Date
July 9, 2025, 1:08 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 32.534808] ================================================================== [ 32.535852] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.536118] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.536189] [ 32.536482] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.537140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.537232] Hardware name: linux,dummy-virt (DT) [ 32.537382] Call trace: [ 32.537429] show_stack+0x20/0x38 (C) [ 32.537861] dump_stack_lvl+0x8c/0xd0 [ 32.538279] print_report+0x118/0x5d0 [ 32.538459] kasan_report+0xdc/0x128 [ 32.538782] kasan_check_range+0x100/0x1a8 [ 32.539117] __kasan_check_write+0x20/0x30 [ 32.539277] copy_user_test_oob+0x234/0xec8 [ 32.539365] kunit_try_run_case+0x170/0x3f0 [ 32.539539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.539657] kthread+0x328/0x630 [ 32.539971] ret_from_fork+0x10/0x20 [ 32.540095] [ 32.540276] Allocated by task 317: [ 32.540328] kasan_save_stack+0x3c/0x68 [ 32.540379] kasan_save_track+0x20/0x40 [ 32.540425] kasan_save_alloc_info+0x40/0x58 [ 32.540715] __kasan_kmalloc+0xd4/0xd8 [ 32.540851] __kmalloc_noprof+0x198/0x4c8 [ 32.541003] kunit_kmalloc_array+0x34/0x88 [ 32.541142] copy_user_test_oob+0xac/0xec8 [ 32.541465] kunit_try_run_case+0x170/0x3f0 [ 32.541540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.541679] kthread+0x328/0x630 [ 32.541857] ret_from_fork+0x10/0x20 [ 32.541941] [ 32.541972] The buggy address belongs to the object at fff00000c9c2a300 [ 32.541972] which belongs to the cache kmalloc-128 of size 128 [ 32.542044] The buggy address is located 0 bytes inside of [ 32.542044] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.542541] [ 32.542685] The buggy address belongs to the physical page: [ 32.542769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.542979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.543202] page_type: f5(slab) [ 32.543265] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.543515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.543669] page dumped because: kasan: bad access detected [ 32.543767] [ 32.543837] Memory state around the buggy address: [ 32.543973] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.544031] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544270] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.544467] ^ [ 32.544641] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544726] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.544871] ================================================================== [ 32.575094] ================================================================== [ 32.575148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.575202] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.575254] [ 32.575466] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.575998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.576040] Hardware name: linux,dummy-virt (DT) [ 32.576096] Call trace: [ 32.576126] show_stack+0x20/0x38 (C) [ 32.576187] dump_stack_lvl+0x8c/0xd0 [ 32.576236] print_report+0x118/0x5d0 [ 32.576285] kasan_report+0xdc/0x128 [ 32.576330] kasan_check_range+0x100/0x1a8 [ 32.576941] __kasan_check_read+0x20/0x30 [ 32.577018] copy_user_test_oob+0x3c8/0xec8 [ 32.577164] kunit_try_run_case+0x170/0x3f0 [ 32.577366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.577524] kthread+0x328/0x630 [ 32.577572] ret_from_fork+0x10/0x20 [ 32.577911] [ 32.578077] Allocated by task 317: [ 32.578129] kasan_save_stack+0x3c/0x68 [ 32.578350] kasan_save_track+0x20/0x40 [ 32.578527] kasan_save_alloc_info+0x40/0x58 [ 32.578667] __kasan_kmalloc+0xd4/0xd8 [ 32.578786] __kmalloc_noprof+0x198/0x4c8 [ 32.579186] kunit_kmalloc_array+0x34/0x88 [ 32.579272] copy_user_test_oob+0xac/0xec8 [ 32.579506] kunit_try_run_case+0x170/0x3f0 [ 32.579778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.579914] kthread+0x328/0x630 [ 32.580012] ret_from_fork+0x10/0x20 [ 32.580177] [ 32.580212] The buggy address belongs to the object at fff00000c9c2a300 [ 32.580212] which belongs to the cache kmalloc-128 of size 128 [ 32.580290] The buggy address is located 0 bytes inside of [ 32.580290] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.580355] [ 32.580714] The buggy address belongs to the physical page: [ 