308951] page dumped because: kasan: bad access detected [ 26.309329] [ 26.309482] Memory state around the buggy address: [ 26.309811] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.310334] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.310728] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.310974] ^ [ 26.311474] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.311972] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.312293] ================================================================== [ 26.267289] ================================================================== [ 26.267817] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.268491] Write of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.269004] [ 26.269172] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.269276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.269300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.269333] Call Trace: [ 26.269359] <TASK> [ 26.269397] dump_stack_lvl+0x73/0xb0 [ 26.269451] print_report+0xd1/0x650 [ 26.269493] ? __virt_addr_valid+0x1db/0x2d0 [ 26.269534] ? copy_user_test_oob+0x557/0x10f0 [ 26.269573] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.269635] ? copy_user_test_oob+0x557/0x10f0 [ 26.269674] kasan_report+0x141/0x180 [ 26.269714] ? copy_user_test_oob+0x557/0x10f0 [ 26.269760] kasan_check_range+0x10c/0x1c0 [ 26.269821] __kasan_check_write+0x18/0x20 [ 26.269894] copy_user_test_oob+0x557/0x10f0 [ 26.269939] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.269993] ? finish_task_switch.isra.0+0x153/0x700 [ 26.270045] ? __switch_to+0x47/0xf50 [ 26.270135] ? __schedule+0x10cc/0x2b60 [ 26.270192] ? __pfx_read_tsc+0x10/0x10 [ 26.270245] ? ktime_get_ts64+0x86/0x230 [ 26.270292] kunit_try_run_case+0x1a5/0x480 [ 26.270340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.270396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.270439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.270475] ? __kthread_parkme+0x82/0x180 [ 26.270508] ? preempt_count_sub+0x50/0x80 [ 26.270548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.270587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.270629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.270673] kthread+0x337/0x6f0 [ 26.270712] ? trace_preempt_on+0x20/0xc0 [ 26.270759] ? __pfx_kthread+0x10/0x10 [ 26.270801] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.270881] ? calculate_sigpending+0x7b/0xa0 [ 26.270931] ? __pfx_kthread+0x10/0x10 [ 26.270976] ret_from_fork+0x116/0x1d0 [ 26.271009] ? __pfx_kthread+0x10/0x10 [ 26.271068] ret_from_fork_asm+0x1a/0x30 [ 26.271122] </TASK> [ 26.271154] [ 26.279511] Allocated by task 314: [ 26.279767] kasan_save_stack+0x45/0x70 [ 26.280000] kasan_save_track+0x18/0x40 [ 26.280265] kasan_save_alloc_info+0x3b/0x50 [ 26.280508] __kasan_kmalloc+0xb7/0xc0 [ 26.280697] __kmalloc_noprof+0x1c9/0x500 [ 26.280925] kunit_kmalloc_array+0x25/0x60 [ 26.281107] copy_user_test_oob+0xab/0x10f0 [ 26.281287] kunit_try_run_case+0x1a5/0x480 [ 26.281451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.281805] kthread+0x337/0x6f0 [ 26.282105] ret_from_fork+0x116/0x1d0 [ 26.282426] ret_from_fork_asm+0x1a/0x30 [ 26.282739] [ 26.282925] The buggy address belongs to the object at ffff888102c14900 [ 26.282925] which belongs to the cache kmalloc-128 of size 128 [ 26.283623] The buggy address is located 0 bytes inside of [ 26.283623] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.284238] [ 26.284333] The buggy address belongs to the physical page: [ 26.284721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.285159] flags: 0x200000000000000(node=0|zone=2) [ 26.285513] page_type: f5(slab) [ 26.285710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.286131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.286637] page dumped because: kasan: bad access detected [ 26.286939] [ 26.287031] Memory state around the buggy address: [ 26.287352] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.287694] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.288177] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.288529] ^ [ 26.288815] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289246] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.289593] ================================================================== [ 26.241799] ================================================================== [ 26.242409] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.242774] Read of size 121 at addr ffff888102c14900 by task kunit_try_catch/314 [ 26.243146] [ 26.243299] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 26.243374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.243411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.243444] Call Trace: [ 26.243468] <TASK> [ 26.243495] dump_stack_lvl+0x73/0xb0 [ 26.243541] print_report+0xd1/0x650 [ 26.243573] ? __virt_addr_valid+0x1db/0x2d0 [ 26.243605] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243635] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.243668] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243699] kasan_report+0x141/0x180 [ 26.243729] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.243766] kasan_check_range+0x10c/0x1c0 [ 26.243843] __kasan_check_read+0x15/0x20 [ 26.243880] copy_user_test_oob+0x4aa/0x10f0 [ 26.243922] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.243958] ? finish_task_switch.isra.0+0x153/0x700 [ 26.243989] ? __switch_to+0x47/0xf50 [ 26.244028] ? __schedule+0x10cc/0x2b60 [ 26.244065] ? __pfx_read_tsc+0x10/0x10 [ 26.244096] ? ktime_get_ts64+0x86/0x230 [ 26.244133] kunit_try_run_case+0x1a5/0x480 [ 26.244174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244213] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.244250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.244285] ? __kthread_parkme+0x82/0x180 [ 26.244317] ? preempt_count_sub+0x50/0x80 [ 26.244358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.244415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.244457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.244498] kthread+0x337/0x6f0 [ 26.244530] ? trace_preempt_on+0x20/0xc0 [ 26.244567] ? __pfx_kthread+0x10/0x10 [ 26.244604] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.244643] ? calculate_sigpending+0x7b/0xa0 [ 26.244678] ? __pfx_kthread+0x10/0x10 [ 26.244710] ret_from_fork+0x116/0x1d0 [ 26.244737] ? __pfx_kthread+0x10/0x10 [ 26.244766] ret_from_fork_asm+0x1a/0x30 [ 26.244807] </TASK> [ 26.244860] [ 26.256793] Allocated by task 314: [ 26.257019] kasan_save_stack+0x45/0x70 [ 26.257224] kasan_save_track+0x18/0x40 [ 26.257403] kasan_save_alloc_info+0x3b/0x50 [ 26.257593] __kasan_kmalloc+0xb7/0xc0 [ 26.257879] __kmalloc_noprof+0x1c9/0x500 [ 26.258209] kunit_kmalloc_array+0x25/0x60 [ 26.258525] copy_user_test_oob+0xab/0x10f0 [ 26.258810] kunit_try_run_case+0x1a5/0x480 [ 26.259135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.259495] kthread+0x337/0x6f0 [ 26.259737] ret_from_fork+0x116/0x1d0 [ 26.260012] ret_from_fork_asm+0x1a/0x30 [ 26.260285] [ 26.260436] The buggy address belongs to the object at ffff888102c14900 [ 26.260436] which belongs to the cache kmalloc-128 of size 128 [ 26.260997] The buggy address is located 0 bytes inside of [ 26.260997] allocated 120-byte region [ffff888102c14900, ffff888102c14978) [ 26.261457] [ 26.261563] The buggy address belongs to the physical page: [ 26.261764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c14 [ 26.262217] flags: 0x200000000000000(node=0|zone=2) [ 26.262599] page_type: f5(slab) [ 26.262906] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.263402] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.263910] page dumped because: kasan: bad access detected [ 26.264269] [ 26.264417] Memory state around the buggy address: [ 26.264734] ffff888102c14800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.265101] ffff888102c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.265373] >ffff888102c14900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.265716] ^ [ 26.266112] ffff888102c14980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.266408] ffff888102c14a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.266679] ==================================================================