Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 82.434915] ================================================================== [ 82.441788] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 82.448814] Write of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 82.456366] [ 82.457851] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 82.457907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.457924] Hardware name: WinLink E850-96 board (DT) [ 82.457949] Call trace: [ 82.457964] show_stack+0x20/0x38 (C) [ 82.458003] dump_stack_lvl+0x8c/0xd0 [ 82.458035] print_report+0x118/0x5d0 [ 82.458062] kasan_report+0xdc/0x128 [ 82.458089] kasan_check_range+0x100/0x1a8 [ 82.458116] __kasan_check_write+0x20/0x30 [ 82.458148] copy_user_test_oob+0x35c/0xec8 [ 82.458184] kunit_try_run_case+0x170/0x3f0 [ 82.458223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.458258] kthread+0x328/0x630 [ 82.458285] ret_from_fork+0x10/0x20 [ 82.458320] [ 82.525288] Allocated by task 369: [ 82.528676] kasan_save_stack+0x3c/0x68 [ 82.532493] kasan_save_track+0x20/0x40 [ 82.536313] kasan_save_alloc_info+0x40/0x58 [ 82.540566] __kasan_kmalloc+0xd4/0xd8 [ 82.544299] __kmalloc_noprof+0x198/0x4c8 [ 82.548292] kunit_kmalloc_array+0x34/0x88 [ 82.552373] copy_user_test_oob+0xac/0xec8 [ 82.556453] kunit_try_run_case+0x170/0x3f0 [ 82.560618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.566087] kthread+0x328/0x630 [ 82.569298] ret_from_fork+0x10/0x20 [ 82.572857] [ 82.574335] The buggy address belongs to the object at ffff000803b98000 [ 82.574335] which belongs to the cache kmalloc-128 of size 128 [ 82.586835] The buggy address is located 0 bytes inside of [ 82.586835] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 82.599246] [ 82.600724] The buggy address belongs to the physical page: [ 82.606280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 82.614266] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.621904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.628846] page_type: f5(slab) [ 82.631984] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.639703] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.647430] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.655241] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.663054] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 82.670866] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.678672] page dumped because: kasan: bad access detected [ 82.684227] [ 82.685703] Memory state around the buggy address: [ 82.690483] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.697685] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.704892] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.712091] ^ [ 82.719213] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.726418] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.733619] ================================================================== [ 83.047120] ================================================================== [ 83.054110] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 83.061133] Write of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 83.068685] [ 83.070166] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 83.070219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 83.070235] Hardware name: WinLink E850-96 board (DT) [ 83.070258] Call trace: [ 83.070273] show_stack+0x20/0x38 (C) [ 83.070308] dump_stack_lvl+0x8c/0xd0 [ 83.070343] print_report+0x118/0x5d0 [ 83.070372] kasan_report+0xdc/0x128 [ 83.070401] kasan_check_range+0x100/0x1a8 [ 83.070431] __kasan_check_write+0x20/0x30 [ 83.070464] copy_user_test_oob+0x434/0xec8 [ 83.070500] kunit_try_run_case+0x170/0x3f0 [ 83.070538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.070572] kthread+0x328/0x630 [ 83.070605] ret_from_fork+0x10/0x20 [ 83.070638] [ 83.137606] Allocated by task 369: [ 83.140993] kasan_save_stack+0x3c/0x68 [ 83.144811] kasan_save_track+0x20/0x40 [ 83.148630] kasan_save_alloc_info+0x40/0x58 [ 83.152883] __kasan_kmalloc+0xd4/0xd8 [ 83.156616] __kmalloc_noprof+0x198/0x4c8 [ 83.160609] kunit_kmalloc_array+0x34/0x88 [ 83.164690] copy_user_test_oob+0xac/0xec8 [ 83.168769] kunit_try_run_case+0x170/0x3f0 [ 83.172935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.178404] kthread+0x328/0x630 [ 83.181616] ret_from_fork+0x10/0x20 [ 83.185175] [ 83.186652] The buggy address belongs to the object at ffff000803b98000 [ 83.186652] which belongs to the cache kmalloc-128 of size 128 [ 83.199154] The buggy address is located 0 bytes inside of [ 83.199154] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 83.211564] [ 83.213042] The buggy address belongs to the physical page: [ 83.218598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 83.226583] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 83.234221] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 83.241165] page_type: f5(slab) [ 83.244300] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 83.252022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.259747] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 83.267558] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.275372] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 83.283183] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 83.290989] page dumped because: kasan: bad access detected [ 83.296544] [ 83.298020] Memory state around the buggy address: [ 83.302799] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.310003] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.317211] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 83.324409] ^ [ 83.331530] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.338735] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.345936] ================================================================== [ 83.353540] ================================================================== [ 83.360352] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 83.367377] Read