Date
July 10, 2025, 9:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.580904] ================================================================== [ 32.580970] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.581031] Read of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.581088] [ 32.581123] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.581231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.581260] Hardware name: linux,dummy-virt (DT) [ 32.581293] Call trace: [ 32.581318] show_stack+0x20/0x38 (C) [ 32.584989] dump_stack_lvl+0x8c/0xd0 [ 32.586117] print_report+0x118/0x5d0 [ 32.586620] kasan_report+0xdc/0x128 [ 32.587004] kasan_check_range+0x100/0x1a8 [ 32.587592] __kasan_check_read+0x20/0x30 [ 32.588330] copy_user_test_oob+0x728/0xec8 [ 32.588398] kunit_try_run_case+0x170/0x3f0 [ 32.588449] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.588912] kthread+0x328/0x630 [ 32.589650] ret_from_fork+0x10/0x20 [ 32.589844] [ 32.590348] Allocated by task 316: [ 32.590452] kasan_save_stack+0x3c/0x68 [ 32.591048] kasan_save_track+0x20/0x40 [ 32.591105] kasan_save_alloc_info+0x40/0x58 [ 32.591802] __kasan_kmalloc+0xd4/0xd8 [ 32.591856] __kmalloc_noprof+0x198/0x4c8 [ 32.591899] kunit_kmalloc_array+0x34/0x88 [ 32.592769] copy_user_test_oob+0xac/0xec8 [ 32.593366] kunit_try_run_case+0x170/0x3f0 [ 32.593945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.594389] kthread+0x328/0x630 [ 32.594481] ret_from_fork+0x10/0x20 [ 32.594597] [ 32.594816] The buggy address belongs to the object at fff00000c9bc2900 [ 32.594816] which belongs to the cache kmalloc-128 of size 128 [ 32.594896] The buggy address is located 0 bytes inside of [ 32.594896] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.595839] [ 32.596022] The buggy address belongs to the physical page: [ 32.596224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.596865] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.597079] page_type: f5(slab) [ 32.597231] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.598023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.598322] page dumped because: kasan: bad access detected [ 32.598358] [ 32.598885] Memory state around the buggy address: [ 32.598995] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.599060] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.599108] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.599159] ^ [ 32.599205] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.600009] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.600247] ================================================================== [ 32.622985] ================================================================== [ 32.623052] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.623103] Read of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.623265] [ 32.623313] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.623448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.623476] Hardware name: linux,dummy-virt (DT) [ 32.623533] Call trace: [ 32.623558] show_stack+0x20/0x38 (C) [ 32.623627] dump_stack_lvl+0x8c/0xd0 [ 32.623691] print_report+0x118/0x5d0 [ 32.623763] kasan_report+0xdc/0x128 [ 32.623806] kasan_check_range+0x100/0x1a8 [ 32.623854] __kasan_check_read+0x20/0x30 [ 32.623916] copy_user_test_oob+0x4a0/0xec8 [ 32.624012] kunit_try_run_case+0x170/0x3f0 [ 32.624069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.624144] kthread+0x328/0x630 [ 32.624188] ret_from_fork+0x10/0x20 [ 32.624235] [ 32.624255] Allocated by task 316: [ 32.624305] kasan_save_stack+0x3c/0x68 [ 32.624347] kasan_save_track+0x20/0x40 [ 32.624388] kasan_save_alloc_info+0x40/0x58 [ 32.624426] __kasan_kmalloc+0xd4/0xd8 [ 32.624466] __kmalloc_noprof+0x198/0x4c8 [ 32.624506] kunit_kmalloc_array+0x34/0x88 [ 32.624547] copy_user_test_oob+0xac/0xec8 [ 32.624588] kunit_try_run_case+0x170/0x3f0 [ 32.624835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.624890] kthread+0x328/0x630 [ 32.624968] ret_from_fork+0x10/0x20 [ 32.625016] [ 32.625045] The buggy address belongs to the object at fff00000c9bc2900 [ 32.625045] which belongs to the cache kmalloc-128 of size 128 [ 32.625112] The buggy address is located 0 bytes inside of [ 32.625112] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.625205] [ 32.625245] The buggy address belongs to the