32.581090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.581228] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.581284] page_type: f5(slab) [ 32.581326] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.581832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.582146] page dumped because: kasan: bad access detected [ 32.582245] [ 32.582326] Memory state around the buggy address: [ 32.582732] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.583086] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583256] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.583300] ^ [ 32.583690] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583743] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.583785] ================================================================== [ 32.568797] ================================================================== [ 32.569218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.569287] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.569400] [ 32.569456] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.569553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.569581] Hardware name: linux,dummy-virt (DT) [ 32.569676] Call trace: [ 32.569703] show_stack+0x20/0x38 (C) [ 32.569783] dump_stack_lvl+0x8c/0xd0 [ 32.570106] print_report+0x118/0x5d0 [ 32.570209] kasan_report+0xdc/0x128 [ 32.570260] kasan_check_range+0x100/0x1a8 [ 32.570307] __kasan_check_write+0x20/0x30 [ 32.570374] copy_user_test_oob+0x35c/0xec8 [ 32.570427] kunit_try_run_case+0x170/0x3f0 [ 32.570482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.570832] kthread+0x328/0x630 [ 32.570902] ret_from_fork+0x10/0x20 [ 32.571086] [ 32.571113] Allocated by task 317: [ 32.571319] kasan_save_stack+0x3c/0x68 [ 32.571455] kasan_save_track+0x20/0x40 [ 32.571544] kasan_save_alloc_info+0x40/0x58 [ 32.571584] __kasan_kmalloc+0xd4/0xd8 [ 32.571624] __kmalloc_noprof+0x198/0x4c8 [ 32.571779] kunit_kmalloc_array+0x34/0x88 [ 32.571825] copy_user_test_oob+0xac/0xec8 [ 32.571871] kunit_try_run_case+0x170/0x3f0 [ 32.571912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.571959] kthread+0x328/0x630 [ 32.571995] ret_from_fork+0x10/0x20 [ 32.572032] [ 32.572064] The buggy address belongs to the object at fff00000c9c2a300 [ 32.572064] which belongs to the cache kmalloc-128 of size 128 [ 32.572367] The buggy address is located 0 bytes inside of [ 32.572367] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.572804] [ 32.572840] The buggy address belongs to the physical page: [ 32.572876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.572931] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.573034] page_type: f5(slab) [ 32.573116] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.573170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.573216] page dumped because: kasan: bad access detected [ 32.573260] [ 32.573287] Memory state around the buggy address: [ 32.573326] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.573375] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573421] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.573461] ^ [ 32.573515] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573578] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.573628] ================================================================== [ 32.585334] ================================================================== [ 32.585389] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.585440] Write of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.585496] [ 32.585806] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.586158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.586188] Hardware name: linux,dummy-virt (DT) [ 32.586365] Call trace: [ 32.586542] show_stack+0x20/0x38 (C) [ 32.586626] dump_stack_lvl+0x8c/0xd0 [ 32.586830] print_report+0x118/0x5d0 [ 32.586995] kasan_report+0xdc/0x128 [ 32.587205] kasan_check_range+0x100/0x1a8 [ 32.587375] __kasan_check_write+0x20/0x30 [ 32.587436] copy_user_test_oob+0x434/0xec8 [ 32.587622] kunit_try_run_case+0x170/0x3f0 [ 32.587959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.588018] kthread+0x328/0x630 [ 32.588074] ret_from_fork+0x10/0x20 [ 32.588174] [ 32.588299] Allocated by task 317: [ 32.588506] kasan_save_stack+0x3c/0x68 [ 32.588641] kasan_save_track+0x20/0x40 [ 32.588794] kasan_save_alloc_info+0x40/0x58 [ 32.588992] __kasan_kmalloc+0xd4/0xd8 [ 32.589127] __kmalloc_noprof+0x198/0x4c8 [ 32.589230] kunit_kmalloc_array+0x34/0x88 [ 32.589327] copy_user_test_oob+0xac/0xec8 [ 32.589502] kunit_try_run_case+0x170/0x3f0 [ 32.589547] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.589592] kthread+0x328/0x630 [ 32.589803] ret_from_fork+0x10/0x20 [ 32.589973] [ 32.590196] The buggy address belongs to the object at fff00000c9c2a300 [ 32.590196] which belongs to the cache kmalloc-128 of size 128 [ 32.590411] The buggy address is located 0 bytes inside of [ 32.590411] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.590482] [ 32.590504] The buggy address belongs to the physical page: [ 32.590985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.591378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.591464] page_type: f5(slab) [ 32.591520] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.591597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.591879] page dumped because: kasan: bad access detected [ 32.592001] [ 32.592064] Memory state around the buggy address: [ 32.592383] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.592452] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592666] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.592779] ^ [ 32.593192] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.593275] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.593407] ================================================================== [ 32.598030] ================================================================== [ 32.598096] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.598150] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.598204] [ 32.598236] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.598345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.598376] Hardware name: linux,dummy-virt (DT) [ 32.598410] Call trace: [ 32.598434] show_stack+0x20/0x38 (C) [ 32.598484] dump_stack_lvl+0x8c/0xd0 [ 32.598546] print_report+0x118/0x5d0 [ 32.598592] kasan_report+0xdc/0x128 [ 32.598636] kasan_check_range+0x100/0x1a8 [ 32.598683] __kasan_check_read+0x20/0x30 [ 32.598730] copy_user_test_oob+0x4a0/0xec8 [ 32.598782] kunit_try_run_case+0x170/0x3f0 [ 32.598832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.598887] kthread+0x328/0x630 [ 32.598929] ret_from_fork+0x10/0x20 [ 32.598978] [ 32.598998] Allocated by task 317: [ 32.599037] kasan_save_stack+0x3c/0x68 [ 32.600772] kasan_save_track+0x20/0x40 [ 32.600945] kasan_save_alloc_info+0x40/0x58 [ 32.601143] __kasan_kmalloc+0xd4/0xd8 [ 32.601658] __kmalloc_noprof+0x198/0x4c8 [ 32.601767] kunit_kmalloc_array+0x34/0x88 [ 32.602038] copy_user_test_oob+0xac/0xec8 [ 32.602384] kunit_try_run_case+0x170/0x3f0 [ 32.602490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.602648] kthread+0x328/0x630 [ 32.602761] ret_from_fork+0x10/0x20 [ 32.602849] [ 32.602934] The buggy address belongs to the object at fff00000c9c2a300 [ 32.602934] which belongs to the cache kmalloc-128 of size 128 [ 32.603097] The buggy address is located 0 bytes inside of [ 32.603097] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.603224] [ 32.603302] The buggy address belongs to the physical page: [ 32.603427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.603492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.603548] page_type: f5(slab) [ 32.603896] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.603989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.604317] page dumped because: kasan: bad access detected [ 32.604400] [ 32.604424] Memory state around the buggy address: [ 32.604461] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.604532] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.604578] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.604889] ^ [ 32.605015] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.605339] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.605608] ================================================================== [ 32.551662] ================================================================== [ 32.551764] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.552233] Read of size 121 at addr fff00000c9c2a300 by task kunit_try_catch/317 [ 32.552288] [ 32.552796] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT [ 32.553040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.553121] Hardware name: linux,dummy-virt (DT) [ 32.553285] Call trace: [ 32.553347] show_stack+0x20/0x38 (C) [ 32.553753] dump_stack_lvl+0x8c/0xd0 [ 32.553879] print_report+0x118/0x5d0 [ 32.553987] kasan_report+0xdc/0x128 [ 32.554089] kasan_check_range+0x100/0x1a8 [ 32.554267] __kasan_check_read+0x20/0x30 [ 32.554350] copy_user_test_oob+0x728/0xec8 [ 32.554727] kunit_try_run_case+0x170/0x3f0 [ 32.554843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.555220] kthread+0x328/0x630 [ 32.555304] ret_from_fork+0x10/0x20 [ 32.555772] [ 32.556144] Allocated by task 317: [ 32.556194] kasan_save_stack+0x3c/0x68 [ 32.556248] kasan_save_track+0x20/0x40 [ 32.556289] kasan_save_alloc_info+0x40/0x58 [ 32.556442] __kasan_kmalloc+0xd4/0xd8 [ 32.556692] __kmalloc_noprof+0x198/0x4c8 [ 32.557003] kunit_kmalloc_array+0x34/0x88 [ 32.557215] copy_user_test_oob+0xac/0xec8 [ 32.557289] kunit_try_run_case+0x170/0x3f0 [ 32.557556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.557795] kthread+0x328/0x630 [ 32.557932] ret_from_fork+0x10/0x20 [ 32.558040] [ 32.558160] The buggy address belongs to the object at fff00000c9c2a300 [ 32.558160] which belongs to the cache kmalloc-128 of size 128 [ 32.558257] The buggy address is located 0 bytes inside of [ 32.558257] allocated 120-byte region [fff00000c9c2a300, fff00000c9c2a378) [ 32.558428] [ 32.558526] The buggy address belongs to the physical page: [ 32.558585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2a [ 32.558702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.558848] page_type: f5(slab) [ 32.559273] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.559634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.559736] page dumped because: kasan: bad access detected [ 32.559901] [ 32.559934] Memory state around the buggy address: [ 32.559972] fff00000c9c2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.560164] fff00000c9c2a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560352] >fff00000c9c2a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.560425] ^ [ 32.560501] fff00000c9c2a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560737] fff00000c9c2a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.560873] ==================================================================
[ 28.082499] ================================================================== [ 28.082936] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.083206] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.083465] [ 28.083543] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.083593] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.083607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.083628] Call Trace: [ 28.083645] <TASK> [ 28.083664] dump_stack_lvl+0x73/0xb0 [ 28.083704] print_report+0xd1/0x610 [ 28.083727] ? __virt_addr_valid+0x1db/0x2d0 [ 28.083752] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083776] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.083802] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083830] kasan_report+0x141/0x180 [ 28.083852] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083881] kasan_check_range+0x10c/0x1c0 [ 28.083906] __kasan_check_read+0x15/0x20 [ 28.083931] copy_user_test_oob+0x4aa/0x10f0 [ 28.083956] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.083980] ? finish_task_switch.isra.0+0x153/0x700 [ 28.084003] ? __switch_to+0x47/0xf80 [ 28.085774] ? __schedule+0x10cc/0x2b60 [ 28.085821] ? __pfx_read_tsc+0x10/0x10 [ 28.085847] ? ktime_get_ts64+0x86/0x230 [ 28.085877] kunit_try_run_case+0x1a5/0x480 [ 28.085902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.085924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.085950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.085975] ? __kthread_parkme+0x82/0x180 [ 28.085998] ? preempt_count_sub+0x50/0x80 [ 28.086024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.086047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.086100] kthread+0x337/0x6f0 [ 28.086121] ? trace_preempt_on+0x20/0xc0 [ 28.086145] ? __pfx_kthread+0x10/0x10 [ 28.086166] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.086190] ? calculate_sigpending+0x7b/0xa0 [ 28.086215] ? __pfx_kthread+0x10/0x10 [ 28.086237] ret_from_fork+0x116/0x1d0 [ 28.086258] ? __pfx_kthread+0x10/0x10 [ 