of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 83.374842] [ 83.376325] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 83.376379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 83.376395] Hardware name: WinLink E850-96 board (DT) [ 83.376416] Call trace: [ 83.376430] show_stack+0x20/0x38 (C) [ 83.376463] dump_stack_lvl+0x8c/0xd0 [ 83.376497] print_report+0x118/0x5d0 [ 83.376527] kasan_report+0xdc/0x128 [ 83.376554] kasan_check_range+0x100/0x1a8 [ 83.376586] __kasan_check_read+0x20/0x30 [ 83.376615] copy_user_test_oob+0x4a0/0xec8 [ 83.376647] kunit_try_run_case+0x170/0x3f0 [ 83.376685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.376723] kthread+0x328/0x630 [ 83.376754] ret_from_fork+0x10/0x20 [ 83.376787] [ 83.443677] Allocated by task 369: [ 83.447066] kasan_save_stack+0x3c/0x68 [ 83.450882] kasan_save_track+0x20/0x40 [ 83.454702] kasan_save_alloc_info+0x40/0x58 [ 83.458955] __kasan_kmalloc+0xd4/0xd8 [ 83.462688] __kmalloc_noprof+0x198/0x4c8 [ 83.466681] kunit_kmalloc_array+0x34/0x88 [ 83.470762] copy_user_test_oob+0xac/0xec8 [ 83.474840] kunit_try_run_case+0x170/0x3f0 [ 83.479009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.484476] kthread+0x328/0x630 [ 83.487688] ret_from_fork+0x10/0x20 [ 83.491246] [ 83.492723] The buggy address belongs to the object at ffff000803b98000 [ 83.492723] which belongs to the cache kmalloc-128 of size 128 [ 83.505222] The buggy address is located 0 bytes inside of [ 83.505222] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 83.517635] [ 83.519112] The buggy address belongs to the physical page: [ 83.524670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 83.532654] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 83.540293] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 83.547235] page_type: f5(slab) [ 83.550372] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 83.558092] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.565819] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 83.573630] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.581443] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 83.589255] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 83.597061] page dumped because: kasan: bad access detected [ 83.602616] [ 83.604092] Memory state around the buggy address: [ 83.608871] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.616075] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.623281] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 83.630480] ^ [ 83.637602] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.644807] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.652008] ================================================================== [ 81.817111] ================================================================== [ 81.829472] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 81.836498] Write of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 81.844049] [ 81.845536] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 81.845599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 81.845616] Hardware name: WinLink E850-96 board (DT) [ 81.845638] Call trace: [ 81.845654] show_stack+0x20/0x38 (C) [ 81.845688] dump_stack_lvl+0x8c/0xd0 [ 81.845723] print_report+0x118/0x5d0 [ 81.845756] kasan_report+0xdc/0x128 [ 81.845786] kasan_check_range+0x100/0x1a8 [ 81.845820] __kasan_check_write+0x20/0x30 [ 81.845854] copy_user_test_oob+0x234/0xec8 [ 81.845888] kunit_try_run_case+0x170/0x3f0 [ 81.845930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.845964] kthread+0x328/0x630 [ 81.845996] ret_from_fork+0x10/0x20 [ 81.846034] [ 81.912973] Allocated by task 369: [ 81.916359] kasan_save_stack+0x3c/0x68 [ 81.920176] kasan_save_track+0x20/0x40 [ 81.923996] kasan_save_alloc_info+0x40/0x58 [ 81.928249] __kasan_kmalloc+0xd4/0xd8 [ 81.931982] __kmalloc_noprof+0x198/0x4c8 [ 81.935975] kunit_kmalloc_array+0x34/0x88 [ 81.940056] copy_user_test_oob+0xac/0xec8 [ 81.944134] kunit_try_run_case+0x170/0x3f0 [ 81.948301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.953770] kthread+0x328/0x630 [ 81.956981] ret_from_fork+0x10/0x20 [ 81.960540] [ 81.962017] The buggy address belongs to the object at ffff000803b98000 [ 81.962017] which belongs to the cache kmalloc-128 of size 128 [ 81.974519] The buggy address is located 0 bytes inside of [ 81.974519] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 81.986928] [ 81.988410] The buggy address belongs to the physical page: [ 81.993964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 82.001948] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.009588] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.016531] page_type: f5(slab) [ 82.019668] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.027386] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.035114] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.042924] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.050737] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 82.058549] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.066354] page dumped because: kasan: bad access detected [ 82.071910] [ 82.073385] Memory state around the buggy address: [ 82.078167] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.085368] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.092575] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.099774] ^ [ 82.106896] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.114101] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.121303] ================================================================== [ 82.741040] ================================================================== [ 82.748033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 82.755060] Read of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 82.762525] [ 82.764009] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 82.764062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.764080] Hardware