physical page: [ 32.625280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.625342] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.625542] page_type: f5(slab) [ 32.625590] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.625708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.625773] page dumped because: kasan: bad access detected [ 32.625809] [ 32.625830] Memory state around the buggy address: [ 32.625863] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.625910] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.625966] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.626009] ^ [ 32.626051] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.626105] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.626193] ================================================================== [ 32.609807] ================================================================== [ 32.610042] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.610119] Write of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.610228] [ 32.610268] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.610523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.610555] Hardware name: linux,dummy-virt (DT) [ 32.610588] Call trace: [ 32.610615] show_stack+0x20/0x38 (C) [ 32.610665] dump_stack_lvl+0x8c/0xd0 [ 32.610816] print_report+0x118/0x5d0 [ 32.610874] kasan_report+0xdc/0x128 [ 32.610917] kasan_check_range+0x100/0x1a8 [ 32.610964] __kasan_check_write+0x20/0x30 [ 32.611011] copy_user_test_oob+0x35c/0xec8 [ 32.611061] kunit_try_run_case+0x170/0x3f0 [ 32.611155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.611211] kthread+0x328/0x630 [ 32.611254] ret_from_fork+0x10/0x20 [ 32.611341] [ 32.611405] Allocated by task 316: [ 32.611463] kasan_save_stack+0x3c/0x68 [ 32.611592] kasan_save_track+0x20/0x40 [ 32.611659] kasan_save_alloc_info+0x40/0x58 [ 32.611752] __kasan_kmalloc+0xd4/0xd8 [ 32.611831] __kmalloc_noprof+0x198/0x4c8 [ 32.611929] kunit_kmalloc_array+0x34/0x88 [ 32.612020] copy_user_test_oob+0xac/0xec8 [ 32.612073] kunit_try_run_case+0x170/0x3f0 [ 32.612142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.612191] kthread+0x328/0x630 [ 32.612226] ret_from_fork+0x10/0x20 [ 32.612263] [ 32.612284] The buggy address belongs to the object at fff00000c9bc2900 [ 32.612284] which belongs to the cache kmalloc-128 of size 128 [ 32.612347] The buggy address is located 0 bytes inside of [ 32.612347] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.612441] [ 32.612463] The buggy address belongs to the physical page: [ 32.612538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.612636] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.612724] page_type: f5(slab) [ 32.612834] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.612924] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.612996] page dumped because: kasan: bad access detected [ 32.613069] [ 32.613153] Memory state around the buggy address: [ 32.613229] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.613324] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.613414] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.613540] ^ [ 32.613616] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.613663] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.613851] ================================================================== [ 32.543440] ================================================================== [ 32.543554] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.543654] Write of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.543709] [ 32.543756] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.543854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.543883] Hardware name: linux,dummy-virt (DT) [ 32.544471] Call trace: [ 32.545536] show_stack+0x20/0x38 (C) [ 32.546014] dump_stack_lvl+0x8c/0xd0 [ 32.546073] print_report+0x118/0x5d0 [ 32.546121] kasan_report+0xdc/0x128 [ 32.546177] kasan_check_range+0x100/0x1a8 [ 32.546227] __kasan_check_write+0x20/0x30 [ 32.546276] copy_user_test_oob+0x234/0xec8 [ 32.546326] kunit_try_run_case+0x170/0x3f0 [ 32.546382] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.546438] kthread+0x328/0x630 [ 32.546483] ret_from_fork+0x10/0x20 [ 32.546535] [ 32.546556] Allocated by task 316: [ 32.546589] kasan_save_stack+0x3c/0x68 [ 