Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| juno-r2 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 78.616990] ================================================================== [ 78.624309] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 78.631448] Read of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 78.639020] [ 78.640552] CPU: 7 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 78.640581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 78.640589] Hardware name: Thundercomm Dragonboard 845c (DT) [ 78.640598] Call trace: [ 78.640605] show_stack+0x20/0x38 (C) [ 78.640622] dump_stack_lvl+0x8c/0xd0 [ 78.640639] print_report+0x118/0x608 [ 78.640657] kasan_report+0xdc/0x128 [ 78.640675] kasan_check_range+0x100/0x1a8 [ 78.640694] __kasan_check_read+0x20/0x30 [ 78.640709] copy_user_test_oob+0x4a0/0xec8 [ 78.640728] kunit_try_run_case+0x170/0x3f0 [ 78.640745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.640765] kthread+0x328/0x630 [ 78.640778] ret_from_fork+0x10/0x20 [ 78.640795] [ 78.709804] Allocated by task 371: [ 78.713255] kasan_save_stack+0x3c/0x68 [ 78.717161] kasan_save_track+0x20/0x40 [ 78.721065] kasan_save_alloc_info+0x40/0x58 [ 78.725400] __kasan_kmalloc+0xd4/0xd8 [ 78.729216] __kmalloc_noprof+0x198/0x4c8 [ 78.733293] kunit_kmalloc_array+0x34/0x88 [ 78.737455] copy_user_test_oob+0xac/0xec8 [ 78.741618] kunit_try_run_case+0x170/0x3f0 [ 78.745868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.751431] kthread+0x328/0x630 [ 78.754715] ret_from_fork+0x10/0x20 [ 78.758346] [ 78.759875] The buggy address belongs to the object at ffff00008039fd00 [ 78.759875] which belongs to the cache kmalloc-128 of size 128 [ 78.772531] The buggy address is located 0 bytes inside of [ 78.772531] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 78.785102] [ 78.786625] The buggy address belongs to the physical page: [ 78.792266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 78.800366] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 78.808117] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 78.815168] page_type: f5(slab) [ 78.818364] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.826203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.834043] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.841969] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.849897] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 78.857822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 78.865743] page dumped because: kasan: bad access detected [ 78.871384] [ 78.872916] Memory state around the buggy address: [ 78.877769] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.885086] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.892391] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 78.899704] ^ [ 78.906924] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.914230] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.921543] ================================================================== [ 77.680578] ================================================================== [ 77.687898] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 77.695045] Write of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 77.702716] [ 77.704253] CPU: 7 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 77.704285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 77.704293] Hardware name: Thundercomm Dragonboard 845c (DT) [ 77.704307] Call trace: [ 77.704314] show_stack+0x20/0x38 (C) [ 77.704333] dump_stack_lvl+0x8c/0xd0 [ 77.704352] print_report+0x118/0x608 [ 77.704370] kasan_report+0xdc/0x128 [ 77.704389] kasan_check_range+0x100/0x1a8 [ 77.704409] __kasan_check_write+0x20/0x30 [ 77.704425] copy_user_test_oob+0x35c/0xec8 [ 77.704444] kunit_try_run_case+0x170/0x3f0 [ 77.704462] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.704482] kthread+0x328/0x630 [ 77.704496] ret_from_fork+0x10/0x20 [ 77.704515] [ 77.773613] Allocated by task 371: [ 77.777067] kasan_save_stack+0x3c/0x68 [ 77.780975] kasan_save_track+0x20/0x40 [ 77.784878] kasan_save_alloc_info+0x40/0x58 [ 77.789213] __kasan_kmalloc+0xd4/0xd8 [ 77.793027] __kmalloc_noprof+0x198/0x4c8 [ 77.797105] kunit_kmalloc_array+0x34/0x88 [ 77.801267] copy_user_test_oob+0xac/0xec8 [ 77.805430] kunit_try_run_case+0x170/0x3f0 [ 77.809680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.815245] kthread+0x328/0x630 [ 77.818527] ret_from_fork+0x10/0x20 [ 77.822158] [ 77.823688] The buggy address belongs to the object at ffff00008039fd00 [ 77.823688] which belongs to the cache kmalloc-128 of size 128 [ 77.836344] The buggy address is located 0 bytes inside of [ 77.836344] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 77.848914] [ 77.850437] The buggy address belongs to the physical page: [ 77.856080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 77.864180] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.871935] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 77.878988] page_type: f5(slab) [ 77.882185] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.890025] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.897867] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.905791] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.913720] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 77.921647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 77.929569] page dumped because: kasan: bad access detected [ 77.935212] [ 77.936742] Memory state around the buggy address: [ 77.941593] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.948907] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.956222] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.963526] ^ [ 77.970744] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.978050] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.985362] ================================================================== [ 77.367631] ================================================================== [ 77.374950] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 77.382095] Read of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 77.389680] [ 77.391216] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 77.391247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 77.391256] Hardware name: Thundercomm Dragonboard 845c (DT) [ 77.391268] Call trace: [ 77.391275] show_stack+0x20/0x38 (C) [ 77.391294] dump_stack_lvl+0x8c/0xd0 [ 77.391315] print_report+0x118/0x608 [ 77.391335] kasan_report+0xdc/0x128 [ 77.391355] kasan_check_range+0x100/0x1a8 [ 77.391376] __kasan_check_read+0x20/0x30 [ 77.391393] copy_user_test_oob+0x728/0xec8 [ 77.391413] kunit_try_run_case+0x170/0x3f0 [ 77.391432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.391455] kthread+0x328/0x630 [ 77.391472] ret_from_fork+0x10/0x20 [ 77.391491] [ 77.460557] Allocated by task 371: [ 77.464017] kasan_save_stack+0x3c/0x68 [ 77.467927] kasan_save_track+0x20/0x40 [ 77.471839] kasan_save_alloc_info+0x40/0x58 [ 77.476184] __kasan_kmalloc+0xd4/0xd8 [ 77.480008] __kmalloc_noprof+0x198/0x4c8 [ 77.484090] kunit_kmalloc_array+0x34/0x88 [ 77.488258] copy_user_test_oob+0xac/0xec8 [ 77.492427] kunit_try_run_case+0x170/0x3f0 [ 77.496682] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.502255] kthread+0x328/0x630 [ 77.505548] ret_from_fork+0x10/0x20 [ 77.509185] [ 77.510715] The buggy address belongs to the object at ffff00008039fd00 [ 77.510715] which belongs to the cache kmalloc-128 of size 128 [ 77.523378] The buggy address is located 0 bytes inside of [ 77.523378] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 77.535957] [ 77.537486] The buggy address belongs to the physical page: [ 77.543134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 77.551245] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.559003] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 77.566058] page_type: f5(slab) [ 