name: WinLink E850-96 board (DT) [ 82.764103] Call trace: [ 82.764118] show_stack+0x20/0x38 (C) [ 82.764155] dump_stack_lvl+0x8c/0xd0 [ 82.764190] print_report+0x118/0x5d0 [ 82.764218] kasan_report+0xdc/0x128 [ 82.764244] kasan_check_range+0x100/0x1a8 [ 82.764274] __kasan_check_read+0x20/0x30 [ 82.764305] copy_user_test_oob+0x3c8/0xec8 [ 82.764341] kunit_try_run_case+0x170/0x3f0 [ 82.764379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.764414] kthread+0x328/0x630 [ 82.764443] ret_from_fork+0x10/0x20 [ 82.764479] [ 82.831362] Allocated by task 369: [ 82.834749] kasan_save_stack+0x3c/0x68 [ 82.838565] kasan_save_track+0x20/0x40 [ 82.842385] kasan_save_alloc_info+0x40/0x58 [ 82.846638] __kasan_kmalloc+0xd4/0xd8 [ 82.850371] __kmalloc_noprof+0x198/0x4c8 [ 82.854363] kunit_kmalloc_array+0x34/0x88 [ 82.858445] copy_user_test_oob+0xac/0xec8 [ 82.862523] kunit_try_run_case+0x170/0x3f0 [ 82.866690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.872158] kthread+0x328/0x630 [ 82.875370] ret_from_fork+0x10/0x20 [ 82.878929] [ 82.880406] The buggy address belongs to the object at ffff000803b98000 [ 82.880406] which belongs to the cache kmalloc-128 of size 128 [ 82.892904] The buggy address is located 0 bytes inside of [ 82.892904] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 82.905318] [ 82.906797] The buggy address belongs to the physical page: [ 82.912352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 82.920337] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.927976] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.934919] page_type: f5(slab) [ 82.938054] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.945775] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.953501] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.961313] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.969126] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 82.976937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.984744] page dumped because: kasan: bad access detected [ 82.990299] [ 82.991775] Memory state around the buggy address: [ 82.996554] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.003757] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.010964] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 83.018163] ^ [ 83.025285] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.032490] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.039691] ================================================================== [ 82.128743] ================================================================== [ 82.135718] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 82.142743] Read of size 121 at addr ffff000803b98000 by task kunit_try_catch/369 [ 82.150208] [ 82.151692] CPU: 6 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 82.151746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.151764] Hardware name: WinLink E850-96 board (DT) [ 82.151788] Call trace: [ 82.151801] show_stack+0x20/0x38 (C) [ 82.151839] dump_stack_lvl+0x8c/0xd0 [ 82.151873] print_report+0x118/0x5d0 [ 82.151904] kasan_report+0xdc/0x128 [ 82.151932] kasan_check_range+0x100/0x1a8 [ 82.151964] __kasan_check_read+0x20/0x30 [ 82.151995] copy_user_test_oob+0x728/0xec8 [ 82.152029] kunit_try_run_case+0x170/0x3f0 [ 82.152069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.152104] kthread+0x328/0x630 [ 82.152136] ret_from_fork+0x10/0x20 [ 82.152174] [ 82.219043] Allocated by task 369: [ 82.222432] kasan_save_stack+0x3c/0x68 [ 82.226248] kasan_save_track+0x20/0x40 [ 82.230068] kasan_save_alloc_info+0x40/0x58 [ 82.234321] __kasan_kmalloc+0xd4/0xd8 [ 82.238053] __kmalloc_noprof+0x198/0x4c8 [ 82.242046] kunit_kmalloc_array+0x34/0x88 [ 82.246126] copy_user_test_oob+0xac/0xec8 [ 82.250206] kunit_try_run_case+0x170/0x3f0 [ 82.254373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.259841] kthread+0x328/0x630 [ 82.263053] ret_from_fork+0x10/0x20 [ 82.266612] [ 82.268089] The buggy address belongs to the object at ffff000803b98000 [ 82.268089] which belongs to the cache kmalloc-128 of size 128 [ 82.280588] The buggy address is located 0 bytes inside of [ 82.280588] allocated 120-byte region [ffff000803b98000, ffff000803b98078) [ 82.293000] [ 82.294479] The buggy address belongs to the physical page: [ 82.300035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b98 [ 82.308019] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.315659] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.322602] page_type: f5(slab) [ 82.325737] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.333458] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.341184] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.348995] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.356809] head: 0bfffe0000000001 fffffdffe00ee601 00000000ffffffff 00000000ffffffff [ 82.364621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.372426] page dumped because: kasan: bad access detected [ 82.377981] [ 82.379457] Memory state around the buggy address: [ 82.384239] ffff000803b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.391440] ffff000803b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.398646] >ffff000803b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.405846] ^ [ 82.412968] ffff000803b98080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.420173] ffff000803b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.427374] ==================================================================
