Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 82.072803] ================================================================== [ 82.079793] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 82.086820] Read of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 82.094285] [ 82.095770] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 82.095825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.095839] Hardware name: WinLink E850-96 board (DT) [ 82.095859] Call trace: [ 82.095874] show_stack+0x20/0x38 (C) [ 82.095908] dump_stack_lvl+0x8c/0xd0 [ 82.095940] print_report+0x118/0x5d0 [ 82.095966] kasan_report+0xdc/0x128 [ 82.095991] kasan_check_range+0x100/0x1a8 [ 82.096025] __kasan_check_read+0x20/0x30 [ 82.096055] copy_user_test_oob+0x4a0/0xec8 [ 82.096089] kunit_try_run_case+0x170/0x3f0 [ 82.096123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.096157] kthread+0x328/0x630 [ 82.096186] ret_from_fork+0x10/0x20 [ 82.096219] [ 82.163120] Allocated by task 369: [ 82.166508] kasan_save_stack+0x3c/0x68 [ 82.170325] kasan_save_track+0x20/0x40 [ 82.174145] kasan_save_alloc_info+0x40/0x58 [ 82.178398] __kasan_kmalloc+0xd4/0xd8 [ 82.182131] __kmalloc_noprof+0x198/0x4c8 [ 82.186123] kunit_kmalloc_array+0x34/0x88 [ 82.190203] copy_user_test_oob+0xac/0xec8 [ 82.194283] kunit_try_run_case+0x170/0x3f0 [ 82.198450] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.203918] kthread+0x328/0x630 [ 82.207130] ret_from_fork+0x10/0x20 [ 82.210689] [ 82.212165] The buggy address belongs to the object at ffff0008074f9300 [ 82.212165] which belongs to the cache kmalloc-128 of size 128 [ 82.224666] The buggy address is located 0 bytes inside of [ 82.224666] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 82.237078] [ 82.238555] The buggy address belongs to the physical page: [ 82.244113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 82.252095] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.259734] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.266678] page_type: f5(slab) [ 82.269812] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.277535] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.285262] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 82.293073] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.300886] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 82.308697] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.316504] page dumped because: kasan: bad access detected [ 82.322059] [ 82.323535] Memory state around the buggy address: [ 82.328315] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.335518] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.342722] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.349923] ^ [ 82.357045] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.364250] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.371451] ================================================================== [ 80.848610] ================================================================== [ 80.855163] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 80.862186] Read of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 80.869650] [ 80.871136] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 80.871194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 80.871213] Hardware name: WinLink E850-96 board (DT) [ 80.871235] Call trace: [ 80.871250] show_stack+0x20/0x38 (C) [ 80.871288] dump_stack_lvl+0x8c/0xd0 [ 80.871322] print_report+0x118/0x5d0 [ 80.871354] kasan_report+0xdc/0x128 [ 80.871382] kasan_check_range+0x100/0x1a8 [ 80.871412] __kasan_check_read+0x20/0x30 [ 80.871446] copy_user_test_oob+0x728/0xec8 [ 80.871480] kunit_try_run_case+0x170/0x3f0 [ 80.871519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 80.871554] kthread+0x328/0x630 [ 80.871582] ret_from_fork+0x10/0x20 [ 80.871619] [ 80.938487] Allocated by task 369: [ 80.941873] kasan_save_stack+0x3c/0x68 [ 80.945691] kasan_save_track+0x20/0x40 [ 80.949512] kasan_save_alloc_info+0x40/0x58 [ 80.953764] __kasan_kmalloc+0xd4/0xd8 [ 80.957496] __kmalloc_noprof+0x198/0x4c8 [ 80.961489] kunit_kmalloc_array+0x34/0x88 [ 80.965569] copy_user_test_oob+0xac/0xec8 [ 80.969649] kunit_try_run_case+0x170/0x3f0 [ 80.973816] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 80.979284] kthread+0x328/0x630 [ 80.982496] ret_from_fork+0x10/0x20 [ 80.986055] [ 80.987532] The buggy address belongs to the object at ffff0008074f9300 [ 80.987532] which belongs to the cache kmalloc-128 of size 128 [ 81.000033] The buggy address is located 0 bytes inside of [ 81.000033] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 81.012443] [ 81.013922] The buggy address belongs to the physical page: [ 81.019479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 81.027461] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.035104] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 81.042046] page_type: f5(slab) [ 81.045182] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.052901] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.060627] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.068438] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.076252] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 81.084063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 81.091869] page dumped because: kasan: bad access detected [ 81.097425] [ 81.098900] Memory state around the buggy address: [ 81.103680] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.110883] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.118088] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 81.125289] ^ [ 81.132411] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.139616] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.146816] ================================================================== [ 81.460406] ================================================================== [ 81.467478] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 