32.549477] kasan_save_track+0x20/0x40 [ 32.549913] kasan_save_alloc_info+0x40/0x58 [ 32.550027] __kasan_kmalloc+0xd4/0xd8 [ 32.550099] __kmalloc_noprof+0x198/0x4c8 [ 32.550752] kunit_kmalloc_array+0x34/0x88 [ 32.550811] copy_user_test_oob+0xac/0xec8 [ 32.551582] kunit_try_run_case+0x170/0x3f0 [ 32.551697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.552036] kthread+0x328/0x630 [ 32.553264] ret_from_fork+0x10/0x20 [ 32.553314] [ 32.553994] The buggy address belongs to the object at fff00000c9bc2900 [ 32.553994] which belongs to the cache kmalloc-128 of size 128 [ 32.554233] The buggy address is located 0 bytes inside of [ 32.554233] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.554533] [ 32.554560] The buggy address belongs to the physical page: [ 32.555221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.555348] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.555408] page_type: f5(slab) [ 32.555454] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.556174] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.556948] page dumped because: kasan: bad access detected [ 32.556989] [ 32.557011] Memory state around the buggy address: [ 32.557647] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.557765] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.557994] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.558189] ^ [ 32.558338] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.559653] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560451] ================================================================== [ 32.614582] ================================================================== [ 32.614656] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.614874] Read of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.614929] [ 32.614960] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.615065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.615093] Hardware name: linux,dummy-virt (DT) [ 32.615181] Call trace: [ 32.615251] show_stack+0x20/0x38 (C) [ 32.615373] dump_stack_lvl+0x8c/0xd0 [ 32.615450] print_report+0x118/0x5d0 [ 32.615510] kasan_report+0xdc/0x128 [ 32.615583] kasan_check_range+0x100/0x1a8 [ 32.615642] __kasan_check_read+0x20/0x30 [ 32.615709] copy_user_test_oob+0x3c8/0xec8 [ 32.615899] kunit_try_run_case+0x170/0x3f0 [ 32.616044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.616153] kthread+0x328/0x630 [ 32.616196] ret_from_fork+0x10/0x20 [ 32.616245] [ 32.616274] Allocated by task 316: [ 32.616303] kasan_save_stack+0x3c/0x68 [ 32.616346] kasan_save_track+0x20/0x40 [ 32.616395] kasan_save_alloc_info+0x40/0x58 [ 32.616458] __kasan_kmalloc+0xd4/0xd8 [ 32.616516] __kmalloc_noprof+0x198/0x4c8 [ 32.616557] kunit_kmalloc_array+0x34/0x88 [ 32.616598] copy_user_test_oob+0xac/0xec8 [ 32.616644] kunit_try_run_case+0x170/0x3f0 [ 32.616685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.616732] kthread+0x328/0x630 [ 32.616766] ret_from_fork+0x10/0x20 [ 32.616803] [ 32.616834] The buggy address belongs to the object at fff00000c9bc2900 [ 32.616834] which belongs to the cache kmalloc-128 of size 128 [ 32.616896] The buggy address is located 0 bytes inside of [ 32.616896] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.616963] [ 32.616987] The buggy address belongs to the physical page: [ 32.617022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.617085] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.617152] page_type: f5(slab) [ 32.617192] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.617245] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.617291] page dumped because: kasan: bad access detected [ 32.617325] [ 32.617366] Memory state around the buggy address: [ 32.617403] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.617450] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.617496] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.617538] ^ [ 32.617603] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.617647] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.617702] ================================================================== [ 32.618022] ================================================================== [ 32.618072] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.618148] Write of size 121 at addr fff00000c9bc2900 by task kunit_try_catch/316 [ 