Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 83.322358] ================================================================== [ 83.329470] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 83.336501] Read of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 83.343964] [ 83.345446] CPU: 6 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 83.345500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 83.345517] Hardware name: WinLink E850-96 board (DT) [ 83.345537] Call trace: [ 83.345550] show_stack+0x20/0x38 (C) [ 83.345580] dump_stack_lvl+0x8c/0xd0 [ 83.345614] print_report+0x118/0x5d0 [ 83.345640] kasan_report+0xdc/0x128 [ 83.345665] kasan_check_range+0x100/0x1a8 [ 83.345698] __kasan_check_read+0x20/0x30 [ 83.345727] copy_user_test_oob+0x4a0/0xec8 [ 83.345761] kunit_try_run_case+0x170/0x3f0 [ 83.345795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.345828] kthread+0x328/0x630 [ 83.345856] ret_from_fork+0x10/0x20 [ 83.345888] [ 83.412800] Allocated by task 366: [ 83.416185] kasan_save_stack+0x3c/0x68 [ 83.420005] kasan_save_track+0x20/0x40 [ 83.423824] kasan_save_alloc_info+0x40/0x58 [ 83.428078] __kasan_kmalloc+0xd4/0xd8 [ 83.431810] __kmalloc_noprof+0x198/0x4c8 [ 83.435803] kunit_kmalloc_array+0x34/0x88 [ 83.439883] copy_user_test_oob+0xac/0xec8 [ 83.443963] kunit_try_run_case+0x170/0x3f0 [ 83.448129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.453598] kthread+0x328/0x630 [ 83.456810] ret_from_fork+0x10/0x20 [ 83.460369] [ 83.461846] The buggy address belongs to the object at ffff000800de4900 [ 83.461846] which belongs to the cache kmalloc-128 of size 128 [ 83.474345] The buggy address is located 0 bytes inside of [ 83.474345] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 83.486757] [ 83.488235] The buggy address belongs to the physical page: [ 83.493792] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 83.501775] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 83.509413] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 83.516357] page_type: f5(slab) [ 83.519490] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 83.527215] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.534941] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 83.542753] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.550565] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 83.558377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 83.566183] page dumped because: kasan: bad access detected [ 83.571738] [ 83.573214] Memory state around the buggy address: [ 83.577992] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.585197] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.592402] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 83.599603] ^ [ 83.606724] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.613929] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.621130] ================================================================== [ 81.786197] ================================================================== [ 81.798593] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 81.805621] Write of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 81.813171] [ 81.814659] CPU: 6 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 81.814721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 81.814740] Hardware name: WinLink E850-96 board (DT) [ 81.814763] Call trace: [ 81.814777] show_stack+0x20/0x38 (C) [ 81.814817] dump_stack_lvl+0x8c/0xd0 [ 81.814854] print_report+0x118/0x5d0 [ 81.814884] kasan_report+0xdc/0x128 [ 81.814911] kasan_check_range+0x100/0x1a8 [ 81.814944] __kasan_check_write+0x20/0x30 [ 81.814978] copy_user_test_oob+0x234/0xec8 [ 81.815014] kunit_try_run_case+0x170/0x3f0 [ 81.815045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.815082] kthread+0x328/0x630 [ 81.815111] ret_from_fork+0x10/0x20 [ 81.815147] [ 81.882096] Allocated by task 366: [ 81.885480] kasan_save_stack+0x3c/0x68 [ 81.889298] kasan_save_track+0x20/0x40 [ 81.893118] kasan_save_alloc_info+0x40/0x58 [ 81.897371] __kasan_kmalloc+0xd4/0xd8 [ 81.901104] __kmalloc_noprof+0x198/0x4c8 [ 81.905097] kunit_kmalloc_array+0x34/0x88 [ 81.909178] copy_user_test_oob+0xac/0xec8 [ 81.913256] kunit_try_run_case+0x170/0x3f0 [ 81.917423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 81.922892] kthread+0x328/0x630 [ 81.926104] ret_from_fork+0x10/0x20 [ 81.929662] [ 81.931140] The buggy address belongs to the object at ffff000800de4900 [ 81.931140] which belongs to the cache kmalloc-128 of size 128 [ 81.943641] The buggy address is located 0 bytes inside of [ 81.943641] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 81.956051] [ 81.957531] The buggy address belongs to the physical page: [ 81.963087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 81.971070] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.978711] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 81.985652] page_type: f5(slab) [ 81.988789] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 81.996509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.004238] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.012046] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.019859] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 82.027671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.035478] page dumped because: kasan: bad access detected [ 82.041032] [ 82.042508] Memory state around the buggy address: [ 82.047289] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.054492] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.061695] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.068896] ^ [ 82.076018] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.083224] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.090426] ================================================================== [ 82.710049] ================================================================== [ 