28.086280] ret_from_fork_asm+0x1a/0x30 [ 28.086313] </TASK> [ 28.086326] [ 28.097347] Allocated by task 335: [ 28.097483] kasan_save_stack+0x45/0x70 [ 28.097634] kasan_save_track+0x18/0x40 [ 28.098246] kasan_save_alloc_info+0x3b/0x50 [ 28.098449] __kasan_kmalloc+0xb7/0xc0 [ 28.098630] __kmalloc_noprof+0x1c9/0x500 [ 28.098845] kunit_kmalloc_array+0x25/0x60 [ 28.099050] copy_user_test_oob+0xab/0x10f0 [ 28.099709] kunit_try_run_case+0x1a5/0x480 [ 28.100222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.100592] kthread+0x337/0x6f0 [ 28.100823] ret_from_fork+0x116/0x1d0 [ 28.101235] ret_from_fork_asm+0x1a/0x30 [ 28.101380] [ 28.101447] The buggy address belongs to the object at ffff8881060ac600 [ 28.101447] which belongs to the cache kmalloc-128 of size 128 [ 28.101828] The buggy address is located 0 bytes inside of [ 28.101828] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.102643] [ 28.102772] The buggy address belongs to the physical page: [ 28.103137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.103468] flags: 0x200000000000000(node=0|zone=2) [ 28.103678] page_type: f5(slab) [ 28.103857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.104390] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.104802] page dumped because: kasan: bad access detected [ 28.105024] [ 28.105274] Memory state around the buggy address: [ 28.105461] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.105885] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.106247] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.106611] ^ [ 28.106959] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.107365] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.107690] ================================================================== [ 28.109473] ================================================================== [ 28.109797] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.110163] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.110526] [ 28.110644] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.110728] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.110743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.110789] Call Trace: [ 28.110819] <TASK> [ 28.110840] dump_stack_lvl+0x73/0xb0 [ 28.110908] print_report+0xd1/0x610 [ 28.110934] ? __virt_addr_valid+0x1db/0x2d0 [ 28.110959] ? copy_user_test_oob+0x557/0x10f0 [ 28.110994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.111020] ? copy_user_test_oob+0x557/0x10f0 [ 28.111045] kasan_report+0x141/0x180 [ 28.111067] ? copy_user_test_oob+0x557/0x10f0 [ 28.111096] kasan_check_range+0x10c/0x1c0 [ 28.111120] __kasan_check_write+0x18/0x20 [ 28.111171] copy_user_test_oob+0x557/0x10f0 [ 28.111196] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.111220] ? finish_task_switch.isra.0+0x153/0x700 [ 28.111254] ? __switch_to+0x47/0xf80 [ 28.111280] ? __schedule+0x10cc/0x2b60 [ 28.111305] ? __pfx_read_tsc+0x10/0x10 [ 28.111327] ? ktime_get_ts64+0x86/0x230 [ 28.111353] kunit_try_run_case+0x1a5/0x480 [ 28.111375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.111421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.111445] ? __kthread_parkme+0x82/0x180 [ 28.111467] ? preempt_count_sub+0x50/0x80 [ 28.111492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.111539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.111566] kthread+0x337/0x6f0 [ 28.111586] ? trace_preempt_on+0x20/0xc0 [ 28.111609] ? __pfx_kthread+0x10/0x10 [ 28.111631] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.111654] ? calculate_sigpending+0x7b/0xa0 [ 28.111679] ? __pfx_kthread+0x10/0x10 [ 28.111710] ret_from_fork+0x116/0x1d0 [ 28.111730] ? __pfx_kthread+0x10/0x10 [ 28.111752] ret_from_fork_asm+0x1a/0x30 [ 28.111797] </TASK> [ 28.111816] [ 28.119548] Allocated by task 335: [ 28.119674] kasan_save_stack+0x45/0x70 [ 28.119826] kasan_save_track+0x18/0x40 [ 28.119952] kasan_save_alloc_info+0x3b/0x50 [ 28.120203] __kasan_kmalloc+0xb7/0xc0 [ 28.120383] __kmalloc_noprof+0x1c9/0x500 [ 28.120577] kunit_kmalloc_array+0x25/0x60 [ 28.120780] copy_user_test_oob+0xab/0x10f0 [ 28.120978] kunit_try_run_case+0x1a5/0x480 [ 28.121146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.121424] kthread+0x337/0x6f0 [ 28.121622] ret_from_fork+0x116/0x1d0 [ 28.121826] ret_from_fork_asm+0x1a/0x30 [ 28.122051] [ 28.122156] The buggy address belongs to the object at