32.618203] [ 32.618258] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT [ 32.618346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618374] Hardware name: linux,dummy-virt (DT) [ 32.618408] Call trace: [ 32.618433] show_stack+0x20/0x38 (C) [ 32.618481] dump_stack_lvl+0x8c/0xd0 [ 32.618527] print_report+0x118/0x5d0 [ 32.618571] kasan_report+0xdc/0x128 [ 32.618788] kasan_check_range+0x100/0x1a8 [ 32.618840] __kasan_check_write+0x20/0x30 [ 32.618888] copy_user_test_oob+0x434/0xec8 [ 32.618936] kunit_try_run_case+0x170/0x3f0 [ 32.618985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.619040] kthread+0x328/0x630 [ 32.619206] ret_from_fork+0x10/0x20 [ 32.619334] [ 32.619437] Allocated by task 316: [ 32.619496] kasan_save_stack+0x3c/0x68 [ 32.619594] kasan_save_track+0x20/0x40 [ 32.619788] kasan_save_alloc_info+0x40/0x58 [ 32.619847] __kasan_kmalloc+0xd4/0xd8 [ 32.619887] __kmalloc_noprof+0x198/0x4c8 [ 32.619938] kunit_kmalloc_array+0x34/0x88 [ 32.620035] copy_user_test_oob+0xac/0xec8 [ 32.620113] kunit_try_run_case+0x170/0x3f0 [ 32.620237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.620325] kthread+0x328/0x630 [ 32.620390] ret_from_fork+0x10/0x20 [ 32.620512] [ 32.620533] The buggy address belongs to the object at fff00000c9bc2900 [ 32.620533] which belongs to the cache kmalloc-128 of size 128 [ 32.620596] The buggy address is located 0 bytes inside of [ 32.620596] allocated 120-byte region [fff00000c9bc2900, fff00000c9bc2978) [ 32.620682] [ 32.620703] The buggy address belongs to the physical page: [ 32.620964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc2 [ 32.621083] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.621227] page_type: f5(slab) [ 32.621295] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.621408] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.621584] page dumped because: kasan: bad access detected [ 32.621642] [ 32.621662] Memory state around the buggy address: [ 32.621697] fff00000c9bc2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.621762] fff00000c9bc2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.621848] >fff00000c9bc2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.621917] ^ [ 32.622045] fff00000c9bc2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622176] fff00000c9bc2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622300] ==================================================================
[ 29.228745] ================================================================== [ 29.229173] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.229737] Read of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.230220] [ 29.230333] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.230519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.230537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.230562] Call Trace: [ 29.230578] <TASK> [ 29.230594] dump_stack_lvl+0x73/0xb0 [ 29.230626] print_report+0xd1/0x610 [ 29.230652] ? __virt_addr_valid+0x1db/0x2d0 [ 29.230679] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.230745] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230769] kasan_report+0x141/0x180 [ 29.230793] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230822] kasan_check_range+0x10c/0x1c0 [ 29.230847] __kasan_check_read+0x15/0x20 [ 29.230871] copy_user_test_oob+0x4aa/0x10f0 [ 29.230897] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.230921] ? finish_task_switch.isra.0+0x153/0x700 [ 29.230945] ? __switch_to+0x47/0xf80 [ 29.230972] ? __schedule+0x10cc/0x2b60 [ 29.230997] ? __pfx_read_tsc+0x10/0x10 [ 29.231020] ? ktime_get_ts64+0x86/0x230 [ 29.231045] kunit_try_run_case+0x1a5/0x480 [ 29.231069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.231117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.231141] ? __kthread_parkme+0x82/0x180 [ 29.231164] ? preempt_count_sub+0x50/0x80 [ 29.231189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.231239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.231266] kthread+0x337/0x6f0 [ 29.231288] ? trace_preempt_on+0x20/0xc0 [ 29.231312] ? __pfx_kthread+0x10/0x10 [ 29.231335] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.231358] ? calculate_sigpending+0x7b/0xa0 [ 29.231384] ? __pfx_kthread+0x10/0x10 [ 29.231407] ret_from_fork+0x116/0x1d0 [ 29.231428] ? __pfx_kthread+0x10/0x10 [ 