81.474503] Read of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 81.481968] [ 81.483453] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 81.483505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 81.483523] Hardware name: WinLink E850-96 board (DT) [ 81.483543] Call trace: [ 81.483557] show_stack+0x20/0x38 (C) [ 81.483591] dump_stack_lvl+0x8c/0xd0 [ 81.483623] print_report+0x118/0x5d0 [ 81.483652] kasan_report+0xdc/0x128 [ 81.483680] kasan_check_range+0x100/0x1a8 [ 81.483711] __kasan_check_read+0x20/0x30 [ 81.483743] copy_user_test_oob+0x3c8/0xec8 [ 81.483779] kunit_try_run_case+0x170/0x3f0 [ 81.483818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.483851] kthread+0x328/0x630 [ 81.483882] ret_from_fork+0x10/0x20 [ 81.483917] [ 81.550803] Allocated by task 369: [ 81.554191] kasan_save_stack+0x3c/0x68 [ 81.558008] kasan_save_track+0x20/0x40 [ 81.561827] kasan_save_alloc_info+0x40/0x58 [ 81.566081] __kasan_kmalloc+0xd4/0xd8 [ 81.569814] __kmalloc_noprof+0x198/0x4c8 [ 81.573807] kunit_kmalloc_array+0x34/0x88 [ 81.577886] copy_user_test_oob+0xac/0xec8 [ 81.581966] kunit_try_run_case+0x170/0x3f0 [ 81.586133] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.591602] kthread+0x328/0x630 [ 81.594813] ret_from_fork+0x10/0x20 [ 81.598372] [ 81.599849] The buggy address belongs to the object at ffff0008074f9300 [ 81.599849] which belongs to the cache kmalloc-128 of size 128 [ 81.612351] The buggy address is located 0 bytes inside of [ 81.612351] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 81.624761] [ 81.626238] The buggy address belongs to the physical page: [ 81.631796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 81.639778] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.647419] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 81.654361] page_type: f5(slab) [ 81.657497] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.665218] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.672944] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.680756] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.688569] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 81.696381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 81.704186] page dumped because: kasan: bad access detected [ 81.709742] [ 81.711217] Memory state around the buggy address: [ 81.715999] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.723200] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.730405] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 81.737606] ^ [ 81.744728] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.751932] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.759134] ================================================================== [ 80.536556] ================================================================== [ 80.548913] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 80.555940] Write of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 80.563492] [ 80.564979] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 80.565039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 80.565058] Hardware name: WinLink E850-96 board (DT) [ 80.565081] Call trace: [ 80.565097] show_stack+0x20/0x38 (C) [ 80.565136] dump_stack_lvl+0x8c/0xd0 [ 80.565172] print_report+0x118/0x5d0 [ 80.565201] kasan_report+0xdc/0x128 [ 80.565229] kasan_check_range+0x100/0x1a8 [ 80.565262] __kasan_check_write+0x20/0x30 [ 80.565296] copy_user_test_oob+0x234/0xec8 [ 80.565331] kunit_try_run_case+0x170/0x3f0 [ 80.565370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 80.565405] kthread+0x328/0x630 [ 80.565436] ret_from_fork+0x10/0x20 [ 80.565473] [ 80.632416] Allocated by task 369: [ 80.635803] kasan_save_stack+0x3c/0x68 [ 80.639619] kasan_save_track+0x20/0x40 [ 80.643440] kasan_save_alloc_info+0x40/0x58 [ 80.647692] __kasan_kmalloc+0xd4/0xd8 [ 80.651424] __kmalloc_noprof+0x198/0x4c8 [ 80.655418] kunit_kmalloc_array+0x34/0x88 [ 80.659497] copy_user_test_oob+0xac/0xec8 [ 80.663577] kunit_try_run_case+0x170/0x3f0 [ 80.667744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 80.673212] kthread+0x328/0x630 [ 80.676424] ret_from_fork+0x10/0x20 [ 80.679983] [ 80.681460] The buggy address belongs to the object at ffff0008074f9300 [ 80.681460] which belongs to the cache kmalloc-128 of size 128 [ 80.693962] The buggy address is located 0 bytes inside of [ 80.693962] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 80.706371] [ 80.707850] The buggy address belongs to the physical page: [ 80.713408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 80.721391] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 80.729031] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 80.735973] page_type: f5(slab) [ 80.739110] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 80.746829] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 80.754557] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 80.762367] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 80.770180] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 80.777992] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 80.785799] page dumped because: kasan: bad access detected [ 80.791352] [ 80.792828] Memory state around the buggy address: [ 80.797607] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.804811] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.812018] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 80.819219] ^ [ 80.826339] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.833545] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.840746] ================================================================== [ 81.154371] ================================================================== [ 81.161230] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 81.168257] Write of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 81.175809] [ 81.177294] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 