Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.027415] ================================================================== [ 34.027470] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.027657] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.027806] [ 34.027905] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.028217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.028249] Hardware name: linux,dummy-virt (DT) [ 34.028298] Call trace: [ 34.028323] show_stack+0x20/0x38 (C) [ 34.028500] dump_stack_lvl+0x8c/0xd0 [ 34.028742] print_report+0x118/0x608 [ 34.028810] kasan_report+0xdc/0x128 [ 34.028858] kasan_check_range+0x100/0x1a8 [ 34.028936] __kasan_check_read+0x20/0x30 [ 34.029171] copy_user_test_oob+0x3c8/0xec8 [ 34.029221] kunit_try_run_case+0x170/0x3f0 [ 34.029313] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.029491] kthread+0x328/0x630 [ 34.029624] ret_from_fork+0x10/0x20 [ 34.029766] [ 34.029842] Allocated by task 318: [ 34.029879] kasan_save_stack+0x3c/0x68 [ 34.030351] kasan_save_track+0x20/0x40 [ 34.030402] kasan_save_alloc_info+0x40/0x58 [ 34.030446] __kasan_kmalloc+0xd4/0xd8 [ 34.030486] __kmalloc_noprof+0x198/0x4c8 [ 34.030940] kunit_kmalloc_array+0x34/0x88 [ 34.030995] copy_user_test_oob+0xac/0xec8 [ 34.031472] kunit_try_run_case+0x170/0x3f0 [ 34.031519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.032073] kthread+0x328/0x630 [ 34.032117] ret_from_fork+0x10/0x20 [ 34.032158] [ 34.032234] The buggy address belongs to the object at fff00000c8dc5900 [ 34.032234] which belongs to the cache kmalloc-128 of size 128 [ 34.032656] The buggy address is located 0 bytes inside of [ 34.032656] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.032736] [ 34.032763] The buggy address belongs to the physical page: [ 34.033075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.033136] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.033188] page_type: f5(slab) [ 34.033574] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.033632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.033676] page dumped because: kasan: bad access detected [ 34.034014] [ 34.034038] Memory state around the buggy address: [ 34.034074] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.034446] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.034505] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.034546] ^ [ 34.034935] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.034990] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.035034] ================================================================== [ 34.022430] ================================================================== [ 34.022520] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.022607] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.022904] [ 34.022952] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.023053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.023197] Hardware name: linux,dummy-virt (DT) [ 34.023249] Call trace: [ 34.023274] show_stack+0x20/0x38 (C) [ 34.023511] dump_stack_lvl+0x8c/0xd0 [ 34.023630] print_report+0x118/0x608 [ 34.023681] kasan_report+0xdc/0x128 [ 34.023794] kasan_check_range+0x100/0x1a8 [ 34.023843] __kasan_check_write+0x20/0x30 [ 34.023937] copy_user_test_oob+0x35c/0xec8 [ 34.023988] kunit_try_run_case+0x170/0x3f0 [ 34.024040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024096] kthread+0x328/0x630 [ 34.024140] ret_from_fork+0x10/0x20 [ 34.024191] [ 34.024239] Allocated by task 318: [ 34.024271] kasan_save_stack+0x3c/0x68 [ 34.024346] kasan_save_track+0x20/0x40 [ 34.024387] kasan_save_alloc_info+0x40/0x58 [ 34.024428] __kasan_kmalloc+0xd4/0xd8 [ 34.024469] __kmalloc_noprof+0x198/0x4c8 [ 34.024510] kunit_kmalloc_array+0x34/0x88 [ 34.024552] copy_user_test_oob+0xac/0xec8 [ 34.024654] kunit_try_run_case+0x170/0x3f0 [ 34.024752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.024800] kthread+0x328/0x630 [ 34.024835] ret_from_fork+0x10/0x20 [ 34.024875] [ 34.025166] The buggy address belongs to the object at fff00000c8dc5900 [ 34.025166] which belongs to the cache kmalloc-128 of size 128 [ 34.025243] The buggy address is located 0 bytes inside of [ 34.025243] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.025423] [ 34.025514] The buggy address belongs to the physical page: [ 34.025588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.025706] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.025758] page_type: f5(slab) [ 34.025809] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.025956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.026197] page dumped because: kasan: bad access detected [ 34.026233] [ 34.026254] Memory state around the buggy address: [ 34.026290] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.026335] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026382] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.026425] ^ [ 34.026468] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026521] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.026564] ================================================================== [ 34.042856] ================================================================== [ 34.042922] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.042984] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.043048] [ 34.043155] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.043324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.043353] Hardware name: linux,dummy-virt (DT) [ 34.043409] Call trace: [ 34.043433] show_stack+0x20/0x38 (C) [ 34.043486] dump_stack_lvl+0x8c/0xd0 [ 34.044236] print_report+0x118/0x608 [ 34.044327] kasan_report+0xdc/0x128 [ 34.044786] kasan_check_range+0x100/0x1a8 [ 34.044837] __kasan_check_read+0x20/0x30 [ 34.044886] copy_user_test_oob+0x4a0/0xec8 [ 34.044967] kunit_try_run_case+0x170/0x3f0 [ 34.045022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.045078] kthread+0x328/0x630 [ 34.045121] ret_from_fork+0x10/0x20 [ 34.045460] [ 34.045526] Allocated by task 318: [ 34.045559] kasan_save_stack+0x3c/0x68 [ 34.045607] kasan_save_track+0x20/0x40 [ 34.045892] kasan_save_alloc_info+0x40/0x58 [ 34.046000] __kasan_kmalloc+0xd4/0xd8 [ 34.046043] __kmalloc_noprof+0x198/0x4c8 [ 34.046292] kunit_kmalloc_array+0x34/0x88 [ 34.046335] copy_user_test_oob+0xac/0xec8 [ 34.046382] kunit_try_run_case+0x170/0x3f0 [ 34.046424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.046472] kthread+0x328/0x630 [ 34.046510] ret_from_fork+0x10/0x20 [ 34.046595] [ 34.046713] The buggy address belongs to the object at fff00000c8dc5900 [ 34.046713] which belongs to the cache kmalloc-128 of size 128 [ 34.047048] The buggy address is located 0 bytes inside of [ 34.047048] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.047134] [ 34.047235] The buggy address belongs to the physical page: [ 34.047331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.047419] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.047595] page_type: f5(slab) [ 34.047637] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.047728] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.047772] page dumped because: kasan: bad access detected [ 34.047807] [ 34.048138] Memory state around the buggy address: [ 34.048178] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.048227] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.048273] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.048314] ^ [ 34.048356] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.048709] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.049010] ================================================================== [ 