29.231450] ret_from_fork_asm+0x1a/0x30 [ 29.231482] </TASK> [ 29.231509] [ 29.241412] Allocated by task 333: [ 29.241897] kasan_save_stack+0x45/0x70 [ 29.242094] kasan_save_track+0x18/0x40 [ 29.242310] kasan_save_alloc_info+0x3b/0x50 [ 29.242739] __kasan_kmalloc+0xb7/0xc0 [ 29.243012] __kmalloc_noprof+0x1c9/0x500 [ 29.243228] kunit_kmalloc_array+0x25/0x60 [ 29.243578] copy_user_test_oob+0xab/0x10f0 [ 29.243807] kunit_try_run_case+0x1a5/0x480 [ 29.244114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.244446] kthread+0x337/0x6f0 [ 29.244752] ret_from_fork+0x116/0x1d0 [ 29.244900] ret_from_fork_asm+0x1a/0x30 [ 29.245231] [ 29.245335] The buggy address belongs to the object at ffff8881060c3d00 [ 29.245335] which belongs to the cache kmalloc-128 of size 128 [ 29.245997] The buggy address is located 0 bytes inside of [ 29.245997] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.246725] [ 29.246835] The buggy address belongs to the physical page: [ 29.247203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.247554] flags: 0x200000000000000(node=0|zone=2) [ 29.247954] page_type: f5(slab) [ 29.248201] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.248647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.249084] page dumped because: kasan: bad access detected [ 29.249348] [ 29.249597] Memory state around the buggy address: [ 29.249834] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.250253] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.250668] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.251032] ^ [ 29.251410] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.251899] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.252221] ================================================================== [ 29.253015] ================================================================== [ 29.253656] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.254069] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.254437] [ 29.254544] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.254595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.254730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.254889] Call Trace: [ 29.254905] <TASK> [ 29.254923] dump_stack_lvl+0x73/0xb0 [ 29.254954] print_report+0xd1/0x610 [ 29.254977] ? __virt_addr_valid+0x1db/0x2d0 [ 29.255002] ? copy_user_test_oob+0x557/0x10f0 [ 29.255027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.255055] ? copy_user_test_oob+0x557/0x10f0 [ 29.255079] kasan_report+0x141/0x180 [ 29.255102] ? copy_user_test_oob+0x557/0x10f0 [ 29.255131] kasan_check_range+0x10c/0x1c0 [ 29.255156] __kasan_check_write+0x18/0x20 [ 29.255180] copy_user_test_oob+0x557/0x10f0 [ 29.255206] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.255230] ? finish_task_switch.isra.0+0x153/0x700 [ 29.255253] ? __switch_to+0x47/0xf80 [ 29.255281] ? __schedule+0x10cc/0x2b60 [ 29.255304] ? __pfx_read_tsc+0x10/0x10 [ 29.255326] ? ktime_get_ts64+0x86/0x230 [ 29.255352] kunit_try_run_case+0x1a5/0x480 [ 29.255376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.255397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.255421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.255447] ? __kthread_parkme+0x82/0x180 [ 29.255469] ? preempt_count_sub+0x50/0x80 [ 29.255508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.255532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.255559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.255586] kthread+0x337/0x6f0 [ 29.255608] ? trace_preempt_on+0x20/0xc0 [ 29.255632] ? __pfx_kthread+0x10/0x10 [ 29.255654] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.255677] ? calculate_sigpending+0x7b/0xa0 [ 29.255712] ? __pfx_kthread+0x10/0x10 [ 29.255736] ret_from_fork+0x116/0x1d0 [ 29.255757] ? __pfx_kthread+0x10/0x10 [ 29.255780] ret_from_fork_asm+0x1a/0x30 [ 29.255812] </TASK> [ 29.255825] [ 29.265218] Allocated by task 333: [ 29.265387] kasan_save_stack+0x45/0x70 [ 29.265912] kasan_save_track+0x18/0x40 [ 29.266189] kasan_save_alloc_info+0x3b/0x50 [ 29.266394] __kasan_kmalloc+0xb7/0xc0 [ 29.266709] __kmalloc_noprof+0x1c9/0x500 [ 29.266973] kunit_kmalloc_array+0x25/0x60 [ 29.267141] copy_user_test_oob+0xab/0x10f0 [ 29.267335] kunit_try_run_case+0x1a5/0x480 [ 29.267541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.267784] kthread+0x337/0x6f0 [ 