ffff8881060ac600 [ 28.122156] which belongs to the cache kmalloc-128 of size 128 [ 28.122991] The buggy address is located 0 bytes inside of [ 28.122991] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.123344] [ 28.123410] The buggy address belongs to the physical page: [ 28.123579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.124668] flags: 0x200000000000000(node=0|zone=2) [ 28.125150] page_type: f5(slab) [ 28.125478] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.126088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.126493] page dumped because: kasan: bad access detected [ 28.126731] [ 28.127101] Memory state around the buggy address: [ 28.127553] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.128303] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.128751] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.129074] ^ [ 28.129348] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.129632] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.130331] ================================================================== [ 28.065398] ================================================================== [ 28.065740] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.066097] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.066394] [ 28.066491] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.066545] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.066560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.066583] Call Trace: [ 28.066599] <TASK> [ 28.066619] dump_stack_lvl+0x73/0xb0 [ 28.066652] print_report+0xd1/0x610 [ 28.066675] ? __virt_addr_valid+0x1db/0x2d0 [ 28.066714] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066738] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.066765] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066805] kasan_report+0x141/0x180 [ 28.066828] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066857] kasan_check_range+0x10c/0x1c0 [ 28.066880] __kasan_check_write+0x18/0x20 [ 28.066905] copy_user_test_oob+0x3fd/0x10f0 [ 28.066931] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.066954] ? finish_task_switch.isra.0+0x153/0x700 [ 28.066978] ? __switch_to+0x47/0xf80 [ 28.067006] ? __schedule+0x10cc/0x2b60 [ 28.067031] ? __pfx_read_tsc+0x10/0x10 [ 28.067053] ? ktime_get_ts64+0x86/0x230 [ 28.067079] kunit_try_run_case+0x1a5/0x480 [ 28.067102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.067124] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.067148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.067173] ? __kthread_parkme+0x82/0x180 [ 28.067196] ? preempt_count_sub+0x50/0x80 [ 28.067219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.067243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.067269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.067295] kthread+0x337/0x6f0 [ 28.067316] ? trace_preempt_on+0x20/0xc0 [ 28.067340] ? __pfx_kthread+0x10/0x10 [ 28.067362] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.067386] ? calculate_sigpending+0x7b/0xa0 [ 28.067411] ? __pfx_kthread+0x10/0x10 [ 28.067433] ret_from_fork+0x116/0x1d0 [ 28.067454] ? __pfx_kthread+0x10/0x10 [ 28.067476] ret_from_fork_asm+0x1a/0x30 [ 28.067509] </TASK> [ 28.067522] [ 28.074411] Allocated by task 335: [ 28.074584] kasan_save_stack+0x45/0x70 [ 28.074822] kasan_save_track+0x18/0x40 [ 28.075009] kasan_save_alloc_info+0x3b/0x50 [ 28.075211] __kasan_kmalloc+0xb7/0xc0 [ 28.075394] __kmalloc_noprof+0x1c9/0x500 [ 28.075593] kunit_kmalloc_array+0x25/0x60 [ 28.075828] copy_user_test_oob+0xab/0x10f0 [ 28.076021] kunit_try_run_case+0x1a5/0x480 [ 28.076193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.076419] kthread+0x337/0x6f0 [ 28.076561] ret_from_fork+0x116/0x1d0 [ 28.076738] ret_from_fork_asm+0x1a/0x30 [ 28.076937] [ 28.077033] The buggy address belongs to the object at ffff8881060ac600 [ 28.077033] which belongs to the cache kmalloc-128 of size 128 [ 28.077478] The buggy address is located 0 bytes inside of [ 28.077478] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.077985] [ 28.078080] The buggy address belongs to the physical page: [ 28.078309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.078607] flags: 0x200000000000000(node=0|zone=2) [ 28.078850] page_type: f5(slab) [ 28.079002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.079256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.079476] page