Date
July 8, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.434842] ================================================================== [ 34.434896] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.434947] Read of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.435241] [ 34.435287] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.435388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.435427] Hardware name: linux,dummy-virt (DT) [ 34.435462] Call trace: [ 34.435493] show_stack+0x20/0x38 (C) [ 34.435752] dump_stack_lvl+0x8c/0xd0 [ 34.435816] print_report+0x118/0x5d0 [ 34.435867] kasan_report+0xdc/0x128 [ 34.435914] kasan_check_range+0x100/0x1a8 [ 34.435961] __kasan_check_read+0x20/0x30 [ 34.436007] copy_user_test_oob+0x3c8/0xec8 [ 34.436056] kunit_try_run_case+0x170/0x3f0 [ 34.436124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.436188] kthread+0x328/0x630 [ 34.436247] ret_from_fork+0x10/0x20 [ 34.436303] [ 34.436421] Allocated by task 316: [ 34.436453] kasan_save_stack+0x3c/0x68 [ 34.436499] kasan_save_track+0x20/0x40 [ 34.436705] kasan_save_alloc_info+0x40/0x58 [ 34.436917] __kasan_kmalloc+0xd4/0xd8 [ 34.437119] __kmalloc_noprof+0x198/0x4c8 [ 34.437188] kunit_kmalloc_array+0x34/0x88 [ 34.437265] copy_user_test_oob+0xac/0xec8 [ 34.437346] kunit_try_run_case+0x170/0x3f0 [ 34.437417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.437497] kthread+0x328/0x630 [ 34.437547] ret_from_fork+0x10/0x20 [ 34.437598] [ 34.437623] The buggy address belongs to the object at fff00000c9adfc00 [ 34.437623] which belongs to the cache kmalloc-128 of size 128 [ 34.437713] The buggy address is located 0 bytes inside of [ 34.437713] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.437904] [ 34.437928] The buggy address belongs to the physical page: [ 34.438039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.438100] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.438348] page_type: f5(slab) [ 34.438460] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.438540] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.438614] page dumped because: kasan: bad access detected [ 34.438705] [ 34.438755] Memory state around the buggy address: [ 34.438820] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.438916] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.439002] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.439068] ^ [ 34.439138] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.439249] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.439308] ================================================================== [ 34.444979] ================================================================== [ 34.445060] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.445129] Read of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.445183] [ 34.445226] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.445352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.445480] Hardware name: linux,dummy-virt (DT) [ 34.445529] Call trace: [ 34.445554] show_stack+0x20/0x38 (C) [ 34.445614] dump_stack_lvl+0x8c/0xd0 [ 34.445689] print_report+0x118/0x5d0 [ 34.445746] kasan_report+0xdc/0x128 [ 34.445804] kasan_check_range+0x100/0x1a8 [ 34.445855] __kasan_check_read+0x20/0x30 [ 34.445903] copy_user_test_oob+0x4a0/0xec8 [ 34.445951] kunit_try_run_case+0x170/0x3f0 [ 34.446009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.446065] kthread+0x328/0x630 [ 34.446120] ret_from_fork+0x10/0x20 [ 34.446170] [ 34.446190] Allocated by task 316: [ 34.446483] kasan_save_stack+0x3c/0x68 [ 34.446553] kasan_save_track+0x20/0x40 [ 34.446614] kasan_save_alloc_info+0x40/0x58 [ 34.446663] __kasan_kmalloc+0xd4/0xd8 [ 34.446714] __kmalloc_noprof+0x198/0x4c8 [ 34.446762] kunit_kmalloc_array+0x34/0x88 [ 34.446805] copy_user_test_oob+0xac/0xec8 [ 34.447016] kunit_try_run_case+0x170/0x3f0 [ 34.447074] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.447175] kthread+0x328/0x630 [ 34.447242] ret_from_fork+0x10/0x20 [ 34.447290] [ 34.447319] The buggy address belongs to the object at fff00000c9adfc00 [ 34.447319] which belongs to the cache kmalloc-128 of size 128 [ 34.447382] The buggy address is located 0 bytes inside of [ 34.447382] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.447453] [ 34.447482] The buggy address belongs to the physical page: [ 