29.267972] ret_from_fork+0x116/0x1d0 [ 29.268115] ret_from_fork_asm+0x1a/0x30 [ 29.268315] [ 29.268391] The buggy address belongs to the object at ffff8881060c3d00 [ 29.268391] which belongs to the cache kmalloc-128 of size 128 [ 29.268877] The buggy address is located 0 bytes inside of [ 29.268877] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.269345] [ 29.269424] The buggy address belongs to the physical page: [ 29.269646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.270092] flags: 0x200000000000000(node=0|zone=2) [ 29.270351] page_type: f5(slab) [ 29.270533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.270830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.271119] page dumped because: kasan: bad access detected [ 29.271358] [ 29.271438] Memory state around the buggy address: [ 29.271620] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.272011] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.272317] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.272565] ^ [ 29.272864] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273148] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273366] ================================================================== [ 29.202395] ================================================================== [ 29.202889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.203361] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.204055] [ 29.204185] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.204237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.204251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.204275] Call Trace: [ 29.204290] <TASK> [ 29.204309] dump_stack_lvl+0x73/0xb0 [ 29.204339] print_report+0xd1/0x610 [ 29.204365] ? __virt_addr_valid+0x1db/0x2d0 [ 29.204391] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204418] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.204445] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204470] kasan_report+0x141/0x180 [ 29.204607] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204640] kasan_check_range+0x10c/0x1c0 [ 29.204680] __kasan_check_write+0x18/0x20 [ 29.204714] copy_user_test_oob+0x3fd/0x10f0 [ 29.204740] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.204765] ? finish_task_switch.isra.0+0x153/0x700 [ 29.204789] ? __switch_to+0x47/0xf80 [ 29.204816] ? __schedule+0x10cc/0x2b60 [ 29.204840] ? __pfx_read_tsc+0x10/0x10 [ 29.204863] ? ktime_get_ts64+0x86/0x230 [ 29.204889] kunit_try_run_case+0x1a5/0x480 [ 29.204912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.204934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.204958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.204983] ? __kthread_parkme+0x82/0x180 [ 29.205004] ? preempt_count_sub+0x50/0x80 [ 29.205028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.205080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.205106] kthread+0x337/0x6f0 [ 29.205128] ? trace_preempt_on+0x20/0xc0 [ 29.205151] ? __pfx_kthread+0x10/0x10 [ 29.205174] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.205197] ? calculate_sigpending+0x7b/0xa0 [ 29.205222] ? __pfx_kthread+0x10/0x10 [ 29.205245] ret_from_fork+0x116/0x1d0 [ 29.205267] ? __pfx_kthread+0x10/0x10 [ 29.205289] ret_from_fork_asm+0x1a/0x30 [ 29.205322] </TASK> [ 29.205335] [ 29.216479] Allocated by task 333: [ 29.216754] kasan_save_stack+0x45/0x70 [ 29.217161] kasan_save_track+0x18/0x40 [ 29.217337] kasan_save_alloc_info+0x3b/0x50 [ 29.217725] __kasan_kmalloc+0xb7/0xc0 [ 29.218014] __kmalloc_noprof+0x1c9/0x500 [ 29.218308] kunit_kmalloc_array+0x25/0x60 [ 29.218655] copy_user_test_oob+0xab/0x10f0 [ 29.218977] kunit_try_run_case+0x1a5/0x480 [ 29.219307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.219668] kthread+0x337/0x6f0 [ 29.219964] ret_from_fork+0x116/0x1d0 [ 29.220245] ret_from_fork_asm+0x1a/0x30 [ 29.220555] [ 29.220660] The buggy address belongs to the object at ffff8881060c3d00 [ 29.220660] which belongs to the cache kmalloc-128 of size 128 [ 29.221459] The buggy address is located 0 bytes inside of [ 29.221459] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.222181] [ 29.222264] The buggy address belongs to the physical page: [ 29.222784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.223150] flags: 0x200000000000000(node=0|zone=2) [ 29.223506] page_type: f5(slab) [ 