dumped because: kasan: bad access detected [ 28.079643] [ 28.079717] Memory state around the buggy address: [ 28.080049] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.080365] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.080641] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.080858] ^ [ 28.081066] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.081553] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.081885] ================================================================== [ 28.131442] ================================================================== [ 28.131785] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.132467] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.133228] [ 28.133356] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.133528] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.133544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.133568] Call Trace: [ 28.133587] <TASK> [ 28.133606] dump_stack_lvl+0x73/0xb0 [ 28.133677] print_report+0xd1/0x610 [ 28.133710] ? __virt_addr_valid+0x1db/0x2d0 [ 28.133735] ? copy_user_test_oob+0x604/0x10f0 [ 28.133759] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.133796] ? copy_user_test_oob+0x604/0x10f0 [ 28.133821] kasan_report+0x141/0x180 [ 28.133845] ? copy_user_test_oob+0x604/0x10f0 [ 28.133873] kasan_check_range+0x10c/0x1c0 [ 28.133898] __kasan_check_read+0x15/0x20 [ 28.133922] copy_user_test_oob+0x604/0x10f0 [ 28.133948] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.133973] ? finish_task_switch.isra.0+0x153/0x700 [ 28.133997] ? __switch_to+0x47/0xf80 [ 28.134024] ? __schedule+0x10cc/0x2b60 [ 28.134049] ? __pfx_read_tsc+0x10/0x10 [ 28.134071] ? ktime_get_ts64+0x86/0x230 [ 28.134097] kunit_try_run_case+0x1a5/0x480 [ 28.134120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.134141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.134166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.134191] ? __kthread_parkme+0x82/0x180 [ 28.134212] ? preempt_count_sub+0x50/0x80 [ 28.134237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.134259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.134284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.134311] kthread+0x337/0x6f0 [ 28.134331] ? trace_preempt_on+0x20/0xc0 [ 28.134354] ? __pfx_kthread+0x10/0x10 [ 28.134376] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.134400] ? calculate_sigpending+0x7b/0xa0 [ 28.134426] ? __pfx_kthread+0x10/0x10 [ 28.134449] ret_from_fork+0x116/0x1d0 [ 28.134469] ? __pfx_kthread+0x10/0x10 [ 28.134491] ret_from_fork_asm+0x1a/0x30 [ 28.134524] </TASK> [ 28.134537] [ 28.145199] Allocated by task 335: [ 28.145505] kasan_save_stack+0x45/0x70 [ 28.145896] kasan_save_track+0x18/0x40 [ 28.146182] kasan_save_alloc_info+0x3b/0x50 [ 28.146387] __kasan_kmalloc+0xb7/0xc0 [ 28.146553] __kmalloc_noprof+0x1c9/0x500 [ 28.146750] kunit_kmalloc_array+0x25/0x60 [ 28.147161] copy_user_test_oob+0xab/0x10f0 [ 28.147340] kunit_try_run_case+0x1a5/0x480 [ 28.147523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.147765] kthread+0x337/0x6f0 [ 28.148352] ret_from_fork+0x116/0x1d0 [ 28.148607] ret_from_fork_asm+0x1a/0x30 [ 28.148946] [ 28.149186] The buggy address belongs to the object at ffff8881060ac600 [ 28.149186] which belongs to the cache kmalloc-128 of size 128 [ 28.149675] The buggy address is located 0 bytes inside of [ 28.149675] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.150286] [ 28.150361] The buggy address belongs to the physical page: [ 28.150583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.150999] flags: 0x200000000000000(node=0|zone=2) [ 28.151211] page_type: f5(slab) [ 28.151363] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.151730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.152131] page dumped because: kasan: bad access detected [ 28.152304] [ 28.152398] Memory state around the buggy address: [ 28.152620] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.152961] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.153320] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.153583] ^ [ 28.154026] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154352] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154657] ==================================================================