82.717152] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 82.724183] Read of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 82.731647] [ 82.733131] CPU: 7 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 82.733183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.733200] Hardware name: WinLink E850-96 board (DT) [ 82.733222] Call trace: [ 82.733234] show_stack+0x20/0x38 (C) [ 82.733269] dump_stack_lvl+0x8c/0xd0 [ 82.733304] print_report+0x118/0x5d0 [ 82.733332] kasan_report+0xdc/0x128 [ 82.733358] kasan_check_range+0x100/0x1a8 [ 82.733388] __kasan_check_read+0x20/0x30 [ 82.733417] copy_user_test_oob+0x3c8/0xec8 [ 82.733451] kunit_try_run_case+0x170/0x3f0 [ 82.733482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.733516] kthread+0x328/0x630 [ 82.733542] ret_from_fork+0x10/0x20 [ 82.733572] [ 82.800483] Allocated by task 366: [ 82.803869] kasan_save_stack+0x3c/0x68 [ 82.807688] kasan_save_track+0x20/0x40 [ 82.811507] kasan_save_alloc_info+0x40/0x58 [ 82.815760] __kasan_kmalloc+0xd4/0xd8 [ 82.819493] __kmalloc_noprof+0x198/0x4c8 [ 82.823486] kunit_kmalloc_array+0x34/0x88 [ 82.827566] copy_user_test_oob+0xac/0xec8 [ 82.831646] kunit_try_run_case+0x170/0x3f0 [ 82.835812] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.841281] kthread+0x328/0x630 [ 82.844493] ret_from_fork+0x10/0x20 [ 82.848052] [ 82.849529] The buggy address belongs to the object at ffff000800de4900 [ 82.849529] which belongs to the cache kmalloc-128 of size 128 [ 82.862028] The buggy address is located 0 bytes inside of [ 82.862028] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 82.874440] [ 82.875918] The buggy address belongs to the physical page: [ 82.881475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 82.889457] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.897096] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.904040] page_type: f5(slab) [ 82.907175] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.914898] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.922624] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.930435] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.938248] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 82.946060] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.953865] page dumped because: kasan: bad access detected [ 82.959421] [ 82.960897] Memory state around the buggy address: [ 82.965679] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.972880] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.980085] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.987286] ^ [ 82.994407] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.001612] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.008813] ================================================================== [ 82.097926] ================================================================== [ 82.104841] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 82.111865] Read of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 82.119330] [ 82.120815] CPU: 7 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 82.120870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.120891] Hardware name: WinLink E850-96 board (DT) [ 82.120911] Call trace: [ 82.120926] show_stack+0x20/0x38 (C) [ 82.120963] dump_stack_lvl+0x8c/0xd0 [ 82.121000] print_report+0x118/0x5d0 [ 82.121030] kasan_report+0xdc/0x128 [ 82.121059] kasan_check_range+0x100/0x1a8 [ 82.121090] __kasan_check_read+0x20/0x30 [ 82.121121] copy_user_test_oob+0x728/0xec8 [ 82.121155] kunit_try_run_case+0x170/0x3f0 [ 82.121187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.121225] kthread+0x328/0x630 [ 82.121254] ret_from_fork+0x10/0x20 [ 82.121290] [ 82.188167] Allocated by task 366: [ 82.191554] kasan_save_stack+0x3c/0x68 [ 82.195372] kasan_save_track+0x20/0x40 [ 82.199190] kasan_save_alloc_info+0x40/0x58 [ 82.203443] __kasan_kmalloc+0xd4/0xd8 [ 82.207176] __kmalloc_noprof+0x198/0x4c8 [ 82.211169] kunit_kmalloc_array+0x34/0x88 [ 82.215248] copy_user_test_oob+0xac/0xec8 [ 82.219328] kunit_try_run_case+0x170/0x3f0 [ 82.223495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.228964] kthread+0x328/0x630 [ 82.232175] ret_from_fork+0x10/0x20 [ 82.235735] [ 82.237211] The buggy address belongs to the object at ffff000800de4900 [ 82.237211] which belongs to the cache kmalloc-128 of size 128 [ 82.249711] The buggy address is located 0 bytes inside of [ 82.249711] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 82.262123] [ 82.263602] The buggy address belongs to the physical page: [ 82.269159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 82.277142] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.284781] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.291724] page_type: f5(slab) [ 82.294860] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.302580] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.310308] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.318118] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.325931] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 82.333743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.341550] page dumped because: kasan: bad access detected [ 82.347104] [ 82.348580] Memory state around the buggy address: [ 82.353359] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.360563] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.367768] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.374968] ^ [ 82.382090] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.389294] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.396496] ================================================================== [ 82.404010] ================================================================== [ 82.410910] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 82.417938] Write