81.177347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 81.177365] Hardware name: WinLink E850-96 board (DT) [ 81.177384] Call trace: [ 81.177398] show_stack+0x20/0x38 (C) [ 81.177435] dump_stack_lvl+0x8c/0xd0 [ 81.177470] print_report+0x118/0x5d0 [ 81.177498] kasan_report+0xdc/0x128 [ 81.177526] kasan_check_range+0x100/0x1a8 [ 81.177556] __kasan_check_write+0x20/0x30 [ 81.177589] copy_user_test_oob+0x35c/0xec8 [ 81.177622] kunit_try_run_case+0x170/0x3f0 [ 81.177660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.177692] kthread+0x328/0x630 [ 81.177719] ret_from_fork+0x10/0x20 [ 81.177753] [ 81.244732] Allocated by task 369: [ 81.248119] kasan_save_stack+0x3c/0x68 [ 81.251936] kasan_save_track+0x20/0x40 [ 81.255756] kasan_save_alloc_info+0x40/0x58 [ 81.260009] __kasan_kmalloc+0xd4/0xd8 [ 81.263742] __kmalloc_noprof+0x198/0x4c8 [ 81.267735] kunit_kmalloc_array+0x34/0x88 [ 81.271815] copy_user_test_oob+0xac/0xec8 [ 81.275894] kunit_try_run_case+0x170/0x3f0 [ 81.280061] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.285530] kthread+0x328/0x630 [ 81.288741] ret_from_fork+0x10/0x20 [ 81.292300] [ 81.293777] The buggy address belongs to the object at ffff0008074f9300 [ 81.293777] which belongs to the cache kmalloc-128 of size 128 [ 81.306278] The buggy address is located 0 bytes inside of [ 81.306278] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 81.318689] [ 81.320167] The buggy address belongs to the physical page: [ 81.325725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 81.333707] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.341345] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 81.348290] page_type: f5(slab) [ 81.351425] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.359146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.366873] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.374684] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.382497] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 81.390309] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 81.398115] page dumped because: kasan: bad access detected [ 81.403670] [ 81.405146] Memory state around the buggy address: [ 81.409925] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.417128] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.424333] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 81.431534] ^ [ 81.438656] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.445860] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.453062] ================================================================== [ 81.766677] ================================================================== [ 81.773551] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 81.780574] Write of size 121 at addr ffff0008074f9300 by task kunit_try_catch/369 [ 81.788126] [ 81.789610] CPU: 2 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 81.789666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 81.789683] Hardware name: WinLink E850-96 board (DT) [ 81.789704] Call trace: [ 81.789720] show_stack+0x20/0x38 (C) [ 81.789756] dump_stack_lvl+0x8c/0xd0 [ 81.789787] print_report+0x118/0x5d0 [ 81.789815] kasan_report+0xdc/0x128 [ 81.789842] kasan_check_range+0x100/0x1a8 [ 81.789874] __kasan_check_write+0x20/0x30 [ 81.789905] copy_user_test_oob+0x434/0xec8 [ 81.789938] kunit_try_run_case+0x170/0x3f0 [ 81.789974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.790009] kthread+0x328/0x630 [ 81.790038] ret_from_fork+0x10/0x20 [ 81.790073] [ 81.857049] Allocated by task 369: [ 81.860436] kasan_save_stack+0x3c/0x68 [ 81.864254] kasan_save_track+0x20/0x40 [ 81.868073] kasan_save_alloc_info+0x40/0x58 [ 81.872326] __kasan_kmalloc+0xd4/0xd8 [ 81.876059] __kmalloc_noprof+0x198/0x4c8 [ 81.880052] kunit_kmalloc_array+0x34/0x88 [ 81.884132] copy_user_test_oob+0xac/0xec8 [ 81.888211] kunit_try_run_case+0x170/0x3f0 [ 81.892378] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.897847] kthread+0x328/0x630 [ 81.901059] ret_from_fork+0x10/0x20 [ 81.904618] [ 81.906093] The buggy address belongs to the object at ffff0008074f9300 [ 81.906093] which belongs to the cache kmalloc-128 of size 128 [ 81.918596] The buggy address is located 0 bytes inside of [ 81.918596] allocated 120-byte region [ffff0008074f9300, ffff0008074f9378) [ 81.931006] [ 81.932483] The buggy address belongs to the physical page: [ 81.938041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 81.946023] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.953665] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 81.960606] page_type: f5(slab) [ 81.963742] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.971463] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.979190] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 81.987001] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 81.994814] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 82.002626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.010432] page dumped because: kasan: bad access detected [ 82.015987] [ 82.017463] Memory state around the buggy address: [ 82.022243] ffff0008074f9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.029446] ffff0008074f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.036651] >ffff0008074f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.043852] ^ [ 82.050973] ffff0008074f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.058178] ffff0008074f9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.065379] ==================================================================