34.447531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.447592] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.447641] page_type: f5(slab) [ 34.447682] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.447735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.447778] page dumped because: kasan: bad access detected [ 34.447811] [ 34.447832] Memory state around the buggy address: [ 34.447874] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.447928] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.447981] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.448023] ^ [ 34.448063] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.448115] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.448163] ================================================================== [ 34.410174] ================================================================== [ 34.410341] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.410416] Read of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.410514] [ 34.410557] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.410736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.410764] Hardware name: linux,dummy-virt (DT) [ 34.410800] Call trace: [ 34.411137] show_stack+0x20/0x38 (C) [ 34.411201] dump_stack_lvl+0x8c/0xd0 [ 34.411306] print_report+0x118/0x5d0 [ 34.411361] kasan_report+0xdc/0x128 [ 34.411410] kasan_check_range+0x100/0x1a8 [ 34.411456] __kasan_check_read+0x20/0x30 [ 34.411504] copy_user_test_oob+0x728/0xec8 [ 34.411552] kunit_try_run_case+0x170/0x3f0 [ 34.411603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.411658] kthread+0x328/0x630 [ 34.411701] ret_from_fork+0x10/0x20 [ 34.411753] [ 34.411774] Allocated by task 316: [ 34.411805] kasan_save_stack+0x3c/0x68 [ 34.411850] kasan_save_track+0x20/0x40 [ 34.411891] kasan_save_alloc_info+0x40/0x58 [ 34.411930] __kasan_kmalloc+0xd4/0xd8 [ 34.411970] __kmalloc_noprof+0x198/0x4c8 [ 34.412011] kunit_kmalloc_array+0x34/0x88 [ 34.412052] copy_user_test_oob+0xac/0xec8 [ 34.412091] kunit_try_run_case+0x170/0x3f0 [ 34.412132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.412179] kthread+0x328/0x630 [ 34.412226] ret_from_fork+0x10/0x20 [ 34.412271] [ 34.412293] The buggy address belongs to the object at fff00000c9adfc00 [ 34.412293] which belongs to the cache kmalloc-128 of size 128 [ 34.412353] The buggy address is located 0 bytes inside of [ 34.412353] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.412419] [ 34.412441] The buggy address belongs to the physical page: [ 34.412477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.412533] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.412622] page_type: f5(slab) [ 34.413089] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.414692] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.414777] page dumped because: kasan: bad access detected [ 34.414815] [ 34.414836] Memory state around the buggy address: [ 34.414877] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.414923] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.416007] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.416375] ^ [ 34.416884] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.417399] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.417473] ================================================================== [ 34.391662] ================================================================== [ 34.392677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.393354] Write of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.393638] [ 34.394117] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.394413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.394561] Hardware name: linux,dummy-virt (DT) [ 34.395172] Call trace: [ 34.395287] show_stack+0x20/0x38 (C) [ 34.395348] dump_stack_lvl+0x8c/0xd0 [ 34.395409] print_report+0x118/0x5d0 [ 34.395556] kasan_report+0xdc/0x128 [ 34.395692] kasan_check_range+0x100/0x1a8 [ 34.396290] __kasan_check_write+0x20/0x30 [ 34.396624] copy_user_test_oob+0x234/0xec8 [ 34.396686] kunit_try_run_case+0x170/0x3f0 [ 34.396744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.396798] kthread+0x328/0x630 [ 34.396845] ret_from_fork+0x10/0x20 [ 34.396900] [ 34.397833] Allocated by task 316: [ 34.397975] kasan_save_stack+0x3c/0x68 [ 34.398036] kasan_save_track+0x20/0x40 [ 