34.036225] ================================================================== [ 34.036281] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.036334] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.036388] [ 34.036421] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.036512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.036541] Hardware name: linux,dummy-virt (DT) [ 34.036575] Call trace: [ 34.036600] show_stack+0x20/0x38 (C) [ 34.036652] dump_stack_lvl+0x8c/0xd0 [ 34.036702] print_report+0x118/0x608 [ 34.036753] kasan_report+0xdc/0x128 [ 34.036800] kasan_check_range+0x100/0x1a8 [ 34.036849] __kasan_check_write+0x20/0x30 [ 34.036897] copy_user_test_oob+0x434/0xec8 [ 34.037495] kunit_try_run_case+0x170/0x3f0 [ 34.037642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.037700] kthread+0x328/0x630 [ 34.037744] ret_from_fork+0x10/0x20 [ 34.037796] [ 34.037823] Allocated by task 318: [ 34.037971] kasan_save_stack+0x3c/0x68 [ 34.038171] kasan_save_track+0x20/0x40 [ 34.038211] kasan_save_alloc_info+0x40/0x58 [ 34.038337] __kasan_kmalloc+0xd4/0xd8 [ 34.038506] __kmalloc_noprof+0x198/0x4c8 [ 34.038560] kunit_kmalloc_array+0x34/0x88 [ 34.038601] copy_user_test_oob+0xac/0xec8 [ 34.038641] kunit_try_run_case+0x170/0x3f0 [ 34.038683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.038736] kthread+0x328/0x630 [ 34.038896] ret_from_fork+0x10/0x20 [ 34.038967] [ 34.038990] The buggy address belongs to the object at fff00000c8dc5900 [ 34.038990] which belongs to the cache kmalloc-128 of size 128 [ 34.039052] The buggy address is located 0 bytes inside of [ 34.039052] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.039118] [ 34.039140] The buggy address belongs to the physical page: [ 34.039174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.039312] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.039372] page_type: f5(slab) [ 34.039412] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.040137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.040195] page dumped because: kasan: bad access detected [ 34.040346] [ 34.040368] Memory state around the buggy address: [ 34.040671] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.040745] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.040790] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.040831] ^ [ 34.041150] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.041406] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.041449] ================================================================== [ 34.012786] ================================================================== [ 34.012844] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.012898] Read of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.012967] [ 34.013000] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.013089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.013119] Hardware name: linux,dummy-virt (DT) [ 34.013152] Call trace: [ 34.013179] show_stack+0x20/0x38 (C) [ 34.013231] dump_stack_lvl+0x8c/0xd0 [ 34.013280] print_report+0x118/0x608 [ 34.013330] kasan_report+0xdc/0x128 [ 34.013378] kasan_check_range+0x100/0x1a8 [ 34.013426] __kasan_check_read+0x20/0x30 [ 34.013473] copy_user_test_oob+0x728/0xec8 [ 34.013526] kunit_try_run_case+0x170/0x3f0 [ 34.013578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.013635] kthread+0x328/0x630 [ 34.013679] ret_from_fork+0x10/0x20 [ 34.013728] [ 34.013750] Allocated by task 318: [ 34.013780] kasan_save_stack+0x3c/0x68 [ 34.013824] kasan_save_track+0x20/0x40 [ 34.013864] kasan_save_alloc_info+0x40/0x58 [ 34.013904] __kasan_kmalloc+0xd4/0xd8 [ 34.013978] __kmalloc_noprof+0x198/0x4c8 [ 34.014021] kunit_kmalloc_array+0x34/0x88 [ 34.014061] copy_user_test_oob+0xac/0xec8 [ 34.014255] kunit_try_run_case+0x170/0x3f0 [ 34.014455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.014590] kthread+0x328/0x630 [ 34.014627] ret_from_fork+0x10/0x20 [ 34.014684] [ 34.014705] The buggy address belongs to the object at fff00000c8dc5900 [ 34.014705] which belongs to the cache kmalloc-128 of size 128 [ 34.014897] The buggy address is located 0 bytes inside of [ 34.014897] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.015199] [ 34.015223] The buggy address belongs to the physical page: [ 34.015257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.015505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.015624] page_type: f5(slab) [ 34.015706] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.015834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.015878] page dumped because: kasan: bad access detected [ 34.015914] [ 34.015945] Memory state around the buggy address: [ 34.015980] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.016026] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016071] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.016124] ^ [ 34.016277] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016322] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.016372] ================================================================== [ 34.001401] ================================================================== [ 34.001863] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.002010] Write of size 121 at addr fff00000c8dc5900 by task kunit_try_catch/318 [ 34.002066] [ 34.002610] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 34.002716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.002747] Hardware name: linux,dummy-virt (DT) [ 34.002781] Call trace: [ 34.002810] show_stack+0x20/0x38 (C) [ 34.002867] dump_stack_lvl+0x8c/0xd0 [ 34.002921] print_report+0x118/0x608 [ 34.002982] kasan_report+0xdc/0x128 [ 34.003032] kasan_check_range+0x100/0x1a8 [ 34.003079] __kasan_check_write+0x20/0x30 [ 34.003127] copy_user_test_oob+0x234/0xec8 [ 34.003178] kunit_try_run_case+0x170/0x3f0 [ 34.003230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.003286] kthread+0x328/0x630 [ 34.003332] ret_from_fork+0x10/0x20 [ 34.003384] [ 34.003416] Allocated by task 318: [ 34.003450] kasan_save_stack+0x3c/0x68 [ 34.003857] kasan_save_track+0x20/0x40 [ 34.003958] kasan_save_alloc_info+0x40/0x58 [ 34.003999] __kasan_kmalloc+0xd4/0xd8 [ 34.004483] __kmalloc_noprof+0x198/0x4c8 [ 34.004721] kunit_kmalloc_array+0x34/0x88 [ 34.004913] copy_user_test_oob+0xac/0xec8 [ 34.005086] kunit_try_run_case+0x170/0x3f0 [ 34.005150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.005310] kthread+0x328/0x630 [ 34.005375] ret_from_fork+0x10/0x20 [ 34.005416] [ 34.005439] The buggy address belongs to the object at fff00000c8dc5900 [ 34.005439] which belongs to the cache kmalloc-128 of size 128 [ 34.005565] The buggy address is located 0 bytes inside of [ 34.005565] allocated 120-byte region [fff00000c8dc5900, fff00000c8dc5978) [ 34.005877] [ 34.005904] The buggy address belongs to the physical page: [ 34.006279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dc5 [ 34.006542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.006872] page_type: f5(slab) [ 34.006935] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.006991] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.007108] page dumped because: kasan: bad access detected [ 34.007342] [ 34.007457] Memory state around the buggy address: [ 34.007589] fff00000c8dc5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.007658] fff00000c8dc5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007758] >fff00000c8dc5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.007806] ^ [ 34.007871] fff00000c8dc5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007916] fff00000c8dc5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.007966] ==================================================================