[ 32.876982] ================================================================== [ 32.877145] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.877208] Write of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.877262] [ 32.877619] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.877751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.877787] Hardware name: linux,dummy-virt (DT) [ 32.877820] Call trace: [ 32.877940] show_stack+0x20/0x38 (C) [ 32.878035] dump_stack_lvl+0x8c/0xd0 [ 32.878218] print_report+0x118/0x5d0 [ 32.878282] kasan_report+0xdc/0x128 [ 32.878328] kasan_check_range+0x100/0x1a8 [ 32.878383] __kasan_check_write+0x20/0x30 [ 32.878592] copy_user_test_oob+0x35c/0xec8 [ 32.878656] kunit_try_run_case+0x170/0x3f0 [ 32.878708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.878860] kthread+0x328/0x630 [ 32.878916] ret_from_fork+0x10/0x20 [ 32.878981] [ 32.879331] Allocated by task 316: [ 32.879437] kasan_save_stack+0x3c/0x68 [ 32.879532] kasan_save_track+0x20/0x40 [ 32.879578] kasan_save_alloc_info+0x40/0x58 [ 32.879655] __kasan_kmalloc+0xd4/0xd8 [ 32.879776] __kmalloc_noprof+0x198/0x4c8 [ 32.879843] kunit_kmalloc_array+0x34/0x88 [ 32.879901] copy_user_test_oob+0xac/0xec8 [ 32.880178] kunit_try_run_case+0x170/0x3f0 [ 32.881036] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.881125] kthread+0x328/0x630 [ 32.881198] ret_from_fork+0x10/0x20 [ 32.881266] [ 32.881343] The buggy address belongs to the object at fff00000c85fcf00 [ 32.881343] which belongs to the cache kmalloc-128 of size 128 [ 32.881418] The buggy address is located 0 bytes inside of [ 32.881418] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.881485] [ 32.881879] The buggy address belongs to the physical page: [ 32.881994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.882446] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.882515] page_type: f5(slab) [ 32.882560] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.882938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.883324] page dumped because: kasan: bad access detected [ 32.883374] [ 32.883395] Memory state around the buggy address: [ 32.883432] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.883619] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.883676] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.883718] ^ [ 32.883791] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.883836] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.883895] ================================================================== [ 32.885537] ================================================================== [ 32.885653] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.885708] Read of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.885788] [ 32.886102] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.886215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.886244] Hardware name: linux,dummy-virt (DT) [ 32.886395] Call trace: [ 32.886643] show_stack+0x20/0x38 (C) [ 32.886789] dump_stack_lvl+0x8c/0xd0 [ 32.886842] print_report+0x118/0x5d0 [ 32.886898] kasan_report+0xdc/0x128 [ 32.886948] kasan_check_range+0x100/0x1a8 [ 32.887241] __kasan_check_read+0x20/0x30 [ 32.887542] copy_user_test_oob+0x3c8/0xec8 [ 32.887622] kunit_try_run_case+0x170/0x3f0 [ 32.887716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.887801] kthread+0x328/0x630 [ 32.887845] ret_from_fork+0x10/0x20 [ 32.887994] [ 32.888110] Allocated by task 316: [ 32.888230] kasan_save_stack+0x3c/0x68 [ 32.888279] kasan_save_track+0x20/0x40 [ 32.888668] kasan_save_alloc_info+0x40/0x58 [ 32.889112] __kasan_kmalloc+0xd4/0xd8 [ 32.889237] __kmalloc_noprof+0x198/0x4c8 [ 32.889370] kunit_kmalloc_array+0x34/0x88 [ 32.889435] copy_user_test_oob+0xac/0xec8 [ 32.889515] kunit_try_run_case+0x170/0x3f0 [ 32.889560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.889620] kthread+0x328/0x630 [ 32.889656] ret_from_fork+0x10/0x20 [ 32.889695] [ 32.889718] The buggy address belongs to the object at fff00000c85fcf00 [ 32.889718] which belongs to the cache kmalloc-128 of size 128 [ 32.889802] The buggy address is located 0 bytes inside of [ 32.889802] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.889874] [ 32.889905] The buggy address belongs to the physical page: [ 32.889943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.890002] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.890061] page_type: f5(slab) [ 32.890102] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.890154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.890213] page dumped because: kasan: bad access detected [ 32.890260] [ 32.890291] Memory state around the buggy address: [ 32.890339] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.890385] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.890429] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.890477] ^ [ 32.890530] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.890571] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.890612] ================================================================== [ 32.891630] ================================================================== [ 32.891693] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.892007] Write of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.892099] [ 32.892131] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.892384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.892757] Hardware name: linux,dummy-virt (DT) [ 32.892881] Call trace: [ 32.892947] show_stack+0x20/0x38 (C) [ 32.893092] dump_stack_lvl+0x8c/0xd0 [ 32.893241] print_report+0x118/0x5d0 [ 32.893401] kasan_report+0xdc/0x128 [ 32.893554] kasan_check_range+0x100/0x1a8 [ 32.893726] __kasan_check_write+0x20/0x30 [ 32.893947] copy_user_test_oob+0x434/0xec8 [ 32.894400] kunit_try_run_case+0x170/0x3f0 [ 32.894545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.894707] kthread+0x328/0x630 [ 32.894827] ret_from_fork+0x10/0x20 [ 32.894945] [ 32.895226] Allocated by task 316: [ 32.895375] kasan_save_stack+0x3c/0x68 [ 32.895478] kasan_save_track+0x20/0x40 [ 32.895737] kasan_save_alloc_info+0x40/0x58 [ 32.895840] __kasan_kmalloc+0xd4/0xd8 [ 32.895902] __kmalloc_noprof+0x198/0x4c8 [ 32.896107] kunit_kmalloc_array+0x34/0x88 [ 32.896442] copy_user_test_oob+0xac/0xec8 [ 32.896617] kunit_try_run_case+0x170/0x3f0 [ 