77.569263] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.577107] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.584952] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.592882] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.600813] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 77.608743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 77.616671] page dumped because: kasan: bad access detected [ 77.622319] [ 77.623857] Memory state around the buggy address: [ 77.628715] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.636040] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.643356] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.650668] ^ [ 77.657901] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.665226] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.672545] ================================================================== [ 78.304816] ================================================================== [ 78.312136] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 78.319278] Write of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 78.326947] [ 78.328479] CPU: 7 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 78.328508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 78.328516] Hardware name: Thundercomm Dragonboard 845c (DT) [ 78.328527] Call trace: [ 78.328534] show_stack+0x20/0x38 (C) [ 78.328552] dump_stack_lvl+0x8c/0xd0 [ 78.328570] print_report+0x118/0x608 [ 78.328587] kasan_report+0xdc/0x128 [ 78.328606] kasan_check_range+0x100/0x1a8 [ 78.328626] __kasan_check_write+0x20/0x30 [ 78.328641] copy_user_test_oob+0x434/0xec8 [ 78.328658] kunit_try_run_case+0x170/0x3f0 [ 78.328676] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.328697] kthread+0x328/0x630 [ 78.328710] ret_from_fork+0x10/0x20 [ 78.328726] [ 78.397825] Allocated by task 371: [ 78.401278] kasan_save_stack+0x3c/0x68 [ 78.405187] kasan_save_track+0x20/0x40 [ 78.409093] kasan_save_alloc_info+0x40/0x58 [ 78.413429] __kasan_kmalloc+0xd4/0xd8 [ 78.417246] __kmalloc_noprof+0x198/0x4c8 [ 78.421323] kunit_kmalloc_array+0x34/0x88 [ 78.425485] copy_user_test_oob+0xac/0xec8 [ 78.429650] kunit_try_run_case+0x170/0x3f0 [ 78.433900] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.439464] kthread+0x328/0x630 [ 78.442750] ret_from_fork+0x10/0x20 [ 78.446381] [ 78.447910] The buggy address belongs to the object at ffff00008039fd00 [ 78.447910] which belongs to the cache kmalloc-128 of size 128 [ 78.460566] The buggy address is located 0 bytes inside of [ 78.460566] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 78.473135] [ 78.474659] The buggy address belongs to the physical page: [ 78.480300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 78.488401] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 78.496151] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 78.503202] page_type: f5(slab) [ 78.506399] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.514242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.522080] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.530007] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.537934] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 78.545860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 78.553783] page dumped because: kasan: bad access detected [ 78.559424] [ 78.560946] Memory state around the buggy address: [ 78.565799] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.573115] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.580431] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 78.587735] ^ [ 78.594954] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.602260] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.609574] ================================================================== [ 77.992867] ================================================================== [ 78.000190] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 78.007332] Read of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 78.014906] [ 78.016439] CPU: 7 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 78.016469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 78.016477] Hardware name: Thundercomm Dragonboard 845c (DT) [ 78.016490] Call trace: [ 78.016498] show_stack+0x20/0x38 (C) [ 78.016516] dump_stack_lvl+0x8c/0xd0 [ 78.016535] print_report+0x118/0x608 [ 78.016554] kasan_report+0xdc/0x128 [ 78.016571] kasan_check_range+0x100/0x1a8 [ 78.016591] __kasan_check_read+0x20/0x30 [ 78.016606] copy_user_test_oob+0x3c8/0xec8 [ 78.016622] kunit_try_run_case+0x170/0x3f0 [ 78.016641] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.016661] kthread+0x328/0x630 [ 78.016675] ret_from_fork+0x10/0x20 [ 78.016692] [ 78.085709] Allocated by task 371: [ 78.089162] kasan_save_stack+0x3c/0x68 [ 78.093066] kasan_save_track+0x20/0x40 [ 78.096971] kasan_save_alloc_info+0x40/0x58 [ 78.101306] __kasan_kmalloc+0xd4/0xd8 [ 78.105122] __kmalloc_noprof+0x198/0x4c8 [ 78.109201] kunit_kmalloc_array+0x34/0x88 [ 78.113363] copy_user_test_oob+0xac/0xec8 [ 78.117525] kunit_try_run_case+0x170/0x3f0 [ 78.121776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 78.127340] kthread+0x328/0x630 [ 78.130624] ret_from_fork+0x10/0x20 [ 78.134257] [ 78.135786] The buggy address belongs to the object at ffff00008039fd00 [ 78.135786] which belongs to the cache kmalloc-128 of size 128 [ 78.148442] The buggy address is located 0 bytes inside of [ 78.148442] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 78.161013] [ 78.162536] The buggy address belongs to the physical page: [ 78.168175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 78.176276] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 78.184029] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 78.191080] page_type: f5(slab) [ 78.194275] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.202117] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.209957] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 78.217882] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 78.225809] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 78.233734] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 78.241656] page dumped because: kasan: bad access detected [ 78.247299] [ 78.248829] Memory state around the buggy address: [ 78.253682] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.260995] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.268300] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 78.275604] ^ [ 78.282824] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.290138] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.297442] ================================================================== [ 77.048851] ================================================================== [ 77.062340] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 77.069487] Write of size 121 at addr ffff00008039fd00 by task kunit_try_catch/371 [ 77.077159] [ 77.078697] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 77.078731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 77.078741] Hardware name: Thundercomm Dragonboard 845c (DT) [ 77.078756] Call trace: [ 77.078767] show_stack+0x20/0x38 (C) [ 77.078787] dump_stack_lvl+0x8c/0xd0 [ 77.078810] print_report+0x118/0x608 [ 77.078831] kasan_report+0xdc/0x128 [ 77.078850] kasan_check_range+0x100/0x1a8 [ 77.078873] __kasan_check_write+0x20/0x30 [ 77.078893] copy_user_test_oob+0x234/0xec8 [ 77.078912] kunit_try_run_case+0x170/0x3f0 [ 77.078935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.078958] kthread+0x328/0x630 [ 77.078975] ret_from_fork+0x10/0x20 [ 77.078994] [ 77.148153] Allocated by task 371: [ 77.151618] kasan_save_stack+0x3c/0x68 [ 77.155528] kasan_save_track+0x20/0x40 [ 77.159438] kasan_save_alloc_info+0x40/0x58 [ 77.163777] __kasan_kmalloc+0xd4/0xd8 [ 77.167599] __kmalloc_noprof+0x198/0x4c8 [ 77.171683] kunit_kmalloc_array+0x34/0x88 [ 77.175849] copy_user_test_oob+0xac/0xec8 [ 77.180015] kunit_try_run_case+0x170/0x3f0 [ 77.184268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.189842] kthread+0x328/0x630 [ 77.193133] ret_from_fork+0x10/0x20 [ 77.196771] [ 