[ 35.523170] ================================================================== [ 35.523264] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 35.523366] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.523615] [ 35.523673] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.523935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.523978] Hardware name: linux,dummy-virt (DT) [ 35.524069] Call trace: [ 35.524125] show_stack+0x20/0x38 (C) [ 35.524270] dump_stack_lvl+0x8c/0xd0 [ 35.524394] print_report+0x118/0x608 [ 35.524490] kasan_report+0xdc/0x128 [ 35.524567] kasan_check_range+0x100/0x1a8 [ 35.524640] __kasan_check_write+0x20/0x30 [ 35.524722] copy_user_test_oob+0x234/0xec8 [ 35.524781] kunit_try_run_case+0x170/0x3f0 [ 35.524836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.524902] kthread+0x328/0x630 [ 35.524956] ret_from_fork+0x10/0x20 [ 35.525011] [ 35.525049] Allocated by task 316: [ 35.525082] kasan_save_stack+0x3c/0x68 [ 35.525139] kasan_save_track+0x20/0x40 [ 35.525199] kasan_save_alloc_info+0x40/0x58 [ 35.525249] __kasan_kmalloc+0xd4/0xd8 [ 35.525305] __kmalloc_noprof+0x198/0x4c8 [ 35.525362] kunit_kmalloc_array+0x34/0x88 [ 35.525403] copy_user_test_oob+0xac/0xec8 [ 35.525453] kunit_try_run_case+0x170/0x3f0 [ 35.525504] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.525552] kthread+0x328/0x630 [ 35.525586] ret_from_fork+0x10/0x20 [ 35.525626] [ 35.525658] The buggy address belongs to the object at fff00000c988b100 [ 35.525658] which belongs to the cache kmalloc-128 of size 128 [ 35.525722] The buggy address is located 0 bytes inside of [ 35.525722] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.525798] [ 35.525822] The buggy address belongs to the physical page: [ 35.525868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.525928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.525989] page_type: f5(slab) [ 35.526033] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.526097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.526141] page dumped because: kasan: bad access detected [ 35.526186] [ 35.526208] Memory state around the buggy address: [ 35.526243] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.526423] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.526819] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.526917] ^ [ 35.527152] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.527309] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.527382] ================================================================== [ 35.541800] ================================================================== [ 35.541859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 35.541928] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.541983] [ 35.542018] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.542107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.542175] Hardware name: linux,dummy-virt (DT) [ 35.542212] Call trace: [ 35.542237] show_stack+0x20/0x38 (C) [ 35.542312] dump_stack_lvl+0x8c/0xd0 [ 35.542381] print_report+0x118/0x608 [ 35.542431] kasan_report+0xdc/0x128 [ 35.542483] kasan_check_range+0x100/0x1a8 [ 35.542543] __kasan_check_write+0x20/0x30 [ 35.542776] copy_user_test_oob+0x35c/0xec8 [ 35.542846] kunit_try_run_case+0x170/0x3f0 [ 35.542901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.543035] kthread+0x328/0x630 [ 35.543084] ret_from_fork+0x10/0x20 [ 35.543263] [ 35.543334] Allocated by task 316: [ 35.543372] kasan_save_stack+0x3c/0x68 [ 35.543428] kasan_save_track+0x20/0x40 [ 35.543565] kasan_save_alloc_info+0x40/0x58 [ 35.543652] __kasan_kmalloc+0xd4/0xd8 [ 35.543693] __kmalloc_noprof+0x198/0x4c8 [ 35.543733] kunit_kmalloc_array+0x34/0x88 [ 35.543789] copy_user_test_oob+0xac/0xec8 [ 35.543831] kunit_try_run_case+0x170/0x3f0 [ 35.544165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.544262] kthread+0x328/0x630 [ 35.544317] ret_from_fork+0x10/0x20 [ 35.544578] [ 35.544602] The buggy address belongs to the object at fff00000c988b100 [ 35.544602] which belongs to the cache kmalloc-128 of size 128 [ 35.544667] The buggy address is located 0 bytes inside of [ 35.544667] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.544732] [ 35.544762] The buggy address belongs to the physical page: [ 35.544809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.544863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.544915] page_type: f5(slab) [ 35.544958] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.545023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.545066] page dumped because: kasan: bad access detected [ 35.545101] [ 35.545131] Memory state around the buggy address: [ 35.545177] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.545223] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545269] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.545311] ^ [ 35.545353] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545510] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.545662] ================================================================== [ 35.552067] ================================================================== [ 35.552137] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 35.552205] Write of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.552258] [ 35.552466] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.552571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.552705] Hardware name: linux,dummy-virt (DT) [ 35.552762] Call trace: [ 35.552843] show_stack+0x20/0x38 (C) [ 35.552902] dump_stack_lvl+0x8c/0xd0 [ 35.553008] print_report+0x118/0x608 [ 35.553084] kasan_report+0xdc/0x128 [ 35.553146] kasan_check_range+0x100/0x1a8 [ 35.553237] __kasan_check_write+0x20/0x30 [ 35.553293] copy_user_test_oob+0x434/0xec8 [ 35.553361] kunit_try_run_case+0x170/0x3f0 [ 35.553411] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.553477] kthread+0x328/0x630 [ 35.553539] ret_from_fork+0x10/0x20 [ 35.553590] [ 35.553611] Allocated by task 316: [ 35.553642] kasan_save_stack+0x3c/0x68 [ 35.553898] kasan_save_track+0x20/0x40 [ 35.553967] kasan_save_alloc_info+0x40/0x58 [ 35.554016] __kasan_kmalloc+0xd4/0xd8 [ 35.554064] __kmalloc_noprof+0x198/0x4c8 [ 35.554121] kunit_kmalloc_array+0x34/0x88 [ 35.554177] copy_user_test_oob+0xac/0xec8 [ 35.554224] kunit_try_run_case+0x170/0x3f0 [ 35.554272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.554327] kthread+0x328/0x630 [ 35.554365] ret_from_fork+0x10/0x20 [ 35.554404] [ 35.554427] The buggy address belongs to the object at fff00000c988b100 [ 35.554427] which belongs to the cache kmalloc-128 of size 128 [ 35.554506] The buggy address is located 0 bytes inside of [ 35.554506] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.554575] [ 35.554598] The buggy address belongs to the physical page: [ 35.554632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.554686] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.554738] page_type: f5(slab) [ 35.554778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.554832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.554875] page dumped because: kasan: bad access detected [ 35.554909] [ 35.554930] Memory state around the buggy address: [ 35.554975] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.555022] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555067] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.555108] ^ [ 35.555148] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555206] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.555247] ================================================================== [ 