32.896688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.896750] kthread+0x328/0x630 [ 32.896878] ret_from_fork+0x10/0x20 [ 32.897366] [ 32.897427] The buggy address belongs to the object at fff00000c85fcf00 [ 32.897427] which belongs to the cache kmalloc-128 of size 128 [ 32.897502] The buggy address is located 0 bytes inside of [ 32.897502] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.897855] [ 32.897905] The buggy address belongs to the physical page: [ 32.898091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.898149] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.898483] page_type: f5(slab) [ 32.898830] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.898912] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.898986] page dumped because: kasan: bad access detected [ 32.899166] [ 32.899235] Memory state around the buggy address: [ 32.899296] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.899688] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.899997] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.900119] ^ [ 32.900193] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.900295] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.900872] ================================================================== [ 32.858280] ================================================================== [ 32.858552] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.858922] Read of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.859001] [ 32.859038] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.859464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.859618] Hardware name: linux,dummy-virt (DT) [ 32.859821] Call trace: [ 32.859869] show_stack+0x20/0x38 (C) [ 32.859924] dump_stack_lvl+0x8c/0xd0 [ 32.859975] print_report+0x118/0x5d0 [ 32.860020] kasan_report+0xdc/0x128 [ 32.860076] kasan_check_range+0x100/0x1a8 [ 32.860122] __kasan_check_read+0x20/0x30 [ 32.860176] copy_user_test_oob+0x728/0xec8 [ 32.860226] kunit_try_run_case+0x170/0x3f0 [ 32.860276] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.860326] kthread+0x328/0x630 [ 32.860689] ret_from_fork+0x10/0x20 [ 32.861070] [ 32.861147] Allocated by task 316: [ 32.861213] kasan_save_stack+0x3c/0x68 [ 32.861261] kasan_save_track+0x20/0x40 [ 32.861325] kasan_save_alloc_info+0x40/0x58 [ 32.861538] __kasan_kmalloc+0xd4/0xd8 [ 32.861697] __kmalloc_noprof+0x198/0x4c8 [ 32.862118] kunit_kmalloc_array+0x34/0x88 [ 32.862299] copy_user_test_oob+0xac/0xec8 [ 32.862488] kunit_try_run_case+0x170/0x3f0 [ 32.862568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.862726] kthread+0x328/0x630 [ 32.862893] ret_from_fork+0x10/0x20 [ 32.863022] [ 32.863055] The buggy address belongs to the object at fff00000c85fcf00 [ 32.863055] which belongs to the cache kmalloc-128 of size 128 [ 32.863387] The buggy address is located 0 bytes inside of [ 32.863387] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.863498] [ 32.863625] The buggy address belongs to the physical page: [ 32.863665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.864027] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.864512] page_type: f5(slab) [ 32.864626] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.864681] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.865076] page dumped because: kasan: bad access detected [ 32.865190] [ 32.865446] Memory state around the buggy address: [ 32.865552] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.866113] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.866180] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.866353] ^ [ 32.866400] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.867006] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.867072] ================================================================== [ 32.842358] ================================================================== [ 32.842486] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.842586] Write of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.842640] [ 32.842689] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.842784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.842823] Hardware name: linux,dummy-virt (DT) [ 32.842859] Call trace: [ 32.842917] show_stack+0x20/0x38 (C) [ 32.842990] dump_stack_lvl+0x8c/0xd0 [ 32.843045] print_report+0x118/0x5d0 [ 32.843937] kasan_report+0xdc/0x128 [ 32.844177] kasan_check_range+0x100/0x1a8 [ 32.844438] __kasan_check_write+0x20/0x30 [ 32.844607] copy_user_test_oob+0x234/0xec8 [ 32.844774] kunit_try_run_case+0x170/0x3f0 [ 32.844862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.844939] kthread+0x328/0x630 [ 32.845301] ret_from_fork+0x10/0x20 [ 32.845700] [ 32.845803] Allocated by task 316: [ 32.845850] kasan_save_stack+0x3c/0x68 [ 32.845988] kasan_save_track+0x20/0x40 [ 32.846033] kasan_save_alloc_info+0x40/0x58 [ 32.846366] __kasan_kmalloc+0xd4/0xd8 [ 32.846453] __kmalloc_noprof+0x198/0x4c8 [ 32.846569] kunit_kmalloc_array+0x34/0x88 [ 32.846762] copy_user_test_oob+0xac/0xec8 [ 32.846892] kunit_try_run_case+0x170/0x3f0 [ 32.847025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.847092] kthread+0x328/0x630 [ 32.847562] ret_from_fork+0x10/0x20 [ 32.847638] [ 32.847737] The buggy address belongs to the object at fff00000c85fcf00 [ 32.847737] which belongs to the cache kmalloc-128 of size 128 [ 32.847843] The buggy address is located 0 bytes inside of [ 32.847843] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.847916] [ 32.848245] The buggy address belongs to the physical page: [ 32.848349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.848417] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.848474] page_type: f5(slab) [ 32.848739] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.848964] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.849100] page dumped because: kasan: bad access detected [ 32.849244] [ 32.849325] Memory state around the buggy address: [ 