77.198302] The buggy address belongs to the object at ffff00008039fd00 [ 77.198302] which belongs to the cache kmalloc-128 of size 128 [ 77.210964] The buggy address is located 0 bytes inside of [ 77.210964] allocated 120-byte region [ffff00008039fd00, ffff00008039fd78) [ 77.223543] [ 77.225081] The buggy address belongs to the physical page: [ 77.230731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10039e [ 77.238846] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.246604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 77.253661] page_type: f5(slab) [ 77.256865] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.264710] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.272555] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.280485] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.288417] head: 0bfffe0000000001 fffffdffc200e781 00000000ffffffff 00000000ffffffff [ 77.296348] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 77.304274] page dumped because: kasan: bad access detected [ 77.309925] [ 77.311452] Memory state around the buggy address: [ 77.316313] ffff00008039fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.323630] ffff00008039fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.330947] >ffff00008039fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.338268] ^ [ 77.345503] ffff00008039fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.352828] ffff00008039fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.360149] ==================================================================
[ 1525.467090] ================================================================== [ 1525.467113] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 1525.467150] Write of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.467183] [ 1525.467198] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.467259] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.467279] Hardware name: ARM Juno development board (r2) (DT) [ 1525.467302] Call trace: [ 1525.467314] show_stack+0x20/0x38 (C) [ 1525.467351] dump_stack_lvl+0x8c/0xd0 [ 1525.467390] print_report+0x118/0x608 [ 1525.467431] kasan_report+0xdc/0x128 [ 1525.467471] kasan_check_range+0x100/0x1a8 [ 1525.467514] __kasan_check_write+0x20/0x30 [ 1525.467550] copy_user_test_oob+0x434/0xec8 [ 1525.467589] kunit_try_run_case+0x170/0x3f0 [ 1525.467629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.467676] kthread+0x328/0x630 [ 1525.467708] ret_from_fork+0x10/0x20 [ 1525.467745] [ 1525.467755] Allocated by task 356: [ 1525.467773] kasan_save_stack+0x3c/0x68 [ 1525.467808] kasan_save_track+0x20/0x40 [ 1525.467842] kasan_save_alloc_info+0x40/0x58 [ 1525.467871] __kasan_kmalloc+0xd4/0xd8 [ 1525.467904] __kmalloc_noprof+0x198/0x4c8 [ 1525.467937] kunit_kmalloc_array+0x34/0x88 [ 1525.467968] copy_user_test_oob+0xac/0xec8 [ 1525.468002] kunit_try_run_case+0x170/0x3f0 [ 1525.468034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.468074] kthread+0x328/0x630 [ 1525.468098] ret_from_fork+0x10/0x20 [ 1525.468127] [ 1525.468138] The buggy address belongs to the object at ffff000827f2f500 [ 1525.468138] which belongs to the cache kmalloc-128 of size 128 [ 1525.468177] The buggy address is located 0 bytes inside of [ 1525.468177] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.468221] [ 1525.468232] The buggy address belongs to the physical page: [ 1525.468251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.468286] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.468317] page_type: f5(slab) [ 1525.468344] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.468380] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.468408] page dumped because: kasan: bad access detected [ 1525.468427] [ 1525.468437] Memory state around the buggy address: [ 1525.468457] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.468488] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.468519] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.468545] ^ [ 1525.468572] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.468603] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.468629] ================================================================== [ 1525.468686] ================================================================== [ 1525.468712] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 1525.468748] Read of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.468783] [ 1525.468798] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.468859] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.468879] Hardware name: ARM Juno development board (r2) (DT) [ 1525.468902] Call trace: [ 1525.468914] show_stack+0x20/0x38 (C) [ 1525.468952] dump_stack_lvl+0x8c/0xd0 [ 1525.468991] print_report+0x118/0x608 [ 1525.469031] kasan_report+0xdc/0x128 [ 1525.469072] kasan_check_range+0x100/0x1a8 [ 1525.469115] __kasan_check_read+0x20/0x30 [ 1525.469150] copy_user_test_oob+0x4a0/0xec8 [ 1525.469191] kunit_try_run_case+0x170/0x3f0 [ 1525.469231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.469278] kthread+0x328/0x630 [ 1525.469309] ret_from_fork+0x10/0x20 [ 1525.469346] [ 1525.469357] Allocated by task 356: [ 1525.469375] kasan_save_stack+0x3c/0x68 [ 1525.469410] kasan_save_track+0x20/0x40 [ 1525.469442] kasan_save_alloc_info+0x40/0x58 [ 1525.469471] __kasan_kmalloc+0xd4/0xd8 [ 1525.469503] __kmalloc_noprof+0x198/0x4c8 [ 1525.469536] kunit_kmalloc_array+0x34/0x88 [ 1525.469568] copy_user_test_oob+0xac/0xec8 [ 1525.469602] kunit_try_run_case+0x170/0x3f0 [ 1525.469635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.469673] kthread+0x328/0x630 [ 1525.469697] ret_from_fork+0x10/0x20 [ 1525.469727] [ 1525.469738] The buggy address belongs to the object at ffff000827f2f500 [ 1525.469738] which belongs to the cache kmalloc-128 of size 128 [ 1525.469778] The buggy address is located 0 bytes inside of [ 1525.469778] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.469822] [ 1525.469833] The buggy address belongs to the physical page: [ 1525.469851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.469886] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.469918] page_type: f5(slab) [ 1525.469944] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.469981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.470008] page dumped because: kasan: bad access detected [ 1525.470028] [ 1525.470038] Memory state around the buggy address: [ 1525.470059] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.470090] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.470120] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.470146] ^ [ 1525.470173] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.470203] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.470229] ================================================================== [ 1525.465519] ================================================================== [ 1525.465545] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 1525.465582] Read of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.465617] [ 1525.465632] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.465692] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.465712] Hardware name: ARM Juno development board (r2) (DT) [ 1525.465734] Call trace: [ 1525.465747] show_stack+0x20/0x38 (C) [ 1525.465784] dump_stack_lvl+0x8c/0xd0 [ 1525.465824] print_report+0x118/0x608 [ 1525.465865] kasan_report+0xdc/0x128 [ 1525.465904] kasan_check_range+0x100/0x1a8 [ 1525.465948] __kasan_check_read+0x20/0x30 [ 1525.465983] copy_user_test_oob+0x3c8/0xec8 [ 1525.466023] kunit_try_run_case+0x170/0x3f0 [ 1525.466063] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.466109] kthread+0x328/0x630 [ 1525.466141] ret_from_fork+0x10/0x20 [ 1525.466179] [ 1525.466190] Allocated by task 356: [ 1525.466208] kasan_save_stack+0x3c/0x68 [ 1525.466242] kasan_save_track+0x20/0x40 [ 1525.466275] kasan_save_alloc_info+0x40/0x58 [ 1525.466304] __kasan_kmalloc+0xd4/0xd8 [ 