35.531267] ================================================================== [ 35.531321] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 35.531374] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.531464] [ 35.531525] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.531656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.531706] Hardware name: linux,dummy-virt (DT) [ 35.531760] Call trace: [ 35.531828] show_stack+0x20/0x38 (C) [ 35.531906] dump_stack_lvl+0x8c/0xd0 [ 35.531970] print_report+0x118/0x608 [ 35.532020] kasan_report+0xdc/0x128 [ 35.532069] kasan_check_range+0x100/0x1a8 [ 35.532115] __kasan_check_read+0x20/0x30 [ 35.532175] copy_user_test_oob+0x728/0xec8 [ 35.532226] kunit_try_run_case+0x170/0x3f0 [ 35.532519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.532609] kthread+0x328/0x630 [ 35.532833] ret_from_fork+0x10/0x20 [ 35.532975] [ 35.533062] Allocated by task 316: [ 35.533120] kasan_save_stack+0x3c/0x68 [ 35.533233] kasan_save_track+0x20/0x40 [ 35.533291] kasan_save_alloc_info+0x40/0x58 [ 35.533358] __kasan_kmalloc+0xd4/0xd8 [ 35.533456] __kmalloc_noprof+0x198/0x4c8 [ 35.533538] kunit_kmalloc_array+0x34/0x88 [ 35.533637] copy_user_test_oob+0xac/0xec8 [ 35.533703] kunit_try_run_case+0x170/0x3f0 [ 35.533744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.534037] kthread+0x328/0x630 [ 35.534097] ret_from_fork+0x10/0x20 [ 35.534199] [ 35.534258] The buggy address belongs to the object at fff00000c988b100 [ 35.534258] which belongs to the cache kmalloc-128 of size 128 [ 35.534349] The buggy address is located 0 bytes inside of [ 35.534349] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.534640] [ 35.534687] The buggy address belongs to the physical page: [ 35.534772] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.534859] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.534913] page_type: f5(slab) [ 35.534954] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.535274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.535351] page dumped because: kasan: bad access detected [ 35.535395] [ 35.535682] Memory state around the buggy address: [ 35.535746] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.535794] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.535855] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.535897] ^ [ 35.536272] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.536369] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.536441] ================================================================== [ 35.546552] ================================================================== [ 35.546628] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 35.546681] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.546750] [ 35.546799] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.546958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.546998] Hardware name: linux,dummy-virt (DT) [ 35.547033] Call trace: [ 35.547083] show_stack+0x20/0x38 (C) [ 35.547236] dump_stack_lvl+0x8c/0xd0 [ 35.547296] print_report+0x118/0x608 [ 35.547388] kasan_report+0xdc/0x128 [ 35.547553] kasan_check_range+0x100/0x1a8 [ 35.547634] __kasan_check_read+0x20/0x30 [ 35.547711] copy_user_test_oob+0x3c8/0xec8 [ 35.547780] kunit_try_run_case+0x170/0x3f0 [ 35.547852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.547909] kthread+0x328/0x630 [ 35.547986] ret_from_fork+0x10/0x20 [ 35.548037] [ 35.548276] Allocated by task 316: [ 35.548338] kasan_save_stack+0x3c/0x68 [ 35.548434] kasan_save_track+0x20/0x40 [ 35.548546] kasan_save_alloc_info+0x40/0x58 [ 35.548615] __kasan_kmalloc+0xd4/0xd8 [ 35.548917] __kmalloc_noprof+0x198/0x4c8 [ 35.549004] kunit_kmalloc_array+0x34/0x88 [ 35.549108] copy_user_test_oob+0xac/0xec8 [ 35.549205] kunit_try_run_case+0x170/0x3f0 [ 35.549278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.549362] kthread+0x328/0x630 [ 35.549429] ret_from_fork+0x10/0x20 [ 35.549552] [ 35.549595] The buggy address belongs to the object at fff00000c988b100 [ 35.549595] which belongs to the cache kmalloc-128 of size 128 [ 35.549658] The buggy address is located 0 bytes inside of [ 35.549658] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.549737] [ 35.550051] The buggy address belongs to the physical page: [ 35.550118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.550342] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.550481] page_type: f5(slab) [ 35.550586] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.550663] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.550726] page dumped because: kasan: bad access detected [ 35.550819] [ 35.550840] Memory state around the buggy address: [ 35.550874] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.550945] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551192] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.551237] ^ [ 35.551680] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551783] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.551862] ================================================================== [ 35.555369] ================================================================== [ 35.555414] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 35.555866] Read of size 121 at addr fff00000c988b100 by task kunit_try_catch/316 [ 35.555953] [ 35.555994] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 35.556358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.556424] Hardware name: linux,dummy-virt (DT) [ 35.556458] Call trace: [ 35.556547] show_stack+0x20/0x38 (C) [ 35.556612] dump_stack_lvl+0x8c/0xd0 [ 35.556685] print_report+0x118/0x608 [ 35.556795] kasan_report+0xdc/0x128 [ 35.556927] kasan_check_range+0x100/0x1a8 [ 35.556994] __kasan_check_read+0x20/0x30 [ 35.557069] copy_user_test_oob+0x4a0/0xec8 [ 35.557172] kunit_try_run_case+0x170/0x3f0 [ 35.557242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.557325] kthread+0x328/0x630 [ 35.557370] ret_from_fork+0x10/0x20 [ 35.557420] [ 35.557440] Allocated by task 316: [ 35.557621] kasan_save_stack+0x3c/0x68 [ 35.557679] kasan_save_track+0x20/0x40 [ 35.557719] kasan_save_alloc_info+0x40/0x58 [ 35.557802] __kasan_kmalloc+0xd4/0xd8 [ 35.557880] __kmalloc_noprof+0x198/0x4c8 [ 35.557992] kunit_kmalloc_array+0x34/0x88 [ 35.558070] copy_user_test_oob+0xac/0xec8 [ 35.558375] kunit_try_run_case+0x170/0x3f0 [ 35.558476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.558525] kthread+0x328/0x630 [ 35.558828] ret_from_fork+0x10/0x20 [ 35.558927] [ 35.559020] The buggy address belongs to the object at fff00000c988b100 [ 35.559020] which belongs to the cache kmalloc-128 of size 128 [ 35.559109] The buggy address is located 0 bytes inside of [ 35.559109] allocated 120-byte region [fff00000c988b100, fff00000c988b178) [ 35.559431] [ 35.559516] The buggy address belongs to the physical page: [ 35.559626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10988b [ 35.559703] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.559754] page_type: f5(slab) [ 35.559819] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.559873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.560085] page dumped because: kasan: bad access detected [ 35.560299] [ 35.560347] Memory state around the buggy address: [ 35.560394] fff00000c988b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.560468] fff00000c988b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.560734] >fff00000c988b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.560907] ^ [ 35.560971] fff00000c988b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.561029] fff00000c988b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.561096] ==================================================================