[ 33.461115] ================================================================== [ 33.461842] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 33.462376] Write of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.462468] [ 33.462624] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.462745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.462853] Hardware name: linux,dummy-virt (DT) [ 33.462969] Call trace: [ 33.463018] show_stack+0x20/0x38 (C) [ 33.463164] dump_stack_lvl+0x8c/0xd0 [ 33.463551] print_report+0x118/0x5d0 [ 33.463705] kasan_report+0xdc/0x128 [ 33.463791] kasan_check_range+0x100/0x1a8 [ 33.463965] __kasan_check_write+0x20/0x30 [ 33.464053] copy_user_test_oob+0x234/0xec8 [ 33.464365] kunit_try_run_case+0x170/0x3f0 [ 33.464473] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.464528] kthread+0x328/0x630 [ 33.464873] ret_from_fork+0x10/0x20 [ 33.464965] [ 33.465135] Allocated by task 316: [ 33.465203] kasan_save_stack+0x3c/0x68 [ 33.465347] kasan_save_track+0x20/0x40 [ 33.465441] kasan_save_alloc_info+0x40/0x58 [ 33.465513] __kasan_kmalloc+0xd4/0xd8 [ 33.465857] __kmalloc_noprof+0x198/0x4c8 [ 33.465957] kunit_kmalloc_array+0x34/0x88 [ 33.466094] copy_user_test_oob+0xac/0xec8 [ 33.466173] kunit_try_run_case+0x170/0x3f0 [ 33.466299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.466378] kthread+0x328/0x630 [ 33.466519] ret_from_fork+0x10/0x20 [ 33.466619] [ 33.466643] The buggy address belongs to the object at fff00000c91a7600 [ 33.466643] which belongs to the cache kmalloc-128 of size 128 [ 33.466726] The buggy address is located 0 bytes inside of [ 33.466726] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.467191] [ 33.467254] The buggy address belongs to the physical page: [ 33.467617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.467800] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.468093] page_type: f5(slab) [ 33.468162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.468299] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.468372] page dumped because: kasan: bad access detected [ 33.468418] [ 33.468448] Memory state around the buggy address: [ 33.468486] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.468539] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.468594] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.468650] ^ [ 33.468693] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.468739] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.468798] ================================================================== [ 33.511571] ================================================================== [ 33.511700] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 33.511773] Write of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.511828] [ 33.511899] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.511998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.512028] Hardware name: linux,dummy-virt (DT) [ 33.512061] Call trace: [ 33.512099] show_stack+0x20/0x38 (C) [ 33.512150] dump_stack_lvl+0x8c/0xd0 [ 33.512209] print_report+0x118/0x5d0 [ 33.512254] kasan_report+0xdc/0x128 [ 33.512299] kasan_check_range+0x100/0x1a8 [ 33.512364] __kasan_check_write+0x20/0x30 [ 33.512413] copy_user_test_oob+0x434/0xec8 [ 33.512468] kunit_try_run_case+0x170/0x3f0 [ 33.512520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.512570] kthread+0x328/0x630 [ 33.512619] ret_from_fork+0x10/0x20 [ 33.512669] [ 33.512689] Allocated by task 316: [ 33.512720] kasan_save_stack+0x3c/0x68 [ 33.512764] kasan_save_track+0x20/0x40 [ 33.512805] kasan_save_alloc_info+0x40/0x58 [ 33.512855] __kasan_kmalloc+0xd4/0xd8 [ 33.512903] __kmalloc_noprof+0x198/0x4c8 [ 33.512946] kunit_kmalloc_array+0x34/0x88 [ 33.512985] copy_user_test_oob+0xac/0xec8 [ 33.513025] kunit_try_run_case+0x170/0x3f0 [ 33.513075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.513118] kthread+0x328/0x630 [ 33.513151] ret_from_fork+0x10/0x20 [ 33.513189] [ 33.513211] The buggy address belongs to the object at fff00000c91a7600 [ 33.513211] which belongs to the cache kmalloc-128 of size 128 [ 33.513273] The buggy address is located 0 bytes inside of [ 33.513273] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.513659] [ 33.513685] The buggy address belongs to the physical page: [ 33.514100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.514187] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.514260] page_type: f5(slab) [ 33.514630] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.514705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.514915] page dumped because: kasan: bad access detected [ 33.514955] [ 33.515102] Memory state around the buggy address: [ 33.515368] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.515708] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.515762] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.515867] ^ [ 33.515913] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.515959] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.516270] ================================================================== [ 33.494013] ================================================================== [ 33.494092] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 33.494175] Write of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.494245] [ 33.494288] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.494400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.494433] Hardware name: linux,dummy-virt (DT) [ 33.494471] Call trace: [ 33.494498] show_stack+0x20/0x38 (C) [ 33.494555] dump_stack_lvl+0x8c/0xd0 [ 33.494606] print_report+0x118/0x5d0 [ 33.494653] kasan_report+0xdc/0x128 [ 33.494707] kasan_check_range+0x100/0x1a8 [ 33.494753] __kasan_check_write+0x20/0x30 [ 33.494801] copy_user_test_oob+0x35c/0xec8 [ 33.494849] kunit_try_run_case+0x170/0x3f0 [ 33.494903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.494964] kthread+0x328/0x630 [ 33.495008] ret_from_fork+0x10/0x20 [ 33.495073] [ 33.495093] Allocated by task 316: [ 33.495133] kasan_save_stack+0x3c/0x68 [ 33.495191] kasan_save_track+0x20/0x40 [ 33.495235] kasan_save_alloc_info+0x40/0x58 [ 33.495274] __kasan_kmalloc+0xd4/0xd8 [ 33.495314] __kmalloc_noprof+0x198/0x4c8 [ 33.496222] kunit_kmalloc_array+0x34/0x88 [ 33.496398] copy_user_test_oob+0xac/0xec8 [ 33.496589] kunit_try_run_case+0x170/0x3f0 [ 33.496723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.496820] kthread+0x328/0x630 [ 