of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 82.425488] [ 82.426973] CPU: 7 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 82.427033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 82.427051] Hardware name: WinLink E850-96 board (DT) [ 82.427073] Call trace: [ 82.427087] show_stack+0x20/0x38 (C) [ 82.427121] dump_stack_lvl+0x8c/0xd0 [ 82.427158] print_report+0x118/0x5d0 [ 82.427186] kasan_report+0xdc/0x128 [ 82.427211] kasan_check_range+0x100/0x1a8 [ 82.427242] __kasan_check_write+0x20/0x30 [ 82.427271] copy_user_test_oob+0x35c/0xec8 [ 82.427306] kunit_try_run_case+0x170/0x3f0 [ 82.427338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.427373] kthread+0x328/0x630 [ 82.427401] ret_from_fork+0x10/0x20 [ 82.427436] [ 82.494414] Allocated by task 366: [ 82.497800] kasan_save_stack+0x3c/0x68 [ 82.501616] kasan_save_track+0x20/0x40 [ 82.505435] kasan_save_alloc_info+0x40/0x58 [ 82.509689] __kasan_kmalloc+0xd4/0xd8 [ 82.513421] __kmalloc_noprof+0x198/0x4c8 [ 82.517414] kunit_kmalloc_array+0x34/0x88 [ 82.521494] copy_user_test_oob+0xac/0xec8 [ 82.525574] kunit_try_run_case+0x170/0x3f0 [ 82.529740] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 82.535209] kthread+0x328/0x630 [ 82.538421] ret_from_fork+0x10/0x20 [ 82.541979] [ 82.543457] The buggy address belongs to the object at ffff000800de4900 [ 82.543457] which belongs to the cache kmalloc-128 of size 128 [ 82.555955] The buggy address is located 0 bytes inside of [ 82.555955] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 82.568368] [ 82.569847] The buggy address belongs to the physical page: [ 82.575404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 82.583387] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.591027] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 82.597970] page_type: f5(slab) [ 82.601107] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.608826] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.616552] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 82.624363] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 82.632176] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 82.639988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 82.647795] page dumped because: kasan: bad access detected [ 82.653349] [ 82.654825] Memory state around the buggy address: [ 82.659606] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.666810] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.674012] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 82.681214] ^ [ 82.688335] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.695541] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.702743] ================================================================== [ 83.016199] ================================================================== [ 83.023225] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 83.030256] Write of size 121 at addr ffff000800de4900 by task kunit_try_catch/366 [ 83.037806] [ 83.039289] CPU: 6 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 83.039341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 83.039360] Hardware name: WinLink E850-96 board (DT) [ 83.039379] Call trace: [ 83.039392] show_stack+0x20/0x38 (C) [ 83.039425] dump_stack_lvl+0x8c/0xd0 [ 83.039460] print_report+0x118/0x5d0 [ 83.039486] kasan_report+0xdc/0x128 [ 83.039513] kasan_check_range+0x100/0x1a8 [ 83.039543] __kasan_check_write+0x20/0x30 [ 83.039572] copy_user_test_oob+0x434/0xec8 [ 83.039606] kunit_try_run_case+0x170/0x3f0 [ 83.039637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.039675] kthread+0x328/0x630 [ 83.039703] ret_from_fork+0x10/0x20 [ 83.039735] [ 83.106728] Allocated by task 366: [ 83.110117] kasan_save_stack+0x3c/0x68 [ 83.113933] kasan_save_track+0x20/0x40 [ 83.117752] kasan_save_alloc_info+0x40/0x58 [ 83.122006] __kasan_kmalloc+0xd4/0xd8 [ 83.125738] __kmalloc_noprof+0x198/0x4c8 [ 83.129731] kunit_kmalloc_array+0x34/0x88 [ 83.133811] copy_user_test_oob+0xac/0xec8 [ 83.137891] kunit_try_run_case+0x170/0x3f0 [ 83.142057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 83.147526] kthread+0x328/0x630 [ 83.150738] ret_from_fork+0x10/0x20 [ 83.154297] [ 83.155774] The buggy address belongs to the object at ffff000800de4900 [ 83.155774] which belongs to the cache kmalloc-128 of size 128 [ 83.168274] The buggy address is located 0 bytes inside of [ 83.168274] allocated 120-byte region [ffff000800de4900, ffff000800de4978) [ 83.180685] [ 83.182163] The buggy address belongs to the physical page: [ 83.187721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de4 [ 83.195704] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 83.203341] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 83.210286] page_type: f5(slab) [ 83.213419] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 83.221143] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.228870] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122 [ 83.236681] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 83.244494] head: 0bfffe0000000001 fffffdffe0037901 00000000ffffffff 00000000ffffffff [ 83.252305] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 83.260112] page dumped because: kasan: bad access detected [ 83.265667] [ 83.267142] Memory state around the buggy address: [ 83.271920] ffff000800de4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.279125] ffff000800de4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.286330] >ffff000800de4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 83.293531] ^ [ 83.300652] ffff000800de4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.307857] ffff000800de4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.315058] ==================================================================