[ 27.261630] ================================================================== [ 27.262033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.262421] Read of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.262762] [ 27.262855] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.262910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.262948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.262975] Call Trace: [ 27.262999] <TASK> [ 27.263024] dump_stack_lvl+0x73/0xb0 [ 27.263057] print_report+0xd1/0x650 [ 27.263093] ? __virt_addr_valid+0x1db/0x2d0 [ 27.263120] ? copy_user_test_oob+0x604/0x10f0 [ 27.263169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.263213] ? copy_user_test_oob+0x604/0x10f0 [ 27.263254] kasan_report+0x141/0x180 [ 27.263292] ? copy_user_test_oob+0x604/0x10f0 [ 27.263336] kasan_check_range+0x10c/0x1c0 [ 27.263389] __kasan_check_read+0x15/0x20 [ 27.263429] copy_user_test_oob+0x604/0x10f0 [ 27.263456] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.263481] ? finish_task_switch.isra.0+0x153/0x700 [ 27.263522] ? __switch_to+0x47/0xf50 [ 27.263551] ? __schedule+0x10cc/0x2b60 [ 27.263574] ? __pfx_read_tsc+0x10/0x10 [ 27.263598] ? ktime_get_ts64+0x86/0x230 [ 27.263627] kunit_try_run_case+0x1a5/0x480 [ 27.263656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.263682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.263705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.263732] ? __kthread_parkme+0x82/0x180 [ 27.263773] ? preempt_count_sub+0x50/0x80 [ 27.263799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.263827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.263855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.263882] kthread+0x337/0x6f0 [ 27.263905] ? trace_preempt_on+0x20/0xc0 [ 27.263970] ? __pfx_kthread+0x10/0x10 [ 27.263994] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.264022] ? calculate_sigpending+0x7b/0xa0 [ 27.264049] ? __pfx_kthread+0x10/0x10 [ 27.264082] ret_from_fork+0x116/0x1d0 [ 27.264105] ? __pfx_kthread+0x10/0x10 [ 27.264127] ret_from_fork_asm+0x1a/0x30 [ 27.264162] </TASK> [ 27.264178] [ 27.274623] Allocated by task 334: [ 27.274788] kasan_save_stack+0x45/0x70 [ 27.275404] kasan_save_track+0x18/0x40 [ 27.276042] kasan_save_alloc_info+0x3b/0x50 [ 27.276648] __kasan_kmalloc+0xb7/0xc0 [ 27.277201] __kmalloc_noprof+0x1c9/0x500 [ 27.277772] kunit_kmalloc_array+0x25/0x60 [ 27.278429] copy_user_test_oob+0xab/0x10f0 [ 27.278988] kunit_try_run_case+0x1a5/0x480 [ 27.279564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.280283] kthread+0x337/0x6f0 [ 27.280733] ret_from_fork+0x116/0x1d0 [ 27.280873] ret_from_fork_asm+0x1a/0x30 [ 27.281438] [ 27.281739] The buggy address belongs to the object at ffff88810255ef00 [ 27.281739] which belongs to the cache kmalloc-128 of size 128 [ 27.282502] The buggy address is located 0 bytes inside of [ 27.282502] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.282852] [ 27.282924] The buggy address belongs to the physical page: [ 27.283814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.284835] flags: 0x200000000000000(node=0|zone=2) [ 27.285454] page_type: f5(slab) [ 27.285907] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.286675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.286908] page dumped because: kasan: bad access detected [ 27.287755] [ 27.288056] Memory state around the buggy address: [ 27.288715] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.289212] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289434] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.289643] ^ [ 27.289857] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.290903] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.291733] ================================================================== [ 27.242674] ================================================================== [ 27.243088] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.243616] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.243926] [ 27.244043] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.244110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.244126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.244152] Call Trace: [ 27.244175] <TASK> [ 27.244198] dump_stack_lvl+0x73/0xb0 [ 27.244229] print_report+0xd1/0x650 [ 27.244254] ? __virt_addr_valid+0x1db/0x2d0 [ 27.244280] ? copy_user_test_oob+0x557/0x10f0 [ 27.244305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.244333] ? copy_user_test_oob+0x557/0x10f0 [ 27.244358] kasan_report+0x141/0x180 [ 27.244383] ? copy_user_test_oob+0x557/0x10f0 [ 27.244412] kasan_check_range+0x10c/0x1c0 [ 27.244438] __kasan_check_write+0x18/0x20 [ 27.244463] copy_user_test_oob+0x557/0x10f0 [ 27.244490] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.244515] ? finish_task_switch.isra.0+0x153/0x700 [ 27.244540] ? __switch_to+0x47/0xf50 [ 27.244568] ? __schedule+0x10cc/0x2b60 [ 27.244592] ? __pfx_read_tsc+0x10/0x10 [ 27.244617] ? ktime_get_ts64+0x86/0x230 [ 27.244644] kunit_try_run_case+0x1a5/0x480 [ 27.244672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.244723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.244747] ? __kthread_parkme+0x82/0x180 [ 27.244770] ? preempt_count_sub+0x50/0x80 [ 27.244795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.244850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.244877] kthread+0x337/0x6f0 [ 27.244899] ? trace_preempt_on+0x20/0xc0 [ 27.244925] ? __pfx_kthread+0x10/0x10 [ 27.244948] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.244975] ? calculate_sigpending+0x7b/0xa0 [ 27.245001] ? __pfx_kthread+0x10/0x10 [ 27.245025] ret_from_fork+0x116/0x1d0 [ 27.245047] ? __pfx_kthread+0x10/0x10 [ 27.245114] ret_from_fork_asm+0x1a/0x30 [ 27.245149] </TASK> [ 27.245164] [ 27.252721] Allocated by task 334: [ 27.252936] kasan_save_stack+0x45/0x70 [ 27.253124] kasan_save_track+0x18/0x40 [ 27.253318] kasan_save_alloc_info+0x3b/0x50 [ 27.253524] __kasan_kmalloc+0xb7/0xc0 [ 27.253654] __kmalloc_noprof+0x1c9/0x500 [ 27.253799] kunit_kmalloc_array+0x25/0x60 [ 27.253972] copy_user_test_oob+0xab/0x10f0 [ 27.254128] kunit_try_run_case+0x1a5/0x480 [ 27.254275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.254516] kthread+0x337/0x6f0 [ 27.254688] ret_from_fork+0x116/0x1d0 [ 27.254905] ret_from_fork_asm+0x1a/0x30 [ 27.255163] [ 27.255276] The buggy address belongs to the object at ffff88810255ef00 [ 27.255276] which belongs to the cache kmalloc-128 of size 128 [ 27.255825] The buggy address is located 0 bytes inside of [ 27.255825] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.256375] [ 27.256490] The buggy address belongs to the physical page: [ 27.256736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.257176] flags: 0x200000000000000(node=0|zone=2) [ 27.257479] page_type: f5(slab) [ 27.257693] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.258113] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.258456] page dumped because: kasan: bad access detected [ 27.258725] [ 27.258822] Memory state around the buggy address: [ 27.259087] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.259414] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.259740] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.260098] ^ [ 27.260365] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.260586] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.260803] ================================================================== [ 