29.223798] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.224126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.224457] page dumped because: kasan: bad access detected [ 29.224777] [ 29.224850] Memory state around the buggy address: [ 29.225357] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.225733] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.226200] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.226656] ^ [ 29.227100] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227490] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227925] ================================================================== [ 29.274021] ================================================================== [ 29.274293] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.274673] Read of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.274963] [ 29.275071] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.275121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.275134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.275158] Call Trace: [ 29.275172] <TASK> [ 29.275188] dump_stack_lvl+0x73/0xb0 [ 29.275216] print_report+0xd1/0x610 [ 29.275239] ? __virt_addr_valid+0x1db/0x2d0 [ 29.275265] ? copy_user_test_oob+0x604/0x10f0 [ 29.275289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.275316] ? copy_user_test_oob+0x604/0x10f0 [ 29.275341] kasan_report+0x141/0x180 [ 29.275365] ? copy_user_test_oob+0x604/0x10f0 [ 29.275393] kasan_check_range+0x10c/0x1c0 [ 29.275418] __kasan_check_read+0x15/0x20 [ 29.275442] copy_user_test_oob+0x604/0x10f0 [ 29.275469] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.275493] ? finish_task_switch.isra.0+0x153/0x700 [ 29.275516] ? __switch_to+0x47/0xf80 [ 29.275543] ? __schedule+0x10cc/0x2b60 [ 29.275566] ? __pfx_read_tsc+0x10/0x10 [ 29.275588] ? ktime_get_ts64+0x86/0x230 [ 29.275614] kunit_try_run_case+0x1a5/0x480 [ 29.275637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.275684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.275721] ? __kthread_parkme+0x82/0x180 [ 29.275744] ? preempt_count_sub+0x50/0x80 [ 29.275768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.275829] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.275859] kthread+0x337/0x6f0 [ 29.275881] ? trace_preempt_on+0x20/0xc0 [ 29.275906] ? __pfx_kthread+0x10/0x10 [ 29.275928] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.275951] ? calculate_sigpending+0x7b/0xa0 [ 29.275977] ? __pfx_kthread+0x10/0x10 [ 29.276001] ret_from_fork+0x116/0x1d0 [ 29.276021] ? __pfx_kthread+0x10/0x10 [ 29.276043] ret_from_fork_asm+0x1a/0x30 [ 29.276075] </TASK> [ 29.276088] [ 29.283143] Allocated by task 333: [ 29.283306] kasan_save_stack+0x45/0x70 [ 29.283452] kasan_save_track+0x18/0x40 [ 29.283586] kasan_save_alloc_info+0x3b/0x50 [ 29.283848] __kasan_kmalloc+0xb7/0xc0 [ 29.284039] __kmalloc_noprof+0x1c9/0x500 [ 29.284244] kunit_kmalloc_array+0x25/0x60 [ 29.284451] copy_user_test_oob+0xab/0x10f0 [ 29.284672] kunit_try_run_case+0x1a5/0x480 [ 29.284864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.285165] kthread+0x337/0x6f0 [ 29.285322] ret_from_fork+0x116/0x1d0 [ 29.285484] ret_from_fork_asm+0x1a/0x30 [ 29.285665] [ 29.285745] The buggy address belongs to the object at ffff8881060c3d00 [ 29.285745] which belongs to the cache kmalloc-128 of size 128 [ 29.286105] The buggy address is located 0 bytes inside of [ 29.286105] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.286591] [ 29.286683] The buggy address belongs to the physical page: [ 29.286942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.287270] flags: 0x200000000000000(node=0|zone=2) [ 29.287431] page_type: f5(slab) [ 29.287709] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.288052] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.288278] page dumped because: kasan: bad access detected [ 29.288457] [ 29.288627] Memory state around the buggy address: [ 29.288862] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.289185] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.289508] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.289795] ^ [ 29.290047] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.290261] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.290514] ==================================================================