1525.466335] __kmalloc_noprof+0x198/0x4c8 [ 1525.466369] kunit_kmalloc_array+0x34/0x88 [ 1525.466401] copy_user_test_oob+0xac/0xec8 [ 1525.466435] kunit_try_run_case+0x170/0x3f0 [ 1525.466467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.466507] kthread+0x328/0x630 [ 1525.466532] ret_from_fork+0x10/0x20 [ 1525.466562] [ 1525.466572] The buggy address belongs to the object at ffff000827f2f500 [ 1525.466572] which belongs to the cache kmalloc-128 of size 128 [ 1525.466611] The buggy address is located 0 bytes inside of [ 1525.466611] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.466655] [ 1525.466666] The buggy address belongs to the physical page: [ 1525.466684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.466720] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.466751] page_type: f5(slab) [ 1525.466777] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.466813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.466841] page dumped because: kasan: bad access detected [ 1525.466862] [ 1525.466872] Memory state around the buggy address: [ 1525.466891] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.466922] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.466952] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.466978] ^ [ 1525.467006] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.467036] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.467062] ================================================================== [ 1525.460458] ================================================================== [ 1525.460487] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 1525.460527] Write of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.460562] [ 1525.460577] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.460638] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.460658] Hardware name: ARM Juno development board (r2) (DT) [ 1525.460681] Call trace: [ 1525.460693] show_stack+0x20/0x38 (C) [ 1525.460732] dump_stack_lvl+0x8c/0xd0 [ 1525.460772] print_report+0x118/0x608 [ 1525.460814] kasan_report+0xdc/0x128 [ 1525.460854] kasan_check_range+0x100/0x1a8 [ 1525.460898] __kasan_check_write+0x20/0x30 [ 1525.460933] copy_user_test_oob+0x234/0xec8 [ 1525.460973] kunit_try_run_case+0x170/0x3f0 [ 1525.461013] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.461060] kthread+0x328/0x630 [ 1525.461092] ret_from_fork+0x10/0x20 [ 1525.461131] [ 1525.461142] Allocated by task 356: [ 1525.461160] kasan_save_stack+0x3c/0x68 [ 1525.461196] kasan_save_track+0x20/0x40 [ 1525.461229] kasan_save_alloc_info+0x40/0x58 [ 1525.461258] __kasan_kmalloc+0xd4/0xd8 [ 1525.461291] __kmalloc_noprof+0x198/0x4c8 [ 1525.461324] kunit_kmalloc_array+0x34/0x88 [ 1525.461357] copy_user_test_oob+0xac/0xec8 [ 1525.461390] kunit_try_run_case+0x170/0x3f0 [ 1525.461422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.461462] kthread+0x328/0x630 [ 1525.461486] ret_from_fork+0x10/0x20 [ 1525.461517] [ 1525.461528] The buggy address belongs to the object at ffff000827f2f500 [ 1525.461528] which belongs to the cache kmalloc-128 of size 128 [ 1525.461568] The buggy address is located 0 bytes inside of [ 1525.461568] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.461611] [ 1525.461621] The buggy address belongs to the physical page: [ 1525.461641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.461676] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.461709] page_type: f5(slab) [ 1525.461735] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.461772] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.461799] page dumped because: kasan: bad access detected [ 1525.461819] [ 1525.461829] Memory state around the buggy address: [ 1525.461850] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.461881] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.461911] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.461937] ^ [ 1525.461964] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.461995] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.462021] ================================================================== [ 1525.462121] ================================================================== [ 1525.462146] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 1525.462183] Read of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.462217] [ 1525.462233] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.462293] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.462313] Hardware name: ARM Juno development board (r2) (DT) [ 1525.462335] Call trace: [ 1525.462348] show_stack+0x20/0x38 (C) [ 1525.462385] dump_stack_lvl+0x8c/0xd0 [ 1525.462425] print_report+0x118/0x608 [ 1525.462466] kasan_report+0xdc/0x128 [ 1525.462506] kasan_check_range+0x100/0x1a8 [ 1525.462549] __kasan_check_read+0x20/0x30 [ 1525.462585] copy_user_test_oob+0x728/0xec8 [ 1525.462625] kunit_try_run_case+0x170/0x3f0 [ 1525.462665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.462711] kthread+0x328/0x630 [ 1525.462742] ret_from_fork+0x10/0x20 [ 1525.462780] [ 1525.462791] Allocated by task 356: [ 1525.462809] kasan_save_stack+0x3c/0x68 [ 1525.462844] kasan_save_track+0x20/0x40 [ 1525.462877] kasan_save_alloc_info+0x40/0x58 [ 1525.462906] __kasan_kmalloc+0xd4/0xd8 [ 1525.462938] __kmalloc_noprof+0x198/0x4c8 [ 1525.462971] kunit_kmalloc_array+0x34/0x88 [ 1525.463003] copy_user_test_oob+0xac/0xec8 [ 1525.463037] kunit_try_run_case+0x170/0x3f0 [ 1525.463069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.463109] kthread+0x328/0x630 [ 1525.463134] ret_from_fork+0x10/0x20 [ 1525.463164] [ 1525.463175] The buggy address belongs to the object at ffff000827f2f500 [ 1525.463175] which belongs to the cache kmalloc-128 of size 128 [ 1525.463214] The buggy address is located 0 bytes inside of [ 1525.463214] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.463258] [ 1525.463269] The buggy address belongs to the physical page: [ 1525.463287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.463322] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.463354] page_type: f5(slab) [ 1525.463381] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.463417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.463444] page dumped because: kasan: bad access detected [ 1525.463464] [ 1525.463474] Memory state around the buggy address: [ 1525.463495] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.463526] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.463556] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.463581] ^ [ 1525.463609] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.463640] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.463666] ================================================================== [ 1525.463883] ================================================================== [ 1525.463910] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 1525.463947] Write of size 121 at addr ffff000827f2f500 by task kunit_try_catch/356 [ 1525.463983] [ 1525.463999] CPU: 3 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 1525.464059] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 1525.464079] Hardware name: ARM Juno development board (r2) (DT) [ 1525.464101] Call trace: [ 1525.464114] show_stack+0x20/0x38 (C) [ 1525.464151] dump_stack_lvl+0x8c/0xd0 [ 1525.464191] print_report+0x118/0x608 [ 1525.464232] kasan_report+0xdc/0x128 [ 1525.464272] kasan_check_range+0x100/0x1a8 [ 1525.464315] __kasan_check_write+0x20/0x30 [ 1525.464351] copy_user_test_oob+0x35c/0xec8 [ 1525.464391] kunit_try_run_case+0x170/0x3f0 [ 1525.464431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.464477] kthread+0x328/0x630 [ 1525.464509] ret_from_fork+0x10/0x20 [ 1525.464547] [ 1525.464557] Allocated by task 356: [ 1525.464575] kasan_save_stack+0x3c/0x68 [ 1525.464609] kasan_save_track+0x20/0x40 [ 1525.464643] kasan_save_alloc_info+0x40/0x58 [ 1525.464672] __kasan_kmalloc+0xd4/0xd8 [ 1525.464705] __kmalloc_noprof+0x198/0x4c8 [ 1525.464738] kunit_kmalloc_array+0x34/0x88 [ 