27.224057] ================================================================== [ 27.224462] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.224811] Read of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.225160] [ 27.225303] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.225357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.225372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.225399] Call Trace: [ 27.225441] <TASK> [ 27.225463] dump_stack_lvl+0x73/0xb0 [ 27.225495] print_report+0xd1/0x650 [ 27.225520] ? __virt_addr_valid+0x1db/0x2d0 [ 27.225546] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.225619] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225645] kasan_report+0x141/0x180 [ 27.225670] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.225699] kasan_check_range+0x10c/0x1c0 [ 27.225725] __kasan_check_read+0x15/0x20 [ 27.225750] copy_user_test_oob+0x4aa/0x10f0 [ 27.225778] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.225825] ? finish_task_switch.isra.0+0x153/0x700 [ 27.225850] ? __switch_to+0x47/0xf50 [ 27.225880] ? __schedule+0x10cc/0x2b60 [ 27.225905] ? __pfx_read_tsc+0x10/0x10 [ 27.225950] ? ktime_get_ts64+0x86/0x230 [ 27.225996] kunit_try_run_case+0x1a5/0x480 [ 27.226026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.226052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.226085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.226109] ? __kthread_parkme+0x82/0x180 [ 27.226132] ? preempt_count_sub+0x50/0x80 [ 27.226158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.226204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.226231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.226259] kthread+0x337/0x6f0 [ 27.226281] ? trace_preempt_on+0x20/0xc0 [ 27.226307] ? __pfx_kthread+0x10/0x10 [ 27.226331] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.226375] ? calculate_sigpending+0x7b/0xa0 [ 27.226402] ? __pfx_kthread+0x10/0x10 [ 27.226427] ret_from_fork+0x116/0x1d0 [ 27.226448] ? __pfx_kthread+0x10/0x10 [ 27.226488] ret_from_fork_asm+0x1a/0x30 [ 27.226522] </TASK> [ 27.226536] [ 27.234112] Allocated by task 334: [ 27.234281] kasan_save_stack+0x45/0x70 [ 27.234489] kasan_save_track+0x18/0x40 [ 27.234689] kasan_save_alloc_info+0x3b/0x50 [ 27.234884] __kasan_kmalloc+0xb7/0xc0 [ 27.235121] __kmalloc_noprof+0x1c9/0x500 [ 27.235316] kunit_kmalloc_array+0x25/0x60 [ 27.235468] copy_user_test_oob+0xab/0x10f0 [ 27.235609] kunit_try_run_case+0x1a5/0x480 [ 27.235750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.235929] kthread+0x337/0x6f0 [ 27.236045] ret_from_fork+0x116/0x1d0 [ 27.236247] ret_from_fork_asm+0x1a/0x30 [ 27.236448] [ 27.236545] The buggy address belongs to the object at ffff88810255ef00 [ 27.236545] which belongs to the cache kmalloc-128 of size 128 [ 27.237171] The buggy address is located 0 bytes inside of [ 27.237171] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.237700] [ 27.237772] The buggy address belongs to the physical page: [ 27.237975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.238222] flags: 0x200000000000000(node=0|zone=2) [ 27.238383] page_type: f5(slab) [ 27.238501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.238726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.239080] page dumped because: kasan: bad access detected [ 27.239360] [ 27.239473] Memory state around the buggy address: [ 27.239740] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.240165] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.240545] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.240901] ^ [ 27.241257] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.241605] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.241957] ================================================================== [ 27.205967] ================================================================== [ 27.206360] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.206677] Write of size 121 at addr ffff88810255ef00 by task kunit_try_catch/334 [ 27.207008] [ 27.207123] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.207179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.207195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.207221] Call Trace: [ 27.207238] <TASK> [ 27.207260] dump_stack_lvl+0x73/0xb0 [ 27.207292] print_report+0xd1/0x650 [ 27.207317] ? __virt_addr_valid+0x1db/0x2d0 [ 27.207345] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207371] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.207400] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207426] kasan_report+0x141/0x180 [ 27.207450] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.207480] kasan_check_range+0x10c/0x1c0 [ 27.207506] __kasan_check_write+0x18/0x20 [ 27.207531] copy_user_test_oob+0x3fd/0x10f0 [ 27.207558] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.207583] ? finish_task_switch.isra.0+0x153/0x700 [ 27.207608] ? __switch_to+0x47/0xf50 [ 27.207637] ? __schedule+0x10cc/0x2b60 [ 27.207663] ? __pfx_read_tsc+0x10/0x10 [ 27.207688] ? ktime_get_ts64+0x86/0x230 [ 27.207716] kunit_try_run_case+0x1a5/0x480 [ 27.207744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.207771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.207795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.207820] ? __kthread_parkme+0x82/0x180 [ 27.207843] ? preempt_count_sub+0x50/0x80 [ 27.207869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.207896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.207947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.207976] kthread+0x337/0x6f0 [ 27.207998] ? trace_preempt_on+0x20/0xc0 [ 27.208024] ? __pfx_kthread+0x10/0x10 [ 27.208047] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.208082] ? calculate_sigpending+0x7b/0xa0 [ 27.208109] ? __pfx_kthread+0x10/0x10 [ 27.208133] ret_from_fork+0x116/0x1d0 [ 27.208155] ? __pfx_kthread+0x10/0x10 [ 27.208178] ret_from_fork_asm+0x1a/0x30 [ 27.208211] </TASK> [ 27.208226] [ 27.215179] Allocated by task 334: [ 27.215367] kasan_save_stack+0x45/0x70 [ 27.215568] kasan_save_track+0x18/0x40 [ 27.215761] kasan_save_alloc_info+0x3b/0x50 [ 27.215987] __kasan_kmalloc+0xb7/0xc0 [ 27.216133] __kmalloc_noprof+0x1c9/0x500 [ 27.216281] kunit_kmalloc_array+0x25/0x60 [ 27.216428] copy_user_test_oob+0xab/0x10f0 [ 27.216636] kunit_try_run_case+0x1a5/0x480 [ 27.216865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.217184] kthread+0x337/0x6f0 [ 27.217359] ret_from_fork+0x116/0x1d0 [ 27.217564] ret_from_fork_asm+0x1a/0x30 [ 27.217760] [ 27.217882] The buggy address belongs to the object at ffff88810255ef00 [ 27.217882] which belongs to the cache kmalloc-128 of size 128 [ 27.218419] The buggy address is located 0 bytes inside of [ 27.218419] allocated 120-byte region [ffff88810255ef00, ffff88810255ef78) [ 27.218983] [ 27.219109] The buggy address belongs to the physical page: [ 27.219369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 27.219729] flags: 0x200000000000000(node=0|zone=2) [ 27.220016] page_type: f5(slab) [ 27.220206] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.220471] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.220704] page dumped because: kasan: bad access detected [ 27.220874] [ 27.221023] Memory state around the buggy address: [ 27.221267] ffff88810255ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.221609] ffff88810255ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.221997] >ffff88810255ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.222332] ^ [ 27.222675] ffff88810255ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.223001] ffff88810255f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.223334] ==================================================================