32.849492] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.849553] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.849879] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.849963] ^ [ 32.850189] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.850459] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.850686] ================================================================== [ 32.902888] ================================================================== [ 32.903033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.903131] Read of size 121 at addr fff00000c85fcf00 by task kunit_try_catch/316 [ 32.903284] [ 32.903318] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 32.903412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.903439] Hardware name: linux,dummy-virt (DT) [ 32.903749] Call trace: [ 32.904043] show_stack+0x20/0x38 (C) [ 32.904150] dump_stack_lvl+0x8c/0xd0 [ 32.904378] print_report+0x118/0x5d0 [ 32.904561] kasan_report+0xdc/0x128 [ 32.904623] kasan_check_range+0x100/0x1a8 [ 32.904671] __kasan_check_read+0x20/0x30 [ 32.904719] copy_user_test_oob+0x4a0/0xec8 [ 32.904768] kunit_try_run_case+0x170/0x3f0 [ 32.904952] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.905143] kthread+0x328/0x630 [ 32.905359] ret_from_fork+0x10/0x20 [ 32.905727] [ 32.905777] Allocated by task 316: [ 32.905889] kasan_save_stack+0x3c/0x68 [ 32.905999] kasan_save_track+0x20/0x40 [ 32.906141] kasan_save_alloc_info+0x40/0x58 [ 32.906241] __kasan_kmalloc+0xd4/0xd8 [ 32.906412] __kmalloc_noprof+0x198/0x4c8 [ 32.906458] kunit_kmalloc_array+0x34/0x88 [ 32.906834] copy_user_test_oob+0xac/0xec8 [ 32.907109] kunit_try_run_case+0x170/0x3f0 [ 32.907705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.907808] kthread+0x328/0x630 [ 32.907873] ret_from_fork+0x10/0x20 [ 32.908059] [ 32.908085] The buggy address belongs to the object at fff00000c85fcf00 [ 32.908085] which belongs to the cache kmalloc-128 of size 128 [ 32.908482] The buggy address is located 0 bytes inside of [ 32.908482] allocated 120-byte region [fff00000c85fcf00, fff00000c85fcf78) [ 32.908581] [ 32.908905] The buggy address belongs to the physical page: [ 32.908965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc [ 32.909022] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.909083] page_type: f5(slab) [ 32.909124] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.909616] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.909780] page dumped because: kasan: bad access detected [ 32.909821] [ 32.909843] Memory state around the buggy address: [ 32.910124] fff00000c85fce00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.910215] fff00000c85fce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.910398] >fff00000c85fcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.910467] ^ [ 32.910509] fff00000c85fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.910554] fff00000c85fd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.910595] ==================================================================
[ 28.421013] ================================================================== [ 28.421465] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.421741] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.421978] [ 28.422307] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.422373] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.422388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.422413] Call Trace: [ 28.422433] <TASK> [ 28.422455] dump_stack_lvl+0x73/0xb0 [ 28.422490] print_report+0xd1/0x610 [ 28.422515] ? __virt_addr_valid+0x1db/0x2d0 [ 28.422539] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.422590] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422614] kasan_report+0x141/0x180 [ 28.422636] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422690] kasan_check_range+0x10c/0x1c0 [ 28.422714] __kasan_check_write+0x18/0x20 [ 28.422738] copy_user_test_oob+0x3fd/0x10f0 [ 28.422764] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.422787] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.422819] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.422847] kunit_try_run_case+0x1a5/0x480 [ 28.422871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.422907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.422932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.422957] ? __kthread_parkme+0x82/0x180 [ 28.422980] ? preempt_count_sub+0x50/0x80 [ 28.423005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.423028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.423054] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.423080] kthread+0x337/0x6f0 [ 28.423102] ? trace_preempt_on+0x20/0xc0 [ 28.423127] ? __pfx_kthread+0x10/0x10 [ 28.423148] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.423171] ? calculate_sigpending+0x7b/0xa0 [ 28.423196] ? __pfx_kthread+0x10/0x10 [ 28.423219] ret_from_fork+0x116/0x1d0 [ 28.423240] ? __pfx_kthread+0x10/0x10 [ 28.423262] ret_from_fork_asm+0x1a/0x30 [ 28.423294] </TASK> [ 28.423307] [ 28.431943] Allocated by task 334: [ 28.432385] kasan_save_stack+0x45/0x70 [ 28.432687] kasan_save_track+0x18/0x40 [ 28.432902] kasan_save_alloc_info+0x3b/0x50 [ 28.433117] __kasan_kmalloc+0xb7/0xc0 [ 28.433459] __kmalloc_noprof+0x1c9/0x500 [ 28.433622] kunit_kmalloc_array+0x25/0x60 [ 28.434006] copy_user_test_oob+0xab/0x10f0 [ 28.434233] kunit_try_run_case+0x1a5/0x480 [ 28.434539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.434839] kthread+0x337/0x6f0 [ 28.434999] ret_from_fork+0x116/0x1d0 [ 28.435165] ret_from_fork_asm+0x1a/0x30 [ 28.435337] [ 28.435416] The buggy address belongs to the object at ffff888105919e00 [ 28.435416] which belongs to the cache kmalloc-128 of size 128 [ 28.435943] The buggy address is located 0 bytes inside of [ 28.435943] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.436411] [ 28.436506] The buggy address belongs to the physical page: [ 