1525.464770] copy_user_test_oob+0xac/0xec8 [ 1525.464803] kunit_try_run_case+0x170/0x3f0 [ 1525.464835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 1525.464875] kthread+0x328/0x630 [ 1525.464900] ret_from_fork+0x10/0x20 [ 1525.464930] [ 1525.464940] The buggy address belongs to the object at ffff000827f2f500 [ 1525.464940] which belongs to the cache kmalloc-128 of size 128 [ 1525.464979] The buggy address is located 0 bytes inside of [ 1525.464979] allocated 120-byte region [ffff000827f2f500, ffff000827f2f578) [ 1525.465023] [ 1525.465034] The buggy address belongs to the physical page: [ 1525.465052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a7f2f [ 1525.465087] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 1525.465120] page_type: f5(slab) [ 1525.465146] raw: 0bfffe0000000000 ffff000800002a00 dead000000000122 0000000000000000 [ 1525.465182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 1525.465209] page dumped because: kasan: bad access detected [ 1525.465229] [ 1525.465239] Memory state around the buggy address: [ 1525.465260] ffff000827f2f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1525.465290] ffff000827f2f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.465321] >ffff000827f2f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 1525.465346] ^ [ 1525.465373] ffff000827f2f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.465404] ffff000827f2f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1525.465430] ==================================================================
[ 30.070853] ================================================================== [ 30.071014] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.071080] Write of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.071362] [ 30.071428] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.071523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.071553] Hardware name: linux,dummy-virt (DT) [ 30.071841] Call trace: [ 30.071904] show_stack+0x20/0x38 (C) [ 30.072064] dump_stack_lvl+0x8c/0xd0 [ 30.072138] print_report+0x118/0x608 [ 30.072278] kasan_report+0xdc/0x128 [ 30.072373] kasan_check_range+0x100/0x1a8 [ 30.072442] __kasan_check_write+0x20/0x30 [ 30.072489] copy_user_test_oob+0x434/0xec8 [ 30.072542] kunit_try_run_case+0x170/0x3f0 [ 30.072902] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.073017] kthread+0x328/0x630 [ 30.073352] ret_from_fork+0x10/0x20 [ 30.073525] [ 30.073605] Allocated by task 297: [ 30.073729] kasan_save_stack+0x3c/0x68 [ 30.073818] kasan_save_track+0x20/0x40 [ 30.074161] kasan_save_alloc_info+0x40/0x58 [ 30.074283] __kasan_kmalloc+0xd4/0xd8 [ 30.074654] __kmalloc_noprof+0x198/0x4c8 [ 30.074981] kunit_kmalloc_array+0x34/0x88 [ 30.075102] copy_user_test_oob+0xac/0xec8 [ 30.075492] kunit_try_run_case+0x170/0x3f0 [ 30.075591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.075667] kthread+0x328/0x630 [ 30.075964] ret_from_fork+0x10/0x20 [ 30.076303] [ 30.076447] The buggy address belongs to the object at fff00000c5773e00 [ 30.076447] which belongs to the cache kmalloc-128 of size 128 [ 30.076611] The buggy address is located 0 bytes inside of [ 30.076611] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.076680] [ 30.076727] The buggy address belongs to the physical page: [ 30.076768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.077112] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.077173] page_type: f5(slab) [ 30.077265] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.077338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.077381] page dumped because: kasan: bad access detected [ 30.077421] [ 30.077448] Memory state around the buggy address: [ 30.077491] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.077538] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.077580] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.077629] ^ [ 30.077681] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.077726] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.077767] ================================================================== [ 30.037884] ================================================================== [ 30.037990] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 30.038381] Read of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.038451] [ 30.038594] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.038699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.038934] Hardware name: linux,dummy-virt (DT) [ 30.039070] Call trace: [ 30.039096] show_stack+0x20/0x38 (C) [ 30.039151] dump_stack_lvl+0x8c/0xd0 [ 30.039216] print_report+0x118/0x608 [ 30.039320] kasan_report+0xdc/0x128 [ 30.039670] kasan_check_range+0x100/0x1a8 [ 30.039745] __kasan_check_read+0x20/0x30 [ 30.040127] copy_user_test_oob+0x728/0xec8 [ 30.040278] kunit_try_run_case+0x170/0x3f0 [ 30.040351] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.040562] kthread+0x328/0x630 [ 30.040714] ret_from_fork+0x10/0x20 [ 30.040915] [ 30.041201] Allocated by task 297: [ 30.041389] kasan_save_stack+0x3c/0x68 [ 30.041497] kasan_save_track+0x20/0x40 [ 30.041570] kasan_save_alloc_info+0x40/0x58 [ 30.041607] __kasan_kmalloc+0xd4/0xd8 [ 30.041888] __kmalloc_noprof+0x198/0x4c8 [ 30.042025] kunit_kmalloc_array+0x34/0x88 [ 30.042114] copy_user_test_oob+0xac/0xec8 [ 30.042413] kunit_try_run_case+0x170/0x3f0 [ 30.042486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.042633] kthread+0x328/0x630 [ 30.042683] ret_from_fork+0x10/0x20 [ 30.042733] [ 30.042763] The buggy address belongs to the object at fff00000c5773e00 [ 30.042763] which belongs to the cache kmalloc-128 of size 128 [ 30.043086] The buggy address is located 0 bytes inside of [ 30.043086] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.043246] [ 30.043315] The buggy address belongs to the physical page: [ 30.043369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.043599] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.043751] page_type: f5(slab) [ 30.044088] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.044211] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.044285] page dumped because: kasan: bad access detected [ 30.044360] [ 30.044383] Memory state around the buggy address: [ 30.044418] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.044466] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.044519] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.044697] ^ [ 30.044888] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.045207] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.045275] ================================================================== [ 30.021808] ================================================================== [ 30.021927] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 30.022271] Write of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.022396] [ 30.022548] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.022710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.022779] Hardware name: linux,dummy-virt (DT) [ 30.022843] Call trace: [ 30.023136] show_stack+0x20/0x38 (C) [ 30.023207] dump_stack_lvl+0x8c/0xd0 [ 30.023356] print_report+0x118/0x608 [ 30.023418] kasan_report+0xdc/0x128 [ 30.023493] kasan_check_range+0x100/0x1a8 [ 30.023638] __kasan_check_write+0x20/0x30 [ 30.023701] copy_user_test_oob+0x234/0xec8 [ 30.023985] kunit_try_run_case+0x170/0x3f0 [ 30.024267] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.024340] kthread+0x328/0x630 [ 30.024650] ret_from_fork+0x10/0x20 [ 30.024808] [ 30.024899] Allocated by task 297: [ 30.024978] kasan_save_stack+0x3c/0x68 [ 30.025123] kasan_save_track+0x20/0x40 [ 30.025221] kasan_save_alloc_info+0x40/0x58 [ 30.025411] __kasan_kmalloc+0xd4/0xd8 [ 30.025450] __kmalloc_noprof+0x198/0x4c8 [ 30.025516] kunit_kmalloc_array+0x34/0x88 [ 30.025839] copy_user_test_oob+0xac/0xec8 [ 30.025923] kunit_try_run_case+0x170/0x3f0 [ 30.026099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.026255] kthread+0x328/0x630 [ 30.026355] ret_from_fork+0x10/0x20 [ 30.026747] [ 30.026797] The buggy address belongs to the object at fff00000c5773e00 [ 30.026797] which belongs to the cache kmalloc-128 of size 128 [ 30.026940] The buggy address is located 0 bytes inside of [ 30.026940] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.027044] [ 30.027164] The buggy address belongs to the physical page: [ 30.027224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.027309] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.027773] page_type: f5(slab) [ 30.027852] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.028135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.028402] page dumped because: kasan: bad access detected [ 30.028474] [ 30.028623] Memory state around the buggy address: [ 30.028709] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.028809] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.028961] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.029144] ^ [ 30.029243] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.029303] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.029631] ================================================================== [ 30.063113] ================================================================== [ 30.063176] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.063229] Read of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.063549] [ 30.063601] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.063774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.063846] Hardware name: linux,dummy-virt (DT) [ 30.063904] Call trace: [ 30.064025] show_stack+0x20/0x38 (C) [ 30.064141] dump_stack_lvl+0x8c/0xd0 [ 30.064361] print_report+0x118/0x608 [ 30.064544] kasan_report+0xdc/0x128 [ 30.064676] kasan_check_range+0x100/0x1a8 [ 30.064793] __kasan_check_read+0x20/0x30 [ 30.065038] copy_user_test_oob+0x3c8/0xec8 [ 30.065193] kunit_try_run_case+0x170/0x3f0 [ 30.065341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.065411] kthread+0x328/0x630 [ 30.065746] ret_from_fork+0x10/0x20 [ 30.066076] [ 30.066128] Allocated by task 297: [ 30.066208] kasan_save_stack+0x3c/0x68 [ 30.066359] kasan_save_track+0x20/0x40 [ 30.066530] kasan_save_alloc_info+0x40/0x58 [ 30.066746] __kasan_kmalloc+0xd4/0xd8 [ 30.066812] __kmalloc_noprof+0x198/0x4c8 [ 30.067108] kunit_kmalloc_array+0x34/0x88 [ 30.067209] copy_user_test_oob+0xac/0xec8 [ 30.067635] kunit_try_run_case+0x170/0x3f0 [ 30.067738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.067794] kthread+0x328/0x630 [ 30.067829] ret_from_fork+0x10/0x20 [ 30.068165] [ 30.068255] The buggy address belongs to the object at fff00000c5773e00 [ 30.068255] which belongs to the cache kmalloc-128 of size 128 [ 30.068409] The buggy address is located 0 bytes inside of [ 30.068409] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.068634] [ 30.068663] The buggy address belongs to the physical page: [ 30.068709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.068766] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.068827] page_type: f5(slab) [ 30.068898] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.068953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.069012] page dumped because: kasan: bad access detected [ 30.069069] [ 30.069098] Memory state around the buggy address: [ 30.069143] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.069188] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069233] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.069271] ^ [ 30.069312] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069365] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069416] ================================================================== [ 30.078605] ================================================================== [ 30.078659] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.079033] Read of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.079112] [ 30.079167] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.079286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.079331] Hardware name: linux,dummy-virt (DT) [ 30.079363] Call trace: [ 30.079388] show_stack+0x20/0x38 (C) [ 30.079644] dump_stack_lvl+0x8c/0xd0 [ 30.079727] print_report+0x118/0x608 [ 30.079782] kasan_report+0xdc/0x128 [ 30.080048] kasan_check_range+0x100/0x1a8 [ 30.080241] __kasan_check_read+0x20/0x30 [ 30.080394] copy_user_test_oob+0x4a0/0xec8 [ 30.080513] kunit_try_run_case+0x170/0x3f0 [ 30.080726] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.080787] kthread+0x328/0x630 [ 30.080835] ret_from_fork+0x10/0x20 [ 30.081220] [ 30.081260] Allocated by task 297: [ 30.081336] kasan_save_stack+0x3c/0x68 [ 30.081429] kasan_save_track+0x20/0x40 [ 30.081608] kasan_save_alloc_info+0x40/0x58 [ 30.081789] __kasan_kmalloc+0xd4/0xd8 [ 30.081859] __kmalloc_noprof+0x198/0x4c8 [ 30.082317] kunit_kmalloc_array+0x34/0x88 [ 30.082374] copy_user_test_oob+0xac/0xec8 [ 30.082761] kunit_try_run_case+0x170/0x3f0 [ 30.082887] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.083123] kthread+0x328/0x630 [ 30.083334] ret_from_fork+0x10/0x20 [ 30.083392] [ 30.083746] The buggy address belongs to the object at fff00000c5773e00 [ 30.083746] which belongs to the cache kmalloc-128 of size 128 [ 30.083826] The buggy address is located 0 bytes inside of [ 30.083826] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.084160] [ 30.084365] The buggy address belongs to the physical page: [ 30.084413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.084630] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.084931] page_type: f5(slab) [ 30.084983] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.085258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.085304] page dumped because: kasan: bad access detected [ 30.085520] [ 30.085598] Memory state around the buggy address: [ 30.085700] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.086070] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.086313] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.086414] ^ [ 30.086568] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.086772] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.087089] ================================================================== [ 30.055186] ================================================================== [ 30.055291] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.055366] Write of size 121 at addr fff00000c5773e00 by task kunit_try_catch/297 [ 30.055715] [ 30.055773] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.055998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.056142] Hardware name: linux,dummy-virt (DT) [ 30.056243] Call trace: [ 30.056341] show_stack+0x20/0x38 (C) [ 30.056436] dump_stack_lvl+0x8c/0xd0 [ 30.056493] print_report+0x118/0x608 [ 30.056541] kasan_report+0xdc/0x128 [ 30.056588] kasan_check_range+0x100/0x1a8 [ 30.056639] __kasan_check_write+0x20/0x30 [ 30.056886] copy_user_test_oob+0x35c/0xec8 [ 30.057139] kunit_try_run_case+0x170/0x3f0 [ 30.057259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.057426] kthread+0x328/0x630 [ 30.057519] ret_from_fork+0x10/0x20 [ 30.058173] [ 30.058487] Allocated by task 297: [ 30.058561] kasan_save_stack+0x3c/0x68 [ 30.058664] kasan_save_track+0x20/0x40 [ 30.058705] kasan_save_alloc_info+0x40/0x58 [ 30.058777] __kasan_kmalloc+0xd4/0xd8 [ 30.058858] __kmalloc_noprof+0x198/0x4c8 [ 30.058933] kunit_kmalloc_array+0x34/0x88 [ 30.059282] copy_user_test_oob+0xac/0xec8 [ 30.059378] kunit_try_run_case+0x170/0x3f0 [ 30.059485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.059602] kthread+0x328/0x630 [ 30.059764] ret_from_fork+0x10/0x20 [ 30.059900] [ 30.059952] The buggy address belongs to the object at fff00000c5773e00 [ 30.059952] which belongs to the cache kmalloc-128 of size 128 [ 30.060037] The buggy address is located 0 bytes inside of [ 30.060037] allocated 120-byte region [fff00000c5773e00, fff00000c5773e78) [ 30.060393] [ 30.060435] The buggy address belongs to the physical page: [ 30.060506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105773 [ 30.060580] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.060634] page_type: f5(slab) [ 30.060683] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.060738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.060781] page dumped because: kasan: bad access detected [ 30.060815] [ 30.060836] Memory state around the buggy address: [ 30.060909] fff00000c5773d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.060967] fff00000c5773d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061019] >fff00000c5773e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.061075] ^ [ 30.061127] fff00000c5773e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061174] fff00000c5773f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061216] ==================================================================