34.398374] kasan_save_alloc_info+0x40/0x58 [ 34.398420] __kasan_kmalloc+0xd4/0xd8 [ 34.398878] __kmalloc_noprof+0x198/0x4c8 [ 34.399142] kunit_kmalloc_array+0x34/0x88 [ 34.399358] copy_user_test_oob+0xac/0xec8 [ 34.399408] kunit_try_run_case+0x170/0x3f0 [ 34.399730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.399793] kthread+0x328/0x630 [ 34.400184] ret_from_fork+0x10/0x20 [ 34.400237] [ 34.400260] The buggy address belongs to the object at fff00000c9adfc00 [ 34.400260] which belongs to the cache kmalloc-128 of size 128 [ 34.400698] The buggy address is located 0 bytes inside of [ 34.400698] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.401266] [ 34.401298] The buggy address belongs to the physical page: [ 34.401336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.401411] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.401470] page_type: f5(slab) [ 34.401518] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.401571] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.401716] page dumped because: kasan: bad access detected [ 34.401889] [ 34.401911] Memory state around the buggy address: [ 34.401949] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.402002] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.402048] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.402088] ^ [ 34.402133] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.402179] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.402227] ================================================================== [ 34.439652] ================================================================== [ 34.439703] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.439763] Write of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.439936] [ 34.439975] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.440063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.440091] Hardware name: linux,dummy-virt (DT) [ 34.440244] Call trace: [ 34.440293] show_stack+0x20/0x38 (C) [ 34.440376] dump_stack_lvl+0x8c/0xd0 [ 34.440426] print_report+0x118/0x5d0 [ 34.440473] kasan_report+0xdc/0x128 [ 34.440532] kasan_check_range+0x100/0x1a8 [ 34.440755] __kasan_check_write+0x20/0x30 [ 34.440868] copy_user_test_oob+0x434/0xec8 [ 34.440962] kunit_try_run_case+0x170/0x3f0 [ 34.441065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.441122] kthread+0x328/0x630 [ 34.441176] ret_from_fork+0x10/0x20 [ 34.441236] [ 34.441257] Allocated by task 316: [ 34.441288] kasan_save_stack+0x3c/0x68 [ 34.441356] kasan_save_track+0x20/0x40 [ 34.441399] kasan_save_alloc_info+0x40/0x58 [ 34.441441] __kasan_kmalloc+0xd4/0xd8 [ 34.441484] __kmalloc_noprof+0x198/0x4c8 [ 34.441674] kunit_kmalloc_array+0x34/0x88 [ 34.441755] copy_user_test_oob+0xac/0xec8 [ 34.441842] kunit_try_run_case+0x170/0x3f0 [ 34.441896] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.441988] kthread+0x328/0x630 [ 34.442156] ret_from_fork+0x10/0x20 [ 34.442312] [ 34.442402] The buggy address belongs to the object at fff00000c9adfc00 [ 34.442402] which belongs to the cache kmalloc-128 of size 128 [ 34.442501] The buggy address is located 0 bytes inside of [ 34.442501] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.442586] [ 34.442607] The buggy address belongs to the physical page: [ 34.442640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.442708] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.442910] page_type: f5(slab) [ 34.443049] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.443145] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.443226] page dumped because: kasan: bad access detected [ 34.443281] [ 34.443512] Memory state around the buggy address: [ 34.443587] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.443652] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.443697] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.443738] ^ [ 34.443825] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.443876] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.443919] ================================================================== [ 34.428241] ================================================================== [ 34.428438] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.428615] Write of size 121 at addr fff00000c9adfc00 by task kunit_try_catch/316 [ 34.428827] [ 34.428978] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT [ 34.429188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.429389] Hardware name: linux,dummy-virt (DT) [ 34.429694] Call trace: [ 34.429779] show_stack+0x20/0x38 (C) [ 34.429852] dump_stack_lvl+0x8c/0xd0 [ 34.429953] print_report+0x118/0x5d0 [ 34.430041] kasan_report+0xdc/0x128 [ 34.430090] kasan_check_range+0x100/0x1a8 [ 34.430147] __kasan_check_write+0x20/0x30 [ 34.430195] copy_user_test_oob+0x35c/0xec8 [ 34.430655] kunit_try_run_case+0x170/0x3f0 [ 34.430832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.431023] kthread+0x328/0x630 [ 34.431131] ret_from_fork+0x10/0x20 [ 34.431182] [ 34.431203] Allocated by task 316: [ 34.431248] kasan_save_stack+0x3c/0x68 [ 34.431294] kasan_save_track+0x20/0x40 [ 34.431552] kasan_save_alloc_info+0x40/0x58 [ 34.431643] __kasan_kmalloc+0xd4/0xd8 [ 34.431762] __kmalloc_noprof+0x198/0x4c8 [ 34.431915] kunit_kmalloc_array+0x34/0x88 [ 34.431962] copy_user_test_oob+0xac/0xec8 [ 34.432045] kunit_try_run_case+0x170/0x3f0 [ 34.432150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.432228] kthread+0x328/0x630 [ 34.432264] ret_from_fork+0x10/0x20 [ 34.432302] [ 34.432364] The buggy address belongs to the object at fff00000c9adfc00 [ 34.432364] which belongs to the cache kmalloc-128 of size 128 [ 34.432603] The buggy address is located 0 bytes inside of [ 34.432603] allocated 120-byte region [fff00000c9adfc00, fff00000c9adfc78) [ 34.432670] [ 34.432904] The buggy address belongs to the physical page: [ 34.432952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109adf [ 34.433029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.433139] page_type: f5(slab) [ 34.433218] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.433272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.433316] page dumped because: kasan: bad access detected [ 34.433496] [ 34.433518] Memory state around the buggy address: [ 34.433555] fff00000c9adfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.433600] fff00000c9adfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.433951] >fff00000c9adfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.434024] ^ [ 34.434082] fff00000c9adfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.434167] fff00000c9adfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.434265] ==================================================================
[ 27.710255] ================================================================== [ 27.711414] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.712088] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.712993] [ 27.713232] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.713296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.713311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.713337] Call Trace: [ 27.713370] <TASK> [ 27.713394] dump_stack_lvl+0x73/0xb0 [ 27.713439] print_report+0xd1/0x610 [ 27.713464] ? __virt_addr_valid+0x1db/0x2d0 [ 27.713491] ? copy_user_test_oob+0x557/0x10f0 [ 27.713517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.713547] ? copy_user_test_oob+0x557/0x10f0 [ 27.713573] kasan_report+0x141/0x180 [ 27.713597] ? copy_user_test_oob+0x557/0x10f0 [ 27.713628] kasan_check_range+0x10c/0x1c0 [ 27.713655] __kasan_check_write+0x18/0x20 [ 27.713683] copy_user_test_oob+0x557/0x10f0 [ 27.713720] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.713746] ? finish_task_switch.isra.0+0x153/0x700 [ 27.713773] ? __switch_to+0x47/0xf50 [ 27.713817] ? __schedule+0x10cc/0x2b60 [ 27.713850] ? __pfx_read_tsc+0x10/0x10 [ 27.713876] ? ktime_get_ts64+0x86/0x230 [ 27.713905] kunit_try_run_case+0x1a5/0x480 [ 27.713930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.713952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.713975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.714006] ? __kthread_parkme+0x82/0x180 [ 27.714038] ? preempt_count_sub+0x50/0x80 [ 27.714063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.714097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.714126] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.714154] kthread+0x337/0x6f0 [ 27.714177] ? trace_preempt_on+0x20/0xc0 [ 27.714216] ? __pfx_kthread+0x10/0x10 [ 27.714247] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.714277] ? calculate_sigpending+0x7b/0xa0 [ 27.714306] ? __pfx_kthread+0x10/0x10 [ 27.714330] ret_from_fork+0x116/0x1d0 [ 27.714352] ? __pfx_kthread+0x10/0x10 [ 27.714375] ret_from_fork_asm+0x1a/0x30 [ 27.714411] </TASK> [ 27.714424] [ 27.725927] Allocated by task 333: [ 27.726135] kasan_save_stack+0x45/0x70 [ 27.726297] kasan_save_track+0x18/0x40 [ 27.726479] kasan_save_alloc_info+0x3b/0x50 [ 27.726646] __kasan_kmalloc+0xb7/0xc0 [ 27.726808] __kmalloc_noprof+0x1c9/0x500 [ 27.726950] kunit_kmalloc_array+0x25/0x60 [ 27.727082] copy_user_test_oob+0xab/0x10f0 [ 27.727281] kunit_try_run_case+0x1a5/0x480 [ 27.727624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.727875] kthread+0x337/0x6f0 [ 27.728133] ret_from_fork+0x116/0x1d0 [ 27.728282] ret_from_fork_asm+0x1a/0x30 [ 27.728420] [ 27.728485] The buggy address belongs to the object at ffff8881062af800 [ 27.728485] which belongs to the cache kmalloc-128 of size 128 [ 27.728926] The buggy address is located 0 bytes inside of [ 27.728926] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.729447] [ 27.729562] The buggy address belongs to the physical page: [ 27.729771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.730185] flags: 0x200000000000000(node=0|zone=2) [ 27.730402] page_type: f5(slab) [ 27.730518] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.730734] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.731003] page dumped because: kasan: bad access detected [ 27.731256] [ 27.731344] Memory state around the buggy address: [ 27.731567] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.731889] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.732185] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.732469] ^ [ 27.732734] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733070] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733354] ================================================================== [ 27.733813] ================================================================== [ 27.734086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.734424] Read of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.734767] [ 27.734891] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.734942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.734955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.734981] Call Trace: [ 27.734999] <TASK> [ 27.735020] dump_stack_lvl+0x73/0xb0 [ 27.735049] print_report+0xd1/0x610 [ 27.735073] ? __virt_addr_valid+0x1db/0x2d0 [ 27.735099] ? copy_user_test_oob+0x604/0x10f0 [ 27.735124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.735154] ? copy_user_test_oob+0x604/0x10f0 [ 27.735180] kasan_report+0x141/0x180 [ 27.735204] ? copy_user_test_oob+0x604/0x10f0 [ 27.735235] kasan_check_range+0x10c/0x1c0 [ 27.735273] __kasan_check_read+0x15/0x20 [ 27.735300] copy_user_test_oob+0x604/0x10f0 [ 27.735328] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.735354] ? finish_task_switch.isra.0+0x153/0x700 [ 27.735378] ? __switch_to+0x47/0xf50 [ 27.735408] ? __schedule+0x10cc/0x2b60 [ 27.735438] ? __pfx_read_tsc+0x10/0x10 [ 27.735463] ? ktime_get_ts64+0x86/0x230 [ 27.735491] kunit_try_run_case+0x1a5/0x480 [ 27.735515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.735560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.735590] ? __kthread_parkme+0x82/0x180 [ 27.735613] ? preempt_count_sub+0x50/0x80 [ 27.735638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.735689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.735717] kthread+0x337/0x6f0 [ 27.735740] ? trace_preempt_on+0x20/0xc0 [ 27.735765] ? __pfx_kthread+0x10/0x10 [ 27.735790] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.735825] ? calculate_sigpending+0x7b/0xa0 [ 27.735853] ? __pfx_kthread+0x10/0x10 [ 27.735878] ret_from_fork+0x116/0x1d0 [ 27.735899] ? __pfx_kthread+0x10/0x10 [ 27.735922] ret_from_fork_asm+0x1a/0x30 [ 27.735957] </TASK> [ 27.735970] [ 27.742457] Allocated by task 333: [ 27.742641] kasan_save_stack+0x45/0x70 [ 27.742858] kasan_save_track+0x18/0x40 [ 27.743038] kasan_save_alloc_info+0x3b/0x50 [ 27.743198] __kasan_kmalloc+0xb7/0xc0 [ 27.743332] __kmalloc_noprof+0x1c9/0x500 [ 27.743468] kunit_kmalloc_array+0x25/0x60 [ 27.743600] copy_user_test_oob+0xab/0x10f0 [ 27.743737] kunit_try_run_case+0x1a5/0x480 [ 27.743870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.744122] kthread+0x337/0x6f0 [ 27.744298] ret_from_fork+0x116/0x1d0 [ 27.744487] ret_from_fork_asm+0x1a/0x30 [ 27.744691] [ 27.744785] The buggy address belongs to the object at ffff8881062af800 [ 27.744785] which belongs to the cache kmalloc-128 of size 128 [ 27.745586] The buggy address is located 0 bytes inside of [ 27.745586] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.746101] [ 27.746188] The buggy address belongs to the physical page: [ 27.746413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.746702] flags: 0x200000000000000(node=0|zone=2) [ 27.746908] page_type: f5(slab) [ 27.747026] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.747359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.747661] page dumped because: kasan: bad access detected [ 27.747819] [ 27.747880] Memory state around the buggy address: [ 27.748024] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.748226] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.749541] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.749909] ^ [ 27.750221] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.750542] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.751155] ================================================================== [ 27.676047] ================================================================== [ 27.676914] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.677174] Read of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.677418] [ 27.677508] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.677563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.677577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.677601] Call Trace: [ 27.677624] <TASK> [ 27.677646] dump_stack_lvl+0x73/0xb0 [ 27.677679] print_report+0xd1/0x610 [ 27.677703] ? __virt_addr_valid+0x1db/0x2d0 [ 27.677729] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.677784] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677810] kasan_report+0x141/0x180 [ 27.677833] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677863] kasan_check_range+0x10c/0x1c0 [ 27.677889] __kasan_check_read+0x15/0x20 [ 27.677915] copy_user_test_oob+0x4aa/0x10f0 [ 27.677943] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.677968] ? finish_task_switch.isra.0+0x153/0x700 [ 27.677991] ? __switch_to+0x47/0xf50 [ 27.678021] ? __schedule+0x10cc/0x2b60 [ 27.678051] ? __pfx_read_tsc+0x10/0x10 [ 27.678076] ? ktime_get_ts64+0x86/0x230 [ 27.678104] kunit_try_run_case+0x1a5/0x480 [ 27.678127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.678148] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.678172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.678201] ? __kthread_parkme+0x82/0x180 [ 27.678223] ? preempt_count_sub+0x50/0x80 [ 27.678265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.678288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.678315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.678344] kthread+0x337/0x6f0 [ 27.678366] ? trace_preempt_on+0x20/0xc0 [ 27.678392] ? __pfx_kthread+0x10/0x10 [ 27.678415] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.678443] ? calculate_sigpending+0x7b/0xa0 [ 27.678472] ? __pfx_kthread+0x10/0x10 [ 27.678497] ret_from_fork+0x116/0x1d0 [ 27.678518] ? __pfx_kthread+0x10/0x10 [ 27.678541] ret_from_fork_asm+0x1a/0x30 [ 27.678575] </TASK> [ 27.678588] [ 27.696669] Allocated by task 333: [ 27.697179] kasan_save_stack+0x45/0x70 [ 27.697516] kasan_save_track+0x18/0x40 [ 27.697808] kasan_save_alloc_info+0x3b/0x50 [ 27.697972] __kasan_kmalloc+0xb7/0xc0 [ 27.698097] __kmalloc_noprof+0x1c9/0x500 [ 27.698233] kunit_kmalloc_array+0x25/0x60 [ 27.698598] copy_user_test_oob+0xab/0x10f0 [ 27.699034] kunit_try_run_case+0x1a5/0x480 [ 27.699446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.699995] kthread+0x337/0x6f0 [ 27.700309] ret_from_fork+0x116/0x1d0 [ 27.700575] ret_from_fork_asm+0x1a/0x30 [ 27.700889] [ 27.700958] The buggy address belongs to the object at ffff8881062af800 [ 27.700958] which belongs to the cache kmalloc-128 of size 128 [ 27.701320] The buggy address is located 0 bytes inside of [ 27.701320] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.701655] [ 27.701724] The buggy address belongs to the physical page: [ 27.702040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.702722] flags: 0x200000000000000(node=0|zone=2) [ 27.703263] page_type: f5(slab) [ 27.703579] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.704411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.705259] page