28.437288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.437587] flags: 0x200000000000000(node=0|zone=2) [ 28.438083] page_type: f5(slab) [ 28.438270] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.438708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.439104] page dumped because: kasan: bad access detected [ 28.439347] [ 28.439558] Memory state around the buggy address: [ 28.439746] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.440193] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.440570] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.440866] ^ [ 28.441275] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.441663] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.442071] ================================================================== [ 28.477332] ================================================================== [ 28.477699] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.478167] Read of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.478390] [ 28.478499] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.478553] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.478567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.478591] Call Trace: [ 28.478611] <TASK> [ 28.478632] dump_stack_lvl+0x73/0xb0 [ 28.478676] print_report+0xd1/0x610 [ 28.478700] ? __virt_addr_valid+0x1db/0x2d0 [ 28.478724] ? copy_user_test_oob+0x604/0x10f0 [ 28.478748] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.478775] ? copy_user_test_oob+0x604/0x10f0 [ 28.478798] kasan_report+0x141/0x180 [ 28.478821] ? copy_user_test_oob+0x604/0x10f0 [ 28.478850] kasan_check_range+0x10c/0x1c0 [ 28.478874] __kasan_check_read+0x15/0x20 [ 28.478898] copy_user_test_oob+0x604/0x10f0 [ 28.478923] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.478949] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.478980] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.479008] kunit_try_run_case+0x1a5/0x480 [ 28.479032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.479055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.479081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.479105] ? __kthread_parkme+0x82/0x180 [ 28.479128] ? preempt_count_sub+0x50/0x80 [ 28.479152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.479176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.479202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.479228] kthread+0x337/0x6f0 [ 28.479249] ? trace_preempt_on+0x20/0xc0 [ 28.479274] ? __pfx_kthread+0x10/0x10 [ 28.479296] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.479319] ? calculate_sigpending+0x7b/0xa0 [ 28.479358] ? __pfx_kthread+0x10/0x10 [ 28.479380] ret_from_fork+0x116/0x1d0 [ 28.479401] ? __pfx_kthread+0x10/0x10 [ 28.479423] ret_from_fork_asm+0x1a/0x30 [ 28.479456] </TASK> [ 28.479468] [ 28.486062] Allocated by task 334: [ 28.486246] kasan_save_stack+0x45/0x70 [ 28.486447] kasan_save_track+0x18/0x40 [ 28.486575] kasan_save_alloc_info+0x3b/0x50 [ 28.486839] __kasan_kmalloc+0xb7/0xc0 [ 28.487039] __kmalloc_noprof+0x1c9/0x500 [ 28.487218] kunit_kmalloc_array+0x25/0x60 [ 28.487396] copy_user_test_oob+0xab/0x10f0 [ 28.487569] kunit_try_run_case+0x1a5/0x480 [ 28.487719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.487980] kthread+0x337/0x6f0 [ 28.488146] ret_from_fork+0x116/0x1d0 [ 28.488283] ret_from_fork_asm+0x1a/0x30 [ 28.488432] [ 28.488524] The buggy address belongs to the object at ffff888105919e00 [ 28.488524] which belongs to the cache kmalloc-128 of size 128 [ 28.489112] The buggy address is located 0 bytes inside of [ 28.489112] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.489537] [ 28.489630] The buggy address belongs to the physical page: [ 28.489876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.490325] flags: 0x200000000000000(node=0|zone=2) [ 28.490546] page_type: f5(slab) [ 28.490719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.490957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.491176] page dumped because: kasan: bad access detected [ 28.491339] [ 28.491402] Memory state around the buggy address: [ 28.491551] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.491771] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.492021] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.492418] ^ [ 28.492754] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.493066] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.493362] ================================================================== [ 28.442840] ================================================================== [ 28.443448] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.443898] Read of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.444217] [ 28.444331] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.444387] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.444402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.444427] Call Trace: [ 28.444448] <TASK> [ 28.444470] dump_stack_lvl+0x73/0xb0 [ 28.444504] print_report+0xd1/0x610 [ 28.444528] ? __virt_addr_valid+0x1db/0x2d0 [ 28.444555] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.444605] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444629] kasan_report+0x141/0x180 [ 28.444665] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444693] kasan_check_range+0x10c/0x1c0 [ 28.444717] __kasan_check_read+0x15/0x20 [ 28.444740] copy_user_test_oob+0x4aa/0x10f0 [ 28.444767] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.444791] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.444823] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.444851] kunit_try_run_case+0x1a5/0x480 [ 28.444875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.444896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.444921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.444946] ? __kthread_parkme+0x82/0x180 [ 28.444969] ? preempt_count_sub+0x50/0x80 [ 