[ 27.006731] ================================================================== [ 27.007678] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.008067] Read of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.008775] [ 27.008897] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.009073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.009090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.009114] Call Trace: [ 27.009135] <TASK> [ 27.009154] dump_stack_lvl+0x73/0xb0 [ 27.009186] print_report+0xd1/0x650 [ 27.009210] ? __virt_addr_valid+0x1db/0x2d0 [ 27.009235] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.009286] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009324] kasan_report+0x141/0x180 [ 27.009347] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009375] kasan_check_range+0x10c/0x1c0 [ 27.009399] __kasan_check_read+0x15/0x20 [ 27.009682] copy_user_test_oob+0x4aa/0x10f0 [ 27.009708] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.009732] ? finish_task_switch.isra.0+0x153/0x700 [ 27.009763] ? __switch_to+0x47/0xf50 [ 27.009789] ? __schedule+0x10cc/0x2b60 [ 27.009813] ? __pfx_read_tsc+0x10/0x10 [ 27.009836] ? ktime_get_ts64+0x86/0x230 [ 27.009863] kunit_try_run_case+0x1a5/0x480 [ 27.009890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.009915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.009938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.009961] ? __kthread_parkme+0x82/0x180 [ 27.009984] ? preempt_count_sub+0x50/0x80 [ 27.010008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.010034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.010060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.010086] kthread+0x337/0x6f0 [ 27.010106] ? trace_preempt_on+0x20/0xc0 [ 27.010132] ? __pfx_kthread+0x10/0x10 [ 27.010153] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.010178] ? calculate_sigpending+0x7b/0xa0 [ 27.010203] ? __pfx_kthread+0x10/0x10 [ 27.010226] ret_from_fork+0x116/0x1d0 [ 27.010247] ? __pfx_kthread+0x10/0x10 [ 27.010269] ret_from_fork_asm+0x1a/0x30 [ 27.010302] </TASK> [ 27.010325] [ 27.019577] Allocated by task 333: [ 27.019735] kasan_save_stack+0x45/0x70 [ 27.019939] kasan_save_track+0x18/0x40 [ 27.020112] kasan_save_alloc_info+0x3b/0x50 [ 27.020301] __kasan_kmalloc+0xb7/0xc0 [ 27.020459] __kmalloc_noprof+0x1c9/0x500 [ 27.021093] kunit_kmalloc_array+0x25/0x60 [ 27.021272] copy_user_test_oob+0xab/0x10f0 [ 27.021666] kunit_try_run_case+0x1a5/0x480 [ 27.021879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.022237] kthread+0x337/0x6f0 [ 27.022496] ret_from_fork+0x116/0x1d0 [ 27.022641] ret_from_fork_asm+0x1a/0x30 [ 27.022843] [ 27.023093] The buggy address belongs to the object at ffff888105898a00 [ 27.023093] which belongs to the cache kmalloc-128 of size 128 [ 27.023589] The buggy address is located 0 bytes inside of [ 27.023589] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.024227] [ 27.024341] The buggy address belongs to the physical page: [ 27.024585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.024903] flags: 0x200000000000000(node=0|zone=2) [ 27.025119] page_type: f5(slab) [ 27.025268] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.025900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.026175] page dumped because: kasan: bad access detected [ 27.026520] [ 27.026632] Memory state around the buggy address: [ 27.026919] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.027252] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.027677] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.027975] ^ [ 27.028393] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.028745] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.029114] ================================================================== [ 26.989092] ================================================================== [ 26.989469] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.989851] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 26.990182] [ 26.990314] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.990367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.990382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.990408] Call Trace: [ 26.990423] <TASK> [ 26.990443] dump_stack_lvl+0x73/0xb0 [ 26.990475] print_report+0xd1/0x650 [ 26.990529] ? __virt_addr_valid+0x1db/0x2d0 [ 26.990554] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.990606] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990630] kasan_report+0x141/0x180 [ 26.990653] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990682] kasan_check_range+0x10c/0x1c0 [ 26.990705] __kasan_check_write+0x18/0x20 [ 26.990729] copy_user_test_oob+0x3fd/0x10f0 [ 26.990755] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.990778] ? finish_task_switch.isra.0+0x153/0x700 [ 26.990802] ? __switch_to+0x47/0xf50 [ 26.990830] ? __schedule+0x10cc/0x2b60 [ 26.990853] ? __pfx_read_tsc+0x10/0x10 [ 26.990877] ? ktime_get_ts64+0x86/0x230 [ 26.990904] kunit_try_run_case+0x1a5/0x480 [ 26.990931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.990954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.990978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.991001] ? __kthread_parkme+0x82/0x180 [ 26.991023] ? preempt_count_sub+0x50/0x80 [ 26.991047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.991073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.991099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.991125] kthread+0x337/0x6f0 [ 26.991146] ? trace_preempt_on+0x20/0xc0 [ 26.991170] ? __pfx_kthread+0x10/0x10 [ 26.991192] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.991217] ? calculate_sigpending+0x7b/0xa0 [ 26.991242] ? __pfx_kthread+0x10/0x10 [ 26.991265] ret_from_fork+0x116/0x1d0 [ 26.991285] ? __pfx_kthread+0x10/0x10 [ 26.991317] ret_from_fork_asm+0x1a/0x30 [ 26.991350] </TASK> [ 26.991364] [ 26.998258] Allocated by task 333: [ 26.998394] kasan_save_stack+0x45/0x70 [ 26.998656] kasan_save_track+0x18/0x40 [ 26.998843] kasan_save_alloc_info+0x3b/0x50 [ 26.999047] __kasan_kmalloc+0xb7/0xc0 [ 26.999228] __kmalloc_noprof+0x1c9/0x500 [ 26.999412] kunit_kmalloc_array+0x25/0x60 [ 26.999720] copy_user_test_oob+0xab/0x10f0 [ 26.999877] kunit_try_run_case+0x1a5/0x480 [ 27.000064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.000236] kthread+0x337/0x6f0 [ 27.000389] ret_from_fork+0x116/0x1d0 [ 27.000579] ret_from_fork_asm+0x1a/0x30 [ 27.000783] [ 27.000969] The buggy address belongs to the object at ffff888105898a00 [ 27.000969] which belongs to the cache kmalloc-128 of size 128 [ 27.001414] The buggy address is located 0 bytes inside of [ 27.001414] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.001767] [ 27.001946] The buggy address belongs to the physical page: [ 27.002193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.002559] flags: 0x200000000000000(node=0|zone=2) [ 27.002787] page_type: f5(slab) [ 27.002936] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.003184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.003482] page dumped because: kasan: bad access detected [ 27.003736] [ 27.003814] Memory state around the buggy address: [ 27.003965] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.004175] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.004448] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.004924] ^ [ 27.005503] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.005813] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.006086] ================================================================== [ 