33.496880] ret_from_fork+0x10/0x20 [ 33.496937] [ 33.497099] The buggy address belongs to the object at fff00000c91a7600 [ 33.497099] which belongs to the cache kmalloc-128 of size 128 [ 33.497317] The buggy address is located 0 bytes inside of [ 33.497317] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.497699] [ 33.497839] The buggy address belongs to the physical page: [ 33.497917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.498100] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.498161] page_type: f5(slab) [ 33.498371] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.498545] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.498822] page dumped because: kasan: bad access detected [ 33.498992] [ 33.499035] Memory state around the buggy address: [ 33.499110] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.499236] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.499283] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.499525] ^ [ 33.499965] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.500042] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.500163] ================================================================== [ 33.476409] ================================================================== [ 33.476505] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 33.476582] Read of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.476646] [ 33.476684] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.476791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.476824] Hardware name: linux,dummy-virt (DT) [ 33.476867] Call trace: [ 33.476898] show_stack+0x20/0x38 (C) [ 33.476949] dump_stack_lvl+0x8c/0xd0 [ 33.477004] print_report+0x118/0x5d0 [ 33.477050] kasan_report+0xdc/0x128 [ 33.477094] kasan_check_range+0x100/0x1a8 [ 33.477141] __kasan_check_read+0x20/0x30 [ 33.477187] copy_user_test_oob+0x728/0xec8 [ 33.477241] kunit_try_run_case+0x170/0x3f0 [ 33.477292] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.477354] kthread+0x328/0x630 [ 33.478008] ret_from_fork+0x10/0x20 [ 33.478153] [ 33.478195] Allocated by task 316: [ 33.478515] kasan_save_stack+0x3c/0x68 [ 33.478603] kasan_save_track+0x20/0x40 [ 33.478702] kasan_save_alloc_info+0x40/0x58 [ 33.478960] __kasan_kmalloc+0xd4/0xd8 [ 33.479132] __kmalloc_noprof+0x198/0x4c8 [ 33.479209] kunit_kmalloc_array+0x34/0x88 [ 33.479385] copy_user_test_oob+0xac/0xec8 [ 33.479617] kunit_try_run_case+0x170/0x3f0 [ 33.479916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.480036] kthread+0x328/0x630 [ 33.480214] ret_from_fork+0x10/0x20 [ 33.480260] [ 33.480521] The buggy address belongs to the object at fff00000c91a7600 [ 33.480521] which belongs to the cache kmalloc-128 of size 128 [ 33.480740] The buggy address is located 0 bytes inside of [ 33.480740] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.481011] [ 33.481085] The buggy address belongs to the physical page: [ 33.481255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.481665] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.481841] page_type: f5(slab) [ 33.482090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.482218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.482275] page dumped because: kasan: bad access detected [ 33.482436] [ 33.482630] Memory state around the buggy address: [ 33.482715] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.482843] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.482919] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.483239] ^ [ 33.483372] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.483423] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.483912] ================================================================== [ 33.517096] ================================================================== [ 33.517150] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 33.517493] Read of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.517629] [ 33.517711] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.517803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.517839] Hardware name: linux,dummy-virt (DT) [ 33.518024] Call trace: [ 33.518157] show_stack+0x20/0x38 (C) [ 33.518297] dump_stack_lvl+0x8c/0xd0 [ 33.518402] print_report+0x118/0x5d0 [ 33.518731] kasan_report+0xdc/0x128 [ 33.518805] kasan_check_range+0x100/0x1a8 [ 33.518914] __kasan_check_read+0x20/0x30 [ 33.519068] copy_user_test_oob+0x4a0/0xec8 [ 33.519185] kunit_try_run_case+0x170/0x3f0 [ 33.519235] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.519603] kthread+0x328/0x630 [ 33.519699] ret_from_fork+0x10/0x20 [ 33.520177] [ 33.520263] Allocated by task 316: [ 33.520348] kasan_save_stack+0x3c/0x68 [ 33.520455] kasan_save_track+0x20/0x40 [ 33.520500] kasan_save_alloc_info+0x40/0x58 [ 33.520539] __kasan_kmalloc+0xd4/0xd8 [ 33.520735] __kmalloc_noprof+0x198/0x4c8 [ 33.520926] kunit_kmalloc_array+0x34/0x88 [ 33.521011] copy_user_test_oob+0xac/0xec8 [ 33.521186] kunit_try_run_case+0x170/0x3f0 [ 33.521389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.521540] kthread+0x328/0x630 [ 33.521630] ret_from_fork+0x10/0x20 [ 33.521746] [ 33.521793] The buggy address belongs to the object at fff00000c91a7600 [ 33.521793] which belongs to the cache kmalloc-128 of size 128 [ 33.521872] The buggy address is located 0 bytes inside of [ 33.521872] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.521951] [ 33.522236] The buggy address belongs to the physical page: [ 33.522372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.522733] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.522920] page_type: f5(slab) [ 33.522966] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.523348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.523418] page dumped because: kasan: bad access detected [ 33.523471] [ 33.523722] Memory state around the buggy address: [ 33.523916] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.524011] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.524217] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.524418] ^ [ 33.524731] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.524957] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.525138] ================================================================== [ 33.501215] ================================================================== [ 33.501304] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 33.501552] Read of size 121 at addr fff00000c91a7600 by task kunit_try_catch/316 [ 33.501798] [ 33.501841] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 33.501938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.501966] Hardware name: linux,dummy-virt (DT) [ 33.502301] Call trace: [ 33.502737] show_stack+0x20/0x38 (C) [ 33.502838] dump_stack_lvl+0x8c/0xd0 [ 33.502990] print_report+0x118/0x5d0 [ 33.503080] kasan_report+0xdc/0x128 [ 33.503132] kasan_check_range+0x100/0x1a8 [ 33.503409] __kasan_check_read+0x20/0x30 [ 33.503608] copy_user_test_oob+0x3c8/0xec8 [ 33.503805] kunit_try_run_case+0x170/0x3f0 [ 33.504009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.504165] kthread+0x328/0x630 [ 33.504253] ret_from_fork+0x10/0x20 [ 33.504642] [ 33.504687] Allocated by task 316: [ 33.504737] kasan_save_stack+0x3c/0x68 [ 33.505067] kasan_save_track+0x20/0x40 [ 33.505283] kasan_save_alloc_info+0x40/0x58 [ 33.505465] __kasan_kmalloc+0xd4/0xd8 [ 33.505549] __kmalloc_noprof+0x198/0x4c8 [ 33.505630] kunit_kmalloc_array+0x34/0x88 [ 33.505743] copy_user_test_oob+0xac/0xec8 [ 33.505786] kunit_try_run_case+0x170/0x3f0 [ 33.505830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.505872] kthread+0x328/0x630 [ 33.505908] ret_from_fork+0x10/0x20 [ 33.505947] [ 33.505970] The buggy address belongs to the object at fff00000c91a7600 [ 33.505970] which belongs to the cache kmalloc-128 of size 128 [ 33.506291] The buggy address is located 0 bytes inside of [ 33.506291] allocated 120-byte region [fff00000c91a7600, fff00000c91a7678) [ 33.506776] [ 33.506847] The buggy address belongs to the physical page: [ 33.507174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091a7 [ 33.507506] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.507602] page_type: f5(slab) [ 33.507683] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.507741] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.507784] page dumped because: kasan: bad access detected [ 33.508104] [ 33.508427] Memory state around the buggy address: [ 33.508507] fff00000c91a7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.508941] fff00000c91a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.509270] >fff00000c91a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.509407] ^ [ 33.509499] fff00000c91a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.509613] fff00000c91a7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.509654] ==================================================================
[ 28.019893] ================================================================== [ 28.020211] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.020525] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.020841] [ 28.020962] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.021015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.021776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.021808] Call Trace: [ 28.021824] <TASK> [ 28.021846] dump_stack_lvl+0x73/0xb0 [ 28.021880] print_report+0xd1/0x610 [ 28.021904] ? __virt_addr_valid+0x1db/0x2d0 [ 28.021930] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.021954] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.021984] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.022009] kasan_report+0x141/0x180 [ 28.022032] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.022061] kasan_check_range+0x10c/0x1c0 [ 28.022086] __kasan_check_write+0x18/0x20 [ 28.022111] copy_user_test_oob+0x3fd/0x10f0 [ 28.022138] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.022162] ? finish_task_switch.isra.0+0x153/0x700 [ 28.022187] ? __switch_to+0x47/0xf80 [ 28.022215] ? __schedule+0x10cc/0x2b60 [ 28.022239] ? __pfx_read_tsc+0x10/0x10 [ 28.022262] ? ktime_get_ts64+0x86/0x230 [ 28.022291] kunit_try_run_case+0x1a5/0x480 [ 28.022313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.022335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.022360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.022384] ? __kthread_parkme+0x82/0x180 [ 28.022507] ? preempt_count_sub+0x50/0x80 [ 28.022537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.022562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.022588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.022615] kthread+0x337/0x6f0 [ 28.022636] ? trace_preempt_on+0x20/0xc0 [ 28.022661] ? __pfx_kthread+0x10/0x10 [ 28.022684] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.022707] ? calculate_sigpending+0x7b/0xa0 [ 28.022745] ? __pfx_kthread+0x10/0x10 [ 28.022768] ret_from_fork+0x116/0x1d0 [ 28.022789] ? __pfx_kthread+0x10/0x10 [ 28.022811] ret_from_fork_asm+0x1a/0x30 [ 28.022842] </TASK> [ 28.022854] [ 28.031266] Allocated by task 335: [ 28.031390] kasan_save_stack+0x45/0x70 [ 28.031610] kasan_save_track+0x18/0x40 [ 28.031769] kasan_save_alloc_info+0x3b/0x50 [ 28.031911] __kasan_kmalloc+0xb7/0xc0 [ 28.032033] __kmalloc_noprof+0x1c9/0x500 [ 28.032167] kunit_kmalloc_array+0x25/0x60 [ 28.032297] copy_user_test_oob+0xab/0x10f0 [ 28.032478] kunit_try_run_case+0x1a5/0x480 [ 28.032691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.032894] kthread+0x337/0x6f0 [ 28.033012] ret_from_fork+0x116/0x1d0 [ 28.033148] ret_from_fork_asm+0x1a/0x30 [ 28.033341] [ 28.033466] The buggy address belongs to the object at ffff88810622c200 [ 28.033466] which belongs to the cache kmalloc-128 of size 128 [ 28.033945] The buggy address is located 0 bytes inside of [ 28.033945] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.034921] [ 28.034998] The buggy address belongs to the physical