[ 33.718299] ================================================================== [ 33.718380] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 33.718522] Read of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.718576] [ 33.718639] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.719150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.719217] Hardware name: linux,dummy-virt (DT) [ 33.719549] Call trace: [ 33.719659] show_stack+0x20/0x38 (C) [ 33.719930] dump_stack_lvl+0x8c/0xd0 [ 33.719984] print_report+0x118/0x5d0 [ 33.720747] kasan_report+0xdc/0x128 [ 33.720822] kasan_check_range+0x100/0x1a8 [ 33.720872] __kasan_check_read+0x20/0x30 [ 33.720922] copy_user_test_oob+0x728/0xec8 [ 33.721500] kunit_try_run_case+0x170/0x3f0 [ 33.721676] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.721742] kthread+0x328/0x630 [ 33.721803] ret_from_fork+0x10/0x20 [ 33.722133] [ 33.722157] Allocated by task 317: [ 33.722187] kasan_save_stack+0x3c/0x68 [ 33.722390] kasan_save_track+0x20/0x40 [ 33.722576] kasan_save_alloc_info+0x40/0x58 [ 33.722759] __kasan_kmalloc+0xd4/0xd8 [ 33.722993] __kmalloc_noprof+0x198/0x4c8 [ 33.723079] kunit_kmalloc_array+0x34/0x88 [ 33.723173] copy_user_test_oob+0xac/0xec8 [ 33.723344] kunit_try_run_case+0x170/0x3f0 [ 33.723386] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.723764] kthread+0x328/0x630 [ 33.724096] ret_from_fork+0x10/0x20 [ 33.724269] [ 33.724412] The buggy address belongs to the object at fff00000c64f9600 [ 33.724412] which belongs to the cache kmalloc-128 of size 128 [ 33.724815] The buggy address is located 0 bytes inside of [ 33.724815] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.725100] [ 33.725180] The buggy address belongs to the physical page: [ 33.725378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.725501] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.725567] page_type: f5(slab) [ 33.725684] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.725860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.726110] page dumped because: kasan: bad access detected [ 33.726166] [ 33.726187] Memory state around the buggy address: [ 33.726232] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.726446] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.726640] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.726880] ^ [ 33.727022] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.727343] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.727394] ================================================================== [ 33.696278] ================================================================== [ 33.699258] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 33.699379] Write of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.699445] [ 33.699498] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.699589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.699618] Hardware name: linux,dummy-virt (DT) [ 33.699653] Call trace: [ 33.699682] show_stack+0x20/0x38 (C) [ 33.699739] dump_stack_lvl+0x8c/0xd0 [ 33.699795] print_report+0x118/0x5d0 [ 33.699840] kasan_report+0xdc/0x128 [ 33.699888] kasan_check_range+0x100/0x1a8 [ 33.699939] __kasan_check_write+0x20/0x30 [ 33.699986] copy_user_test_oob+0x234/0xec8 [ 33.700037] kunit_try_run_case+0x170/0x3f0 [ 33.700089] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.700146] kthread+0x328/0x630 [ 33.700193] ret_from_fork+0x10/0x20 [ 33.700246] [ 33.700269] Allocated by task 317: [ 33.700300] kasan_save_stack+0x3c/0x68 [ 33.700348] kasan_save_track+0x20/0x40 [ 33.700388] kasan_save_alloc_info+0x40/0x58 [ 33.700429] __kasan_kmalloc+0xd4/0xd8 [ 33.700480] __kmalloc_noprof+0x198/0x4c8 [ 33.700525] kunit_kmalloc_array+0x34/0x88 [ 33.700573] copy_user_test_oob+0xac/0xec8 [ 33.700615] kunit_try_run_case+0x170/0x3f0 [ 33.700665] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.700710] kthread+0x328/0x630 [ 33.700807] ret_from_fork+0x10/0x20 [ 33.700948] [ 33.701012] The buggy address belongs to the object at fff00000c64f9600 [ 33.701012] which belongs to the cache kmalloc-128 of size 128 [ 33.701111] The buggy address is located 0 bytes inside of [ 33.701111] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.701544] [ 33.701579] The buggy address belongs to the physical page: [ 33.701618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.701977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.702060] page_type: f5(slab) [ 33.702116] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.702175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.702218] page dumped because: kasan: bad access detected [ 33.702255] [ 33.702276] Memory state around the buggy address: [ 33.702313] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.703001] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.703061] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.703103] ^ [ 33.703157] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.703410] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.703650] ================================================================== [ 33.741078] ================================================================== [ 33.741139] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 33.742025] Write of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.742118] [ 33.742166] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.742254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.742309] Hardware name: linux,dummy-virt (DT) [ 33.742343] Call trace: [ 33.742384] show_stack+0x20/0x38 (C) [ 33.742661] dump_stack_lvl+0x8c/0xd0 [ 33.742917] print_report+0x118/0x5d0 [ 33.743410] kasan_report+0xdc/0x128 [ 33.743712] kasan_check_range+0x100/0x1a8 [ 33.744045] __kasan_check_write+0x20/0x30 [ 33.744494] copy_user_test_oob+0x35c/0xec8 [ 33.744673] kunit_try_run_case+0x170/0x3f0 [ 33.744723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.745276] kthread+0x328/0x630 [ 33.745363] ret_from_fork+0x10/0x20 [ 33.745416] [ 33.745737] Allocated by task 317: [ 