dumped because: kasan: bad access detected [ 27.705810] [ 27.705970] Memory state around the buggy address: [ 27.706424] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.707067] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.707688] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.707992] ^ [ 27.708822] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.709249] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.709454] ================================================================== [ 27.655855] ================================================================== [ 27.656187] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.656511] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.656788] [ 27.656923] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.656977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.656991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.657016] Call Trace: [ 27.657032] <TASK> [ 27.657065] dump_stack_lvl+0x73/0xb0 [ 27.657098] print_report+0xd1/0x610 [ 27.657124] ? __virt_addr_valid+0x1db/0x2d0 [ 27.657152] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.657214] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657251] kasan_report+0x141/0x180 [ 27.657276] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657307] kasan_check_range+0x10c/0x1c0 [ 27.657333] __kasan_check_write+0x18/0x20 [ 27.657362] copy_user_test_oob+0x3fd/0x10f0 [ 27.657391] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.657417] ? finish_task_switch.isra.0+0x153/0x700 [ 27.657441] ? __switch_to+0x47/0xf50 [ 27.657472] ? __schedule+0x10cc/0x2b60 [ 27.657503] ? __pfx_read_tsc+0x10/0x10 [ 27.657529] ? ktime_get_ts64+0x86/0x230 [ 27.657558] kunit_try_run_case+0x1a5/0x480 [ 27.657582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.657604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.657628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.657659] ? __kthread_parkme+0x82/0x180 [ 27.657682] ? preempt_count_sub+0x50/0x80 [ 27.657707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.657730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.657759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.657788] kthread+0x337/0x6f0 [ 27.657811] ? trace_preempt_on+0x20/0xc0 [ 27.657848] ? __pfx_kthread+0x10/0x10 [ 27.657873] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.657901] ? calculate_sigpending+0x7b/0xa0 [ 27.657930] ? __pfx_kthread+0x10/0x10 [ 27.657956] ret_from_fork+0x116/0x1d0 [ 27.657977] ? __pfx_kthread+0x10/0x10 [ 27.658002] ret_from_fork_asm+0x1a/0x30 [ 27.658037] </TASK> [ 27.658050] [ 27.664601] Allocated by task 333: [ 27.664785] kasan_save_stack+0x45/0x70 [ 27.664999] kasan_save_track+0x18/0x40 [ 27.665184] kasan_save_alloc_info+0x3b/0x50 [ 27.665408] __kasan_kmalloc+0xb7/0xc0 [ 27.665592] __kmalloc_noprof+0x1c9/0x500 [ 27.665790] kunit_kmalloc_array+0x25/0x60 [ 27.666006] copy_user_test_oob+0xab/0x10f0 [ 27.666208] kunit_try_run_case+0x1a5/0x480 [ 27.666401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.666609] kthread+0x337/0x6f0 [ 27.666767] ret_from_fork+0x116/0x1d0 [ 27.666983] ret_from_fork_asm+0x1a/0x30 [ 27.667122] [ 27.667211] The buggy address belongs to the object at ffff8881062af800 [ 27.667211] which belongs to the cache kmalloc-128 of size 128 [ 27.667709] The buggy address is located 0 bytes inside of [ 27.667709] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.668136] [ 27.668205] The buggy address belongs to the physical page: [ 27.668387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.668625] flags: 0x200000000000000(node=0|zone=2) [ 27.668849] page_type: f5(slab) [ 27.669012] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.669356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.669692] page dumped because: kasan: bad access detected [ 27.669960] [ 27.670045] Memory state around the buggy address: [ 27.670224] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.670447] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.670661] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.670893] ^ [ 27.671205] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.671530] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.672453] ==================================================================