[ 26.117100] ================================================================== [ 26.117454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.117786] Read of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.118258] [ 26.118373] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.118424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.118438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.118464] Call Trace: [ 26.118486] <TASK> [ 26.118507] dump_stack_lvl+0x73/0xb0 [ 26.118537] print_report+0xd1/0x650 [ 26.118561] ? __virt_addr_valid+0x1db/0x2d0 [ 26.118586] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118610] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.118638] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118662] kasan_report+0x141/0x180 [ 26.118685] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.118713] kasan_check_range+0x10c/0x1c0 [ 26.118737] __kasan_check_read+0x15/0x20 [ 26.118761] copy_user_test_oob+0x4aa/0x10f0 [ 26.118787] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.118809] ? finish_task_switch.isra.0+0x153/0x700 [ 26.118833] ? __switch_to+0x47/0xf50 [ 26.118860] ? __schedule+0x10cc/0x2b60 [ 26.118885] ? __pfx_read_tsc+0x10/0x10 [ 26.118907] ? ktime_get_ts64+0x86/0x230 [ 26.118934] kunit_try_run_case+0x1a5/0x480 [ 26.118960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.118983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.119009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.119043] ? __kthread_parkme+0x82/0x180 [ 26.119065] ? preempt_count_sub+0x50/0x80 [ 26.119088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.119113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.119138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.119163] kthread+0x337/0x6f0 [ 26.119186] ? trace_preempt_on+0x20/0xc0 [ 26.119211] ? __pfx_kthread+0x10/0x10 [ 26.119245] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.119271] ? calculate_sigpending+0x7b/0xa0 [ 26.119298] ? __pfx_kthread+0x10/0x10 [ 26.119321] ret_from_fork+0x116/0x1d0 [ 26.119342] ? __pfx_kthread+0x10/0x10 [ 26.119365] ret_from_fork_asm+0x1a/0x30 [ 26.119398] </TASK> [ 26.119410] [ 26.126791] Allocated by task 314: [ 26.126913] kasan_save_stack+0x45/0x70 [ 26.127057] kasan_save_track+0x18/0x40 [ 26.127186] kasan_save_alloc_info+0x3b/0x50 [ 26.127406] __kasan_kmalloc+0xb7/0xc0 [ 26.127591] __kmalloc_noprof+0x1c9/0x500 [ 26.127789] kunit_kmalloc_array+0x25/0x60 [ 26.127992] copy_user_test_oob+0xab/0x10f0 [ 26.128199] kunit_try_run_case+0x1a5/0x480 [ 26.128415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.128646] kthread+0x337/0x6f0 [ 26.128799] ret_from_fork+0x116/0x1d0 [ 26.128972] ret_from_fork_asm+0x1a/0x30 [ 26.129156] [ 26.129264] The buggy address belongs to the object at ffff8881024e1b00 [ 26.129264] which belongs to the cache kmalloc-128 of size 128 [ 26.129699] The buggy address is located 0 bytes inside of [ 26.129699] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.130165] [ 26.130269] The buggy address belongs to the physical page: [ 26.130522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.130849] flags: 0x200000000000000(node=0|zone=2) [ 26.131010] page_type: f5(slab) [ 26.131134] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.131372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.131595] page dumped because: kasan: bad access detected [ 26.131857] [ 26.131947] Memory state around the buggy address: [ 26.132367] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.132685] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.132994] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.133212] ^ [ 26.133535] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.133817] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.134099] ================================================================== [ 26.099920] ================================================================== [ 26.100318] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.100640] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.100921] [ 26.101012] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.101088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.101102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.101129] Call Trace: [ 26.101150] <TASK> [ 26.101173] dump_stack_lvl+0x73/0xb0 [ 26.101205] print_report+0xd1/0x650 [ 26.101240] ? __virt_addr_valid+0x1db/0x2d0 [ 26.101266] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.101318] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101342] kasan_report+0x141/0x180 [ 26.101365] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.101393] kasan_check_range+0x10c/0x1c0 [ 26.101417] __kasan_check_write+0x18/0x20 [ 26.101442] copy_user_test_oob+0x3fd/0x10f0 [ 26.101468] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.101491] ? finish_task_switch.isra.0+0x153/0x700 [ 26.101514] ? __switch_to+0x47/0xf50 [ 26.101541] ? __schedule+0x10cc/0x2b60 [ 26.101567] ? __pfx_read_tsc+0x10/0x10 [ 26.101591] ? ktime_get_ts64+0x86/0x230 [ 26.101617] kunit_try_run_case+0x1a5/0x480 [ 26.101644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.101694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.101720] ? __kthread_parkme+0x82/0x180 [ 26.101742] ? preempt_count_sub+0x50/0x80 [ 26.101765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.101839] kthread+0x337/0x6f0 [ 26.101861] ? trace_preempt_on+0x20/0xc0 [ 26.101885] ? __pfx_kthread+0x10/0x10 [ 26.101906] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.101930] ? calculate_sigpending+0x7b/0xa0 [ 26.101956] ? __pfx_kthread+0x10/0x10 [ 26.101978] ret_from_fork+0x116/0x1d0 [ 26.101998] ? __pfx_kthread+0x10/0x10 [ 26.102030] ret_from_fork_asm+0x1a/0x30 [ 26.102064] </TASK> [ 26.102077] [ 26.109060] Allocated by task 314: [ 26.109199] kasan_save_stack+0x45/0x70 [ 26.109360] kasan_save_track+0x18/0x40 [ 26.109488] kasan_save_alloc_info+0x3b/0x50 [ 26.109631] __kasan_kmalloc+0xb7/0xc0 [ 26.109954] __kmalloc_noprof+0x1c9/0x500 [ 26.110346] kunit_kmalloc_array+0x25/0x60 [ 26.110555] copy_user_test_oob+0xab/0x10f0 [ 26.110759] kunit_try_run_case+0x1a5/0x480 [ 26.110964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.111199] kthread+0x337/0x6f0 [ 26.111347] ret_from_fork+0x116/0x1d0 [ 26.111497] ret_from_fork_asm+0x1a/0x30 [ 26.111632] [ 26.111698] The buggy address belongs to the object at ffff8881024e1b00 [ 26.111698] which belongs to the cache kmalloc-128 of size 128 [ 26.112098] The buggy address is located 0 bytes inside of [ 26.112098] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.112640] [ 26.112735] The buggy address belongs to the physical page: [ 26.112991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.113340] flags: 0x200000000000000(node=0|zone=2) [ 26.113505] page_type: f5(slab) [ 26.113624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.113847] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.114099] page dumped because: kasan: bad access detected [ 26.114360] [ 26.114456] Memory state around the buggy address: [ 