33.745791] kasan_save_stack+0x3c/0x68 [ 33.745839] kasan_save_track+0x20/0x40 [ 33.745891] kasan_save_alloc_info+0x40/0x58 [ 33.745931] __kasan_kmalloc+0xd4/0xd8 [ 33.746073] __kmalloc_noprof+0x198/0x4c8 [ 33.746121] kunit_kmalloc_array+0x34/0x88 [ 33.746183] copy_user_test_oob+0xac/0xec8 [ 33.746448] kunit_try_run_case+0x170/0x3f0 [ 33.746498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.746550] kthread+0x328/0x630 [ 33.746586] ret_from_fork+0x10/0x20 [ 33.746625] [ 33.747053] The buggy address belongs to the object at fff00000c64f9600 [ 33.747053] which belongs to the cache kmalloc-128 of size 128 [ 33.747141] The buggy address is located 0 bytes inside of [ 33.747141] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.747319] [ 33.747517] The buggy address belongs to the physical page: [ 33.747554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.747613] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.748041] page_type: f5(slab) [ 33.748095] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.748165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.748362] page dumped because: kasan: bad access detected [ 33.748397] [ 33.748418] Memory state around the buggy address: [ 33.748462] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.748511] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.748557] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.748598] ^ [ 33.748924] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.748988] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.749028] ================================================================== [ 33.774196] ================================================================== [ 33.774258] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 33.774750] Read of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.775020] [ 33.775227] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.775359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.775824] Hardware name: linux,dummy-virt (DT) [ 33.775875] Call trace: [ 33.775899] show_stack+0x20/0x38 (C) [ 33.775953] dump_stack_lvl+0x8c/0xd0 [ 33.776144] print_report+0x118/0x5d0 [ 33.776347] kasan_report+0xdc/0x128 [ 33.776516] kasan_check_range+0x100/0x1a8 [ 33.776663] __kasan_check_read+0x20/0x30 [ 33.776899] copy_user_test_oob+0x4a0/0xec8 [ 33.776976] kunit_try_run_case+0x170/0x3f0 [ 33.777109] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.777167] kthread+0x328/0x630 [ 33.777210] ret_from_fork+0x10/0x20 [ 33.777925] [ 33.777969] Allocated by task 317: [ 33.778088] kasan_save_stack+0x3c/0x68 [ 33.778137] kasan_save_track+0x20/0x40 [ 33.778181] kasan_save_alloc_info+0x40/0x58 [ 33.778236] __kasan_kmalloc+0xd4/0xd8 [ 33.778279] __kmalloc_noprof+0x198/0x4c8 [ 33.778321] kunit_kmalloc_array+0x34/0x88 [ 33.779133] copy_user_test_oob+0xac/0xec8 [ 33.779482] kunit_try_run_case+0x170/0x3f0 [ 33.779693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.779886] kthread+0x328/0x630 [ 33.779923] ret_from_fork+0x10/0x20 [ 33.780225] [ 33.780520] The buggy address belongs to the object at fff00000c64f9600 [ 33.780520] which belongs to the cache kmalloc-128 of size 128 [ 33.780808] The buggy address is located 0 bytes inside of [ 33.780808] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.781113] [ 33.781138] The buggy address belongs to the physical page: [ 33.781457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.781736] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.781806] page_type: f5(slab) [ 33.781847] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.781901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.781943] page dumped because: kasan: bad access detected [ 33.781977] [ 33.781998] Memory state around the buggy address: [ 33.782031] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.782076] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.782257] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.782334] ^ [ 33.782467] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.782514] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.782555] ================================================================== [ 33.750861] ================================================================== [ 33.750916] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 33.750969] Read of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.751019] [ 33.751716] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.752295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.752338] Hardware name: linux,dummy-virt (DT) [ 33.752371] Call trace: [ 33.752395] show_stack+0x20/0x38 (C) [ 33.752764] dump_stack_lvl+0x8c/0xd0 [ 33.752870] print_report+0x118/0x5d0 [ 33.752918] kasan_report+0xdc/0x128 [ 33.753039] kasan_check_range+0x100/0x1a8 [ 33.753300] __kasan_check_read+0x20/0x30 [ 33.753651] copy_user_test_oob+0x3c8/0xec8 [ 33.753973] kunit_try_run_case+0x170/0x3f0 [ 33.754024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.754078] kthread+0x328/0x630 [ 33.754121] ret_from_fork+0x10/0x20 [ 33.754171] [ 33.754191] Allocated by task 317: [ 33.754219] kasan_save_stack+0x3c/0x68 [ 33.754265] kasan_save_track+0x20/0x40 [ 33.754307] kasan_save_alloc_info+0x40/0x58 [ 33.754707] __kasan_kmalloc+0xd4/0xd8 [ 33.754887] __kmalloc_noprof+0x198/0x4c8 [ 33.754929] kunit_kmalloc_array+0x34/0x88 [ 33.754969] copy_user_test_oob+0xac/0xec8 [ 33.755256] kunit_try_run_case+0x170/0x3f0 [ 33.755596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.755670] kthread+0x328/0x630 [ 33.755977] ret_from_fork+0x10/0x20 [ 33.756186] [ 33.756303] The buggy address belongs to the object at fff00000c64f9600 [ 33.756303] which belongs to the cache kmalloc-128 of size 128 [ 33.756370] The buggy address is located 0 bytes inside of [ 33.756370] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.756724] [ 33.757033] The buggy address belongs to the physical page: [ 33.757381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.757459] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.757545] page_type: f5(slab) [ 33.757586] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.758191] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.758649] page dumped because: kasan: bad access detected [ 33.758690] [ 33.758711] Memory state around the buggy address: [ 33.758872] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.758921] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.759155] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.759554] ^ [ 33.759780] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.759999] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.760040] ================================================================== [ 33.761247] ================================================================== [ 33.761592] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 33.762019] Write of size 121 at addr fff00000c64f9600 by task kunit_try_catch/317 [ 33.762213] [ 33.762248] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 33.762672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.762706] Hardware name: linux,dummy-virt (DT) [ 33.763051] Call trace: [ 33.763261] show_stack+0x20/0x38 (C) [ 33.763479] dump_stack_lvl+0x8c/0xd0 [ 33.763542] print_report+0x118/0x5d0 [ 33.763864] kasan_report+0xdc/0x128 [ 33.764198] kasan_check_range+0x100/0x1a8 [ 33.764255] __kasan_check_write+0x20/0x30 [ 33.764376] copy_user_test_oob+0x434/0xec8 [ 33.764536] kunit_try_run_case+0x170/0x3f0 [ 33.765070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.765328] kthread+0x328/0x630 [ 33.765390] ret_from_fork+0x10/0x20 [ 33.765965] [ 33.766246] Allocated by task 317: [ 33.766286] kasan_save_stack+0x3c/0x68 [ 33.766379] kasan_save_track+0x20/0x40 [ 33.766445] kasan_save_alloc_info+0x40/0x58 [ 33.766622] __kasan_kmalloc+0xd4/0xd8 [ 33.766667] __kmalloc_noprof+0x198/0x4c8 [ 33.766710] kunit_kmalloc_array+0x34/0x88 [ 33.767194] copy_user_test_oob+0xac/0xec8 [ 33.767474] kunit_try_run_case+0x170/0x3f0 [ 33.767772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.767867] kthread+0x328/0x630 [ 33.768001] ret_from_fork+0x10/0x20 [ 33.768048] [ 33.768423] The buggy address belongs to the object at fff00000c64f9600 [ 33.768423] which belongs to the cache kmalloc-128 of size 128 [ 33.768658] The buggy address is located 0 bytes inside of [ 33.768658] allocated 120-byte region [fff00000c64f9600, fff00000c64f9678) [ 33.768788] [ 33.768934] The buggy address belongs to the physical page: [ 33.769208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f9 [ 33.769297] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.769412] page_type: f5(slab) [ 33.769529] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.769590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.770038] page dumped because: kasan: bad access detected [ 33.770263] [ 33.770545] Memory state around the buggy address: [ 33.770600] fff00000c64f9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.770654] fff00000c64f9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.770705] >fff00000c64f9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.771264] ^ [ 33.771332] fff00000c64f9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.771444] fff00000c64f9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.771783] ==================================================================
[ 28.093282] ================================================================== [ 28.093820] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.094229] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.094468] [ 28.094567] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.094613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.094627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.094649] Call Trace: [ 28.094663] <TASK> [ 28.094680] dump_stack_lvl+0x73/0xb0 [ 28.094708] print_report+0xd1/0x610 [ 28.094732] ? __virt_addr_valid+0x1db/0x2d0 [ 28.094756] ? copy_user_test_oob+0x557/0x10f0 [ 28.094779] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.094806] ? copy_user_test_oob+0x557/0x10f0 [ 28.094830] kasan_report+0x141/0x180 [ 28.094853] ? copy_user_test_oob+0x557/0x10f0 [ 28.094881] kasan_check_range+0x10c/0x1c0 [ 28.094905] __kasan_check_write+0x18/0x20 [ 28.094929] copy_user_test_oob+0x557/0x10f0 [ 28.094955] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.094979] ? finish_task_switch.isra.0+0x153/0x700 [ 28.095001] ? __switch_to+0x47/0xf80 [ 28.095028] ? __schedule+0x10cc/0x2b60 [ 28.095049] ? __pfx_read_tsc+0x10/0x10 [ 28.095071] ? ktime_get_ts64+0x86/0x230 [ 28.095112] kunit_try_run_case+0x1a5/0x480 [ 28.095138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.095184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.095207] ? __kthread_parkme+0x82/0x180 [ 28.095228] ? preempt_count_sub+0x50/0x80 [ 28.095278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.095346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.095373] kthread+0x337/0x6f0 [ 28.095408] ? trace_preempt_on+0x20/0xc0 [ 28.095446] ? __pfx_kthread+0x10/0x10 [ 28.095481] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.095521] ? calculate_sigpending+0x7b/0xa0 [ 28.095586] ? __pfx_kthread+0x10/0x10 [ 28.095609] ret_from_fork+0x116/0x1d0 [ 28.095642] ? __pfx_kthread+0x10/0x10 [ 28.095683] ret_from_fork_asm+0x1a/0x30 [ 28.095734] </TASK> [ 28.095748] [ 28.103175] Allocated by task 333: [ 28.103324] kasan_save_stack+0x45/0x70 [ 28.103547] kasan_save_track+0x18/0x40 [ 28.103760] kasan_save_alloc_info+0x3b/0x50 [ 28.103954] __kasan_kmalloc+0xb7/0xc0 [ 28.104153] __kmalloc_noprof+0x1c9/0x500 [ 28.104345] kunit_kmalloc_array+0x25/0x60 [ 28.104553] copy_user_test_oob+0xab/0x10f0 [ 28.104832] kunit_try_run_case+0x1a5/0x480 [ 28.104968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.105134] kthread+0x337/0x6f0 [ 28.105317] ret_from_fork+0x116/0x1d0 [ 28.105497] ret_from_fork_asm+0x1a/0x30 [ 28.105712] [ 28.105910] The buggy address belongs to the object at ffff8881060ab300 [ 28.105910] which belongs to the cache kmalloc-128 of size 128 [ 28.106367] The buggy address is located 0 bytes inside of [ 28.106367] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.107045] [ 28.107136] The buggy address belongs to the physical page: [ 28.107373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.107657] flags: 0x200000000000000(node=0|zone=2) [ 28.107897] page_type: f5(slab) [ 28.108084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.108388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.108714] page dumped because: kasan: bad access detected [ 28.108914] [ 28.108976] Memory state around the buggy address: [ 28.109118] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.109319] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.109519] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.109948] ^ [ 28.110245] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.110593] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.110958] ================================================================== [ 28.074002] ================================================================== [ 28.074454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.075013] Read of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.075321] [ 28.075396] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.075441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.075455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.075475] Call Trace: [ 28.075489] <TASK> [ 28.075504] dump_stack_lvl+0x73/0xb0 [ 28.075544] print_report+0xd1/0x610 [ 28.075569] ? __virt_addr_valid+0x1db/0x2d0 [ 28.075594] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075618] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.075656] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075681] kasan_report+0x141/0x180 [ 28.075704] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075758] kasan_check_range+0x10c/0x1c0 [ 28.075783] __kasan_check_read+0x15/0x20 [ 28.075807] copy_user_test_oob+0x4aa/0x10f0 [ 28.075834] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.075857] ? finish_task_switch.isra.0+0x153/0x700 [ 28.075880] ? __switch_to+0x47/0xf80 [ 28.075907] ? __schedule+0x10cc/0x2b60 [ 28.075931] ? __pfx_read_tsc+0x10/0x10 [ 28.075952] ? ktime_get_ts64+0x86/0x230 [ 28.075993] kunit_try_run_case+0x1a5/0x480 [ 28.076018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.076090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.076128] ? __kthread_parkme+0x82/0x180 [ 28.076162] ? preempt_count_sub+0x50/0x80 [ 28.076212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.076291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.076331] kthread+0x337/0x6f0 [ 28.076352] ? trace_preempt_on+0x20/0xc0 [ 28.076376] ? __pfx_kthread+0x10/0x10 [ 28.076398] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.076423] ? calculate_sigpending+0x7b/0xa0 [ 28.076448] ? __pfx_kthread+0x10/0x10 [ 28.076471] ret_from_fork+0x116/0x1d0 [ 28.076491] ? __pfx_kthread+0x10/0x10 [ 28.076513] ret_from_fork_asm+0x1a/0x30 [ 28.076556] </TASK> [ 28.076568] [ 28.084862] Allocated by task 333: [ 28.085031] kasan_save_stack+0x45/0x70 [ 28.085223] kasan_save_track+0x18/0x40 [ 28.085405] kasan_save_alloc_info+0x3b/0x50 [ 28.085612] __kasan_kmalloc+0xb7/0xc0 [ 28.085926] __kmalloc_noprof+0x1c9/0x500 [ 28.086062] kunit_kmalloc_array+0x25/0x60 [ 28.086195] copy_user_test_oob+0xab/0x10f0 [ 28.086327] kunit_try_run_case+0x1a5/0x480 [ 28.086461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086815] kthread+0x337/0x6f0 [ 28.086971] ret_from_fork+0x116/0x1d0 [ 28.087095] ret_from_fork_asm+0x1a/0x30 [ 28.087304] [ 28.087395] The buggy address belongs to the object at ffff8881060ab300 [ 28.087395] which belongs to the cache kmalloc-128 of size 128 [ 28.087924] The buggy address is located 0 bytes inside of [ 28.087924] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.088422] [ 28.088508] The buggy address belongs to the physical page: [ 28.088754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.089085] flags: 0x200000000000000(node=0|zone=2) [ 28.089317] page_type: f5(slab) [ 28.089467] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.089788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.090107] page dumped because: kasan: bad access detected [ 28.090346] [ 28.090432] Memory state around the buggy address: [ 28.090681] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.090932] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.091218] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.091528] ^ [ 28.091851] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.092175] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.092547] ================================================================== [ 28.111709] ================================================================== [ 28.112213] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.112596] Read of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.112848] [ 28.112950] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.113000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.113013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.113035] Call Trace: [ 28.113052] <TASK> [ 28.113068] dump_stack_lvl+0x73/0xb0 [ 28.113097] print_report+0xd1/0x610 [ 28.113121] ? __virt_addr_valid+0x1db/0x2d0 [ 28.113146] ? copy_user_test_oob+0x604/0x10f0 [ 28.113170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.113197] ? copy_user_test_oob+0x604/0x10f0 [ 28.113222] kasan_report+0x141/0x180 [ 28.113245] ? copy_user_test_oob+0x604/0x10f0 [ 28.113275] kasan_check_range+0x10c/0x1c0 [ 28.113299] __kasan_check_read+0x15/0x20 [ 