28.444993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.445016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.445042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.445068] kthread+0x337/0x6f0 [ 28.445089] ? trace_preempt_on+0x20/0xc0 [ 28.445115] ? __pfx_kthread+0x10/0x10 [ 28.445136] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.445159] ? calculate_sigpending+0x7b/0xa0 [ 28.445184] ? __pfx_kthread+0x10/0x10 [ 28.445206] ret_from_fork+0x116/0x1d0 [ 28.445227] ? __pfx_kthread+0x10/0x10 [ 28.445249] ret_from_fork_asm+0x1a/0x30 [ 28.445281] </TASK> [ 28.445294] [ 28.451782] Allocated by task 334: [ 28.451972] kasan_save_stack+0x45/0x70 [ 28.452180] kasan_save_track+0x18/0x40 [ 28.452374] kasan_save_alloc_info+0x3b/0x50 [ 28.452569] __kasan_kmalloc+0xb7/0xc0 [ 28.452707] __kmalloc_noprof+0x1c9/0x500 [ 28.453008] kunit_kmalloc_array+0x25/0x60 [ 28.453213] copy_user_test_oob+0xab/0x10f0 [ 28.453393] kunit_try_run_case+0x1a5/0x480 [ 28.453531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.453796] kthread+0x337/0x6f0 [ 28.453960] ret_from_fork+0x116/0x1d0 [ 28.454158] ret_from_fork_asm+0x1a/0x30 [ 28.454293] [ 28.454358] The buggy address belongs to the object at ffff888105919e00 [ 28.454358] which belongs to the cache kmalloc-128 of size 128 [ 28.454954] The buggy address is located 0 bytes inside of [ 28.454954] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.455328] [ 28.455397] The buggy address belongs to the physical page: [ 28.455563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.455889] flags: 0x200000000000000(node=0|zone=2) [ 28.456120] page_type: f5(slab) [ 28.456284] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.456577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.456807] page dumped because: kasan: bad access detected [ 28.456972] [ 28.457035] Memory state around the buggy address: [ 28.457282] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.457598] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.458189] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.458503] ^ [ 28.458829] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.459080] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.459286] ================================================================== [ 28.460084] ================================================================== [ 28.461030] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.461326] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.461551] [ 28.461675] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.461731] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.461746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.461788] Call Trace: [ 28.461809] <TASK> [ 28.461830] dump_stack_lvl+0x73/0xb0 [ 28.461862] print_report+0xd1/0x610 [ 28.461885] ? __virt_addr_valid+0x1db/0x2d0 [ 28.461910] ? copy_user_test_oob+0x557/0x10f0 [ 28.461933] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.461960] ? copy_user_test_oob+0x557/0x10f0 [ 28.461984] kasan_report+0x141/0x180 [ 28.462007] ? copy_user_test_oob+0x557/0x10f0 [ 28.462035] kasan_check_range+0x10c/0x1c0 [ 28.462065] __kasan_check_write+0x18/0x20 [ 28.462088] copy_user_test_oob+0x557/0x10f0 [ 28.462114] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.462138] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.462171] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.462198] kunit_try_run_case+0x1a5/0x480 [ 28.462223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.462244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.462270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.462294] ? __kthread_parkme+0x82/0x180 [ 28.462317] ? preempt_count_sub+0x50/0x80 [ 28.462342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.462365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.462391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.462418] kthread+0x337/0x6f0 [ 28.462438] ? trace_preempt_on+0x20/0xc0 [ 28.462464] ? __pfx_kthread+0x10/0x10 [ 28.462486] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.462508] ? calculate_sigpending+0x7b/0xa0 [ 28.462534] ? __pfx_kthread+0x10/0x10 [ 28.462557] ret_from_fork+0x116/0x1d0 [ 28.462577] ? __pfx_kthread+0x10/0x10 [ 28.462600] ret_from_fork_asm+0x1a/0x30 [ 28.462633] </TASK> [ 28.462645] [ 28.469232] Allocated by task 334: [ 28.469425] kasan_save_stack+0x45/0x70 [ 28.469628] kasan_save_track+0x18/0x40 [ 28.469846] kasan_save_alloc_info+0x3b/0x50 [ 28.469991] __kasan_kmalloc+0xb7/0xc0 [ 28.470123] __kmalloc_noprof+0x1c9/0x500 [ 28.470257] kunit_kmalloc_array+0x25/0x60 [ 28.470455] copy_user_test_oob+0xab/0x10f0 [ 28.470667] kunit_try_run_case+0x1a5/0x480 [ 28.471022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.471280] kthread+0x337/0x6f0 [ 28.471424] ret_from_fork+0x116/0x1d0 [ 28.471593] ret_from_fork_asm+0x1a/0x30 [ 28.471837] [ 28.471911] The buggy address belongs to the object at ffff888105919e00 [ 28.471911] which belongs to the cache kmalloc-128 of size 128 [ 28.472382] The buggy address is located 0 bytes inside of [ 28.472382] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.472878] [ 28.472971] The buggy address belongs to the physical page: [ 28.473145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.473449] flags: 0x200000000000000(node=0|zone=2) [ 28.473689] page_type: f5(slab) [ 28.473955] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.474190] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.474410] page dumped because: kasan: bad access detected [ 28.474586] [ 28.474682] Memory state around the buggy address: [ 28.474897] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.475208] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.475517] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.476013] ^ [ 28.476271] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.476488] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.476728] ==================================================================