26.114684] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.115075] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.115366] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.115617] ^ [ 26.115825] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.116293] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.116581] ================================================================== [ 26.152290] ================================================================== [ 26.152646] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.152928] Read of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.153316] [ 26.153410] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.153460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.154495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.154528] Call Trace: [ 26.154550] <TASK> [ 26.154569] dump_stack_lvl+0x73/0xb0 [ 26.154600] print_report+0xd1/0x650 [ 26.154624] ? __virt_addr_valid+0x1db/0x2d0 [ 26.154649] ? copy_user_test_oob+0x604/0x10f0 [ 26.154672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.154700] ? copy_user_test_oob+0x604/0x10f0 [ 26.154724] kasan_report+0x141/0x180 [ 26.154747] ? copy_user_test_oob+0x604/0x10f0 [ 26.154775] kasan_check_range+0x10c/0x1c0 [ 26.154799] __kasan_check_read+0x15/0x20 [ 26.154824] copy_user_test_oob+0x604/0x10f0 [ 26.154850] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.154873] ? finish_task_switch.isra.0+0x153/0x700 [ 26.154900] ? __switch_to+0x47/0xf50 [ 26.154929] ? __schedule+0x10cc/0x2b60 [ 26.154955] ? __pfx_read_tsc+0x10/0x10 [ 26.154979] ? ktime_get_ts64+0x86/0x230 [ 26.155005] kunit_try_run_case+0x1a5/0x480 [ 26.155037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.155061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.155087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.155114] ? __kthread_parkme+0x82/0x180 [ 26.155135] ? preempt_count_sub+0x50/0x80 [ 26.155160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.155185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.155209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.155246] kthread+0x337/0x6f0 [ 26.155266] ? trace_preempt_on+0x20/0xc0 [ 26.155290] ? __pfx_kthread+0x10/0x10 [ 26.155311] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.155336] ? calculate_sigpending+0x7b/0xa0 [ 26.155360] ? __pfx_kthread+0x10/0x10 [ 26.155382] ret_from_fork+0x116/0x1d0 [ 26.155403] ? __pfx_kthread+0x10/0x10 [ 26.155423] ret_from_fork_asm+0x1a/0x30 [ 26.155455] </TASK> [ 26.155467] [ 26.165390] Allocated by task 314: [ 26.165685] kasan_save_stack+0x45/0x70 [ 26.165918] kasan_save_track+0x18/0x40 [ 26.166327] kasan_save_alloc_info+0x3b/0x50 [ 26.166528] __kasan_kmalloc+0xb7/0xc0 [ 26.166694] __kmalloc_noprof+0x1c9/0x500 [ 26.166894] kunit_kmalloc_array+0x25/0x60 [ 26.167076] copy_user_test_oob+0xab/0x10f0 [ 26.167352] kunit_try_run_case+0x1a5/0x480 [ 26.167919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.168229] kthread+0x337/0x6f0 [ 26.168515] ret_from_fork+0x116/0x1d0 [ 26.168773] ret_from_fork_asm+0x1a/0x30 [ 26.169033] [ 26.169129] The buggy address belongs to the object at ffff8881024e1b00 [ 26.169129] which belongs to the cache kmalloc-128 of size 128 [ 26.169897] The buggy address is located 0 bytes inside of [ 26.169897] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.170571] [ 26.170655] The buggy address belongs to the physical page: [ 26.171062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.171509] flags: 0x200000000000000(node=0|zone=2) [ 26.171846] page_type: f5(slab) [ 26.172030] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.172691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.173209] page dumped because: kasan: bad access detected [ 26.173560] [ 26.173803] Memory state around the buggy address: [ 26.174133] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.174454] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174761] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.175364] ^ [ 26.175653] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176089] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176485] ================================================================== [ 26.134623] ================================================================== [ 26.135228] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.135511] Write of size 121 at addr ffff8881024e1b00 by task kunit_try_catch/314 [ 26.135811] [ 26.135894] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 26.135942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.135957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.135982] Call Trace: [ 26.136000] <TASK> [ 26.136027] dump_stack_lvl+0x73/0xb0 [ 26.136055] print_report+0xd1/0x650 [ 26.136078] ? __virt_addr_valid+0x1db/0x2d0 [ 26.136115] ? copy_user_test_oob+0x557/0x10f0 [ 26.136139] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.136165] ? copy_user_test_oob+0x557/0x10f0 [ 26.136189] kasan_report+0x141/0x180 [ 26.136212] ? copy_user_test_oob+0x557/0x10f0 [ 26.136251] kasan_check_range+0x10c/0x1c0 [ 26.136276] __kasan_check_write+0x18/0x20 [ 26.136299] copy_user_test_oob+0x557/0x10f0 [ 26.136325] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.136348] ? finish_task_switch.isra.0+0x153/0x700 [ 26.136371] ? __switch_to+0x47/0xf50 [ 26.136397] ? __schedule+0x10cc/0x2b60 [ 26.136422] ? __pfx_read_tsc+0x10/0x10 [ 26.136446] ? ktime_get_ts64+0x86/0x230 [ 26.136471] kunit_try_run_case+0x1a5/0x480 [ 26.136497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.136520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.136545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.136571] ? __kthread_parkme+0x82/0x180 [ 26.136592] ? preempt_count_sub+0x50/0x80 [ 26.136615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.136641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.136665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.136691] kthread+0x337/0x6f0 [ 26.136712] ? trace_preempt_on+0x20/0xc0 [ 26.136736] ? __pfx_kthread+0x10/0x10 [ 26.136757] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.136781] ? calculate_sigpending+0x7b/0xa0 [ 26.136806] ? __pfx_kthread+0x10/0x10 [ 26.136828] ret_from_fork+0x116/0x1d0 [ 26.136847] ? __pfx_kthread+0x10/0x10 [ 26.136869] ret_from_fork_asm+0x1a/0x30 [ 26.136901] </TASK> [ 26.136913] [ 26.143883] Allocated by task 314: [ 26.144054] kasan_save_stack+0x45/0x70 [ 26.144266] kasan_save_track+0x18/0x40 [ 26.144455] kasan_save_alloc_info+0x3b/0x50 [ 26.144679] __kasan_kmalloc+0xb7/0xc0 [ 26.144844] __kmalloc_noprof+0x1c9/0x500 [ 26.144982] kunit_kmalloc_array+0x25/0x60 [ 26.145120] copy_user_test_oob+0xab/0x10f0 [ 26.145271] kunit_try_run_case+0x1a5/0x480 [ 26.145412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.145580] kthread+0x337/0x6f0 [ 26.145700] ret_from_fork+0x116/0x1d0 [ 26.145888] ret_from_fork_asm+0x1a/0x30 [ 26.146166] [ 26.146265] The buggy address belongs to the object at ffff8881024e1b00 [ 26.146265] which belongs to the cache kmalloc-128 of size 128 [ 26.146795] The buggy address is located 0 bytes inside of [ 26.146795] allocated 120-byte region [ffff8881024e1b00, ffff8881024e1b78) [ 26.147757] [ 26.147831] The buggy address belongs to the physical page: [ 26.147999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e1 [ 26.148362] flags: 0x200000000000000(node=0|zone=2) [ 26.148591] page_type: f5(slab) [ 26.148750] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.149048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.149305] page dumped because: kasan: bad access detected [ 26.149480] [ 26.149546] Memory state around the buggy address: [ 26.149700] ffff8881024e1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.149929] ffff8881024e1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.150382] >ffff8881024e1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.150699] ^ [ 26.151016] ffff8881024e1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151352] ffff8881024e1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151562] ==================================================================