page: [ 28.035419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.035681] flags: 0x200000000000000(node=0|zone=2) [ 28.035880] page_type: f5(slab) [ 28.035998] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.036218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.036786] page dumped because: kasan: bad access detected [ 28.037056] [ 28.037150] Memory state around the buggy address: [ 28.037375] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.037690] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.037907] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.038108] ^ [ 28.038308] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.038759] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.039073] ================================================================== [ 28.078459] ================================================================== [ 28.078853] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.079503] Read of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.079829] [ 28.079936] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.079988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.080002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.080026] Call Trace: [ 28.080045] <TASK> [ 28.080063] dump_stack_lvl+0x73/0xb0 [ 28.080095] print_report+0xd1/0x610 [ 28.080118] ? __virt_addr_valid+0x1db/0x2d0 [ 28.080143] ? copy_user_test_oob+0x604/0x10f0 [ 28.080167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.080194] ? copy_user_test_oob+0x604/0x10f0 [ 28.080218] kasan_report+0x141/0x180 [ 28.080241] ? copy_user_test_oob+0x604/0x10f0 [ 28.080270] kasan_check_range+0x10c/0x1c0 [ 28.080294] __kasan_check_read+0x15/0x20 [ 28.080324] copy_user_test_oob+0x604/0x10f0 [ 28.080350] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.080374] ? finish_task_switch.isra.0+0x153/0x700 [ 28.080398] ? __switch_to+0x47/0xf80 [ 28.080578] ? __schedule+0x10cc/0x2b60 [ 28.080607] ? __pfx_read_tsc+0x10/0x10 [ 28.080629] ? ktime_get_ts64+0x86/0x230 [ 28.080655] kunit_try_run_case+0x1a5/0x480 [ 28.080680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.080751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.080778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.080803] ? __kthread_parkme+0x82/0x180 [ 28.080825] ? preempt_count_sub+0x50/0x80 [ 28.080849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.080872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.080898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.080924] kthread+0x337/0x6f0 [ 28.080945] ? trace_preempt_on+0x20/0xc0 [ 28.080970] ? __pfx_kthread+0x10/0x10 [ 28.080992] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.081014] ? calculate_sigpending+0x7b/0xa0 [ 28.081040] ? __pfx_kthread+0x10/0x10 [ 28.081063] ret_from_fork+0x116/0x1d0 [ 28.081083] ? __pfx_kthread+0x10/0x10 [ 28.081105] ret_from_fork_asm+0x1a/0x30 [ 28.081137] </TASK> [ 28.081149] [ 28.091708] Allocated by task 335: [ 28.091923] kasan_save_stack+0x45/0x70 [ 28.092218] kasan_save_track+0x18/0x40 [ 28.092527] kasan_save_alloc_info+0x3b/0x50 [ 28.092755] __kasan_kmalloc+0xb7/0xc0 [ 28.092926] __kmalloc_noprof+0x1c9/0x500 [ 28.093103] kunit_kmalloc_array+0x25/0x60 [ 28.093282] copy_user_test_oob+0xab/0x10f0 [ 28.093716] kunit_try_run_case+0x1a5/0x480 [ 28.094040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.094457] kthread+0x337/0x6f0 [ 28.094846] ret_from_fork+0x116/0x1d0 [ 28.095102] ret_from_fork_asm+0x1a/0x30 [ 28.095394] [ 28.095506] The buggy address belongs to the object at ffff88810622c200 [ 28.095506] which belongs to the cache kmalloc-128 of size 128 [ 28.096006] The buggy address is located 0 bytes inside of [ 28.096006] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.096749] [ 28.096982] The buggy address belongs to the physical page: [ 28.097422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.097930] flags: 0x200000000000000(node=0|zone=2) [ 28.098316] page_type: f5(slab) [ 28.098626] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.099105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.099573] page dumped because: kasan: bad access detected [ 28.099903] [ 28.100122] Memory state around the buggy address: [ 28.100473] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.100783] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.101079] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.101363] ^ [ 28.102072] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.102559] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.103068] ================================================================== [ 28.039673] ================================================================== [ 28.040220] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.040558] Read of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.040807] [ 28.040892] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.040944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.040958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.040981] Call Trace: [ 28.040998] <TASK> [ 28.041015] dump_stack_lvl+0x73/0xb0 [ 28.041045] print_report+0xd1/0x610 [ 28.041070] ? __virt_addr_valid+0x1db/0x2d0 [ 28.041095] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.041146] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041170] kasan_report+0x141/0x180 [ 28.041195] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041224] kasan_check_range+0x10c/0x1c0 [ 28.041248] __kasan_check_read+0x15/0x20 [ 28.041272] copy_user_test_oob+0x4aa/0x10f0 [ 28.041299] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.041323] ? finish_task_switch.isra.0+0x153/0x700 [ 28.041347] ? __switch_to+0x47/0xf80 [ 28.041374] ? __schedule+0x10cc/0x2b60 [ 28.041398] ? __pfx_read_tsc+0x10/0x10 [ 28.041433] ? ktime_get_ts64+0x86/0x230 [ 28.041461] kunit_try_run_case+0x1a5/0x480 [ 28.041483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.041531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.041557] ? __kthread_parkme+0x82/0x180 [ 28.041579] ? preempt_count_sub+0x50/0x80 [ 28.041603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.041653] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.041680] kthread+0x337/0x6f0 [ 28.041702] ? trace_preempt_on+0x20/0xc0 [ 28.041727] ? __pfx_kthread+0x10/0x10 [ 28.041762] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.041785] ? calculate_sigpending+0x7b/0xa0 [ 28.041810] ? __pfx_kthread+0x10/0x10 [ 28.041833] ret_from_fork+0x116/0x1d0 [ 28.041853] ? __pfx_kthread+0x10/0x10 [ 28.041875] ret_from_fork_asm+0x1a/0x30 [ 28.041907] </TASK> [ 28.041921] [ 28.049073] Allocated by task 335: [ 28.049254] kasan_save_stack+0x45/0x70 [ 28.049447] kasan_save_track+0x18/0x40 [ 28.049634] kasan_save_alloc_info+0x3b/0x50 [ 28.049849] __kasan_kmalloc+0xb7/0xc0 [ 28.050037] __kmalloc_noprof+0x1c9/0x500 [ 28.050368] kunit_kmalloc_array+0x25/0x60 [ 28.050521] copy_user_test_oob+0xab/0x10f0 [ 28.050663] kunit_try_run_case+0x1a5/0x480 [ 28.050828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.051086] kthread+0x337/0x6f0 [ 28.051255] ret_from_fork+0x116/0x1d0 [ 28.051455] ret_from_fork_asm+0x1a/0x30 [ 28.051628] [ 28.051721] The buggy address belongs to the object at ffff88810622c200 [ 28.051721] which belongs to the cache kmalloc-128 of size 128 [ 28.052159] The buggy address is located 0 bytes inside of [ 28.052159] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.052684] [ 28.052788] The buggy address belongs to the physical page: [ 28.052977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.053213] flags: 0x200000000000000(node=0|zone=2) [ 28.053371] page_type: f5(slab) [ 28.053677] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.054028] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.054297] page dumped because: kasan: bad access detected [ 28.054548] [ 28.054611] Memory state around the buggy address: [ 28.054763] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.054965] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.055248] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.055747] ^ [ 28.056055] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.056375] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.056691] ================================================================== [ 28.057184] ================================================================== [ 28.057514] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.057811] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.058100] [ 28.058204] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.058253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.058267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.058291] Call Trace: [ 28.058310] <TASK> [ 28.058328] dump_stack_lvl+0x73/0xb0 [ 28.058358] print_report+0xd1/0x610 [ 28.058382] ? __virt_addr_valid+0x1db/0x2d0 [ 28.058417] ? copy_user_test_oob+0x557/0x10f0 [ 28.058443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.058471] ? copy_user_test_oob+0x557/0x10f0 [ 28.058495] kasan_report+0x141/0x180 [ 28.058519] ? copy_user_test_oob+0x557/0x10f0 [ 28.058548] kasan_check_range+0x10c/0x1c0 [ 28.058573] __kasan_check_write+0x18/0x20 [ 28.058597] copy_user_test_oob+0x557/0x10f0 [ 28.058623] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.058647] ? finish_task_switch.isra.0+0x153/0x700 [ 28.058671] ? __switch_to+0x47/0xf80 [ 28.058699] ? __schedule+0x10cc/0x2b60 [ 28.058723] ? __pfx_read_tsc+0x10/0x10 [ 28.058759] ? ktime_get_ts64+0x86/0x230 [ 28.058786] kunit_try_run_case+0x1a5/0x480 [ 28.058811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.058860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.058884] ? __kthread_parkme+0x82/0x180 [ 28.058906] ? preempt_count_sub+0x50/0x80 [ 28.058931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.058980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.059007] kthread+0x337/0x6f0 [ 28.059027] ? trace_preempt_on+0x20/0xc0 [ 28.059053] ? __pfx_kthread+0x10/0x10 [ 28.059074] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.059097] ? calculate_sigpending+0x7b/0xa0 [ 28.059123] ? __pfx_kthread+0x10/0x10 [ 28.059145] ret_from_fork+0x116/0x1d0 [ 28.059165] ? __pfx_kthread+0x10/0x10 [ 28.059187] ret_from_fork_asm+0x1a/0x30 [ 28.059219] </TASK> [ 28.059231] [ 28.065915] Allocated by task 335: [ 28.066035] kasan_save_stack+0x45/0x70 [ 28.066310] kasan_save_track+0x18/0x40 [ 28.066590] kasan_save_alloc_info+0x3b/0x50 [ 28.066774] __kasan_kmalloc+0xb7/0xc0 [ 28.066938] __kmalloc_noprof+0x1c9/0x500 [ 28.067106] kunit_kmalloc_array+0x25/0x60 [ 28.067237] copy_user_test_oob+0xab/0x10f0 [ 28.067372] kunit_try_run_case+0x1a5/0x480 [ 28.067504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.069215] kthread+0x337/0x6f0 [ 28.069407] ret_from_fork+0x116/0x1d0 [ 28.069608] ret_from_fork_asm+0x1a/0x30 [ 28.069809] [ 28.069889] The buggy address belongs to the object at ffff88810622c200 [ 28.069889] which belongs to the cache kmalloc-128 of size 128 [ 28.070243] The buggy address is located 0 bytes inside of [ 28.070243] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.070886] [ 28.071491] The buggy address belongs to the physical page: [ 28.071831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.072190] flags: 0x200000000000000(node=0|zone=2) [ 28.072422] page_type: f5(slab) [ 28.072919] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.073381] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.073899] page dumped because: kasan: bad access detected [ 28.074303] [ 28.074397] Memory state around the buggy address: [ 28.074779] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.075083] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.075373] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.075933] ^ [ 28.076550] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.076930] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.077229] ==================================================================