27.051512] ================================================================== [ 27.051816] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.052555] Read of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.053005] [ 27.053234] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.053287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.053302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.053336] Call Trace: [ 27.053352] <TASK> [ 27.053425] dump_stack_lvl+0x73/0xb0 [ 27.053458] print_report+0xd1/0x650 [ 27.053481] ? __virt_addr_valid+0x1db/0x2d0 [ 27.053506] ? copy_user_test_oob+0x604/0x10f0 [ 27.053530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.053557] ? copy_user_test_oob+0x604/0x10f0 [ 27.053580] kasan_report+0x141/0x180 [ 27.053603] ? copy_user_test_oob+0x604/0x10f0 [ 27.053631] kasan_check_range+0x10c/0x1c0 [ 27.053656] __kasan_check_read+0x15/0x20 [ 27.053681] copy_user_test_oob+0x604/0x10f0 [ 27.053707] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.053731] ? finish_task_switch.isra.0+0x153/0x700 [ 27.053763] ? __switch_to+0x47/0xf50 [ 27.053790] ? __schedule+0x10cc/0x2b60 [ 27.053812] ? __pfx_read_tsc+0x10/0x10 [ 27.053835] ? ktime_get_ts64+0x86/0x230 [ 27.053859] kunit_try_run_case+0x1a5/0x480 [ 27.053885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.053912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.053935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.053958] ? __kthread_parkme+0x82/0x180 [ 27.053980] ? preempt_count_sub+0x50/0x80 [ 27.054004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.054030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.054055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.054081] kthread+0x337/0x6f0 [ 27.054103] ? trace_preempt_on+0x20/0xc0 [ 27.054127] ? __pfx_kthread+0x10/0x10 [ 27.054148] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.054173] ? calculate_sigpending+0x7b/0xa0 [ 27.054197] ? __pfx_kthread+0x10/0x10 [ 27.054220] ret_from_fork+0x116/0x1d0 [ 27.054240] ? __pfx_kthread+0x10/0x10 [ 27.054262] ret_from_fork_asm+0x1a/0x30 [ 27.054294] </TASK> [ 27.054318] [ 27.063587] Allocated by task 333: [ 27.063848] kasan_save_stack+0x45/0x70 [ 27.064110] kasan_save_track+0x18/0x40 [ 27.064260] kasan_save_alloc_info+0x3b/0x50 [ 27.064488] __kasan_kmalloc+0xb7/0xc0 [ 27.064800] __kmalloc_noprof+0x1c9/0x500 [ 27.064988] kunit_kmalloc_array+0x25/0x60 [ 27.065170] copy_user_test_oob+0xab/0x10f0 [ 27.065374] kunit_try_run_case+0x1a5/0x480 [ 27.065818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.066038] kthread+0x337/0x6f0 [ 27.066204] ret_from_fork+0x116/0x1d0 [ 27.066558] ret_from_fork_asm+0x1a/0x30 [ 27.066786] [ 27.066878] The buggy address belongs to the object at ffff888105898a00 [ 27.066878] which belongs to the cache kmalloc-128 of size 128 [ 27.067464] The buggy address is located 0 bytes inside of [ 27.067464] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.068164] [ 27.068392] The buggy address belongs to the physical page: [ 27.068661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.068972] flags: 0x200000000000000(node=0|zone=2) [ 27.069191] page_type: f5(slab) [ 27.069349] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.069935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.070303] page dumped because: kasan: bad access detected [ 27.070553] [ 27.070659] Memory state around the buggy address: [ 27.071029] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.071294] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.071754] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.072121] ^ [ 27.072498] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.072757] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.073143] ================================================================== [ 27.030232] ================================================================== [ 27.030598] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.030919] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.031224] [ 27.031327] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.031376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.031391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.031414] Call Trace: [ 27.031428] <TASK> [ 27.031446] dump_stack_lvl+0x73/0xb0 [ 27.031474] print_report+0xd1/0x650 [ 27.031713] ? __virt_addr_valid+0x1db/0x2d0 [ 27.031743] ? copy_user_test_oob+0x557/0x10f0 [ 27.031866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.031899] ? copy_user_test_oob+0x557/0x10f0 [ 27.031924] kasan_report+0x141/0x180 [ 27.031948] ? copy_user_test_oob+0x557/0x10f0 [ 27.031977] kasan_check_range+0x10c/0x1c0 [ 27.032001] __kasan_check_write+0x18/0x20 [ 27.032025] copy_user_test_oob+0x557/0x10f0 [ 27.032051] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.032074] ? finish_task_switch.isra.0+0x153/0x700 [ 27.032099] ? __switch_to+0x47/0xf50 [ 27.032126] ? __schedule+0x10cc/0x2b60 [ 27.032148] ? __pfx_read_tsc+0x10/0x10 [ 27.032171] ? ktime_get_ts64+0x86/0x230 [ 27.032198] kunit_try_run_case+0x1a5/0x480 [ 27.032224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.032248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.032272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.032295] ? __kthread_parkme+0x82/0x180 [ 27.032330] ? preempt_count_sub+0x50/0x80 [ 27.032354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.032380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.032405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.032431] kthread+0x337/0x6f0 [ 27.032452] ? trace_preempt_on+0x20/0xc0 [ 27.032477] ? __pfx_kthread+0x10/0x10 [ 27.032513] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.032538] ? calculate_sigpending+0x7b/0xa0 [ 27.032564] ? __pfx_kthread+0x10/0x10 [ 27.032587] ret_from_fork+0x116/0x1d0 [ 27.032607] ? __pfx_kthread+0x10/0x10 [ 27.032629] ret_from_fork_asm+0x1a/0x30 [ 27.032661] </TASK> [ 27.032674] [ 27.041703] Allocated by task 333: [ 27.041872] kasan_save_stack+0x45/0x70 [ 27.042046] kasan_save_track+0x18/0x40 [ 27.042203] kasan_save_alloc_info+0x3b/0x50 [ 27.042410] __kasan_kmalloc+0xb7/0xc0 [ 27.042563] __kmalloc_noprof+0x1c9/0x500 [ 27.043067] kunit_kmalloc_array+0x25/0x60 [ 27.043212] copy_user_test_oob+0xab/0x10f0 [ 27.043549] kunit_try_run_case+0x1a5/0x480 [ 27.043745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.044076] kthread+0x337/0x6f0 [ 27.044230] ret_from_fork+0x116/0x1d0 [ 27.044562] ret_from_fork_asm+0x1a/0x30 [ 27.044745] [ 27.044950] The buggy address belongs to the object at ffff888105898a00 [ 27.044950] which belongs to the cache kmalloc-128 of size 128 [ 27.045539] The buggy address is located 0 bytes inside of [ 27.045539] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.046017] [ 27.046095] The buggy address belongs to the physical page: [ 27.046530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.046910] flags: 0x200000000000000(node=0|zone=2) [ 27.047135] page_type: f5(slab) [ 27.047418] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.047796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.048109] page dumped because: kasan: bad access detected [ 27.048397] [ 27.048486] Memory state around the buggy address: [ 27.048863] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.049221] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.049622] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.049906] ^ [ 27.050266] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050667] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050908] ==================================================================