28.113323] copy_user_test_oob+0x604/0x10f0 [ 28.113351] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.113375] ? finish_task_switch.isra.0+0x153/0x700 [ 28.113398] ? __switch_to+0x47/0xf80 [ 28.113426] ? __schedule+0x10cc/0x2b60 [ 28.113448] ? __pfx_read_tsc+0x10/0x10 [ 28.113470] ? ktime_get_ts64+0x86/0x230 [ 28.113495] kunit_try_run_case+0x1a5/0x480 [ 28.113519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.113551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.113575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.113599] ? __kthread_parkme+0x82/0x180 [ 28.113620] ? preempt_count_sub+0x50/0x80 [ 28.113644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.113668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.113695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.113723] kthread+0x337/0x6f0 [ 28.113743] ? trace_preempt_on+0x20/0xc0 [ 28.113768] ? __pfx_kthread+0x10/0x10 [ 28.113790] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.113816] ? calculate_sigpending+0x7b/0xa0 [ 28.113842] ? __pfx_kthread+0x10/0x10 [ 28.113864] ret_from_fork+0x116/0x1d0 [ 28.113885] ? __pfx_kthread+0x10/0x10 [ 28.113906] ret_from_fork_asm+0x1a/0x30 [ 28.113940] </TASK> [ 28.113951] [ 28.123020] Allocated by task 333: [ 28.123186] kasan_save_stack+0x45/0x70 [ 28.123389] kasan_save_track+0x18/0x40 [ 28.124691] kasan_save_alloc_info+0x3b/0x50 [ 28.124871] __kasan_kmalloc+0xb7/0xc0 [ 28.125004] __kmalloc_noprof+0x1c9/0x500 [ 28.125147] kunit_kmalloc_array+0x25/0x60 [ 28.125284] copy_user_test_oob+0xab/0x10f0 [ 28.125423] kunit_try_run_case+0x1a5/0x480 [ 28.125576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.125758] kthread+0x337/0x6f0 [ 28.125936] ret_from_fork+0x116/0x1d0 [ 28.126122] ret_from_fork_asm+0x1a/0x30 [ 28.126504] [ 28.126719] The buggy address belongs to the object at ffff8881060ab300 [ 28.126719] which belongs to the cache kmalloc-128 of size 128 [ 28.127587] The buggy address is located 0 bytes inside of [ 28.127587] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.128442] [ 28.128570] The buggy address belongs to the physical page: [ 28.129075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.129769] flags: 0x200000000000000(node=0|zone=2) [ 28.130078] page_type: f5(slab) [ 28.130195] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.130421] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.130742] page dumped because: kasan: bad access detected [ 28.130964] [ 28.131033] Memory state around the buggy address: [ 28.131268] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.131512] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.131855] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.132166] ^ [ 28.132463] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.132709] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.133689] ================================================================== [ 28.056507] ================================================================== [ 28.056954] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.057288] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.057611] [ 28.057693] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.057761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.057775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.057798] Call Trace: [ 28.057811] <TASK> [ 28.057827] dump_stack_lvl+0x73/0xb0 [ 28.057856] print_report+0xd1/0x610 [ 28.057880] ? __virt_addr_valid+0x1db/0x2d0 [ 28.057903] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.057928] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.057955] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.058000] kasan_report+0x141/0x180 [ 28.058024] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.058053] kasan_check_range+0x10c/0x1c0 [ 28.058078] __kasan_check_write+0x18/0x20 [ 28.058102] copy_user_test_oob+0x3fd/0x10f0 [ 28.058128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.058152] ? finish_task_switch.isra.0+0x153/0x700 [ 28.058175] ? __switch_to+0x47/0xf80 [ 28.058202] ? __schedule+0x10cc/0x2b60 [ 28.058243] ? __pfx_read_tsc+0x10/0x10 [ 28.058266] ? ktime_get_ts64+0x86/0x230 [ 28.058291] kunit_try_run_case+0x1a5/0x480 [ 28.058315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.058360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.058400] ? __kthread_parkme+0x82/0x180 [ 28.058421] ? preempt_count_sub+0x50/0x80 [ 28.058445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.058502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.058541] kthread+0x337/0x6f0 [ 28.058562] ? trace_preempt_on+0x20/0xc0 [ 28.058586] ? __pfx_kthread+0x10/0x10 [ 28.058608] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.058643] ? calculate_sigpending+0x7b/0xa0 [ 28.058668] ? __pfx_kthread+0x10/0x10 [ 28.058691] ret_from_fork+0x116/0x1d0 [ 28.058711] ? __pfx_kthread+0x10/0x10 [ 28.058733] ret_from_fork_asm+0x1a/0x30 [ 28.058765] </TASK> [ 28.058776] [ 28.066009] Allocated by task 333: [ 28.066207] kasan_save_stack+0x45/0x70 [ 28.066406] kasan_save_track+0x18/0x40 [ 28.066632] kasan_save_alloc_info+0x3b/0x50 [ 28.066840] __kasan_kmalloc+0xb7/0xc0 [ 28.066969] __kmalloc_noprof+0x1c9/0x500 [ 28.067170] kunit_kmalloc_array+0x25/0x60 [ 28.067378] copy_user_test_oob+0xab/0x10f0 [ 28.067613] kunit_try_run_case+0x1a5/0x480 [ 28.067813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.068052] kthread+0x337/0x6f0 [ 28.068189] ret_from_fork+0x116/0x1d0 [ 28.068352] ret_from_fork_asm+0x1a/0x30 [ 28.068542] [ 28.068639] The buggy address belongs to the object at ffff8881060ab300 [ 28.068639] which belongs to the cache kmalloc-128 of size 128 [ 28.069132] The buggy address is located 0 bytes inside of [ 28.069132] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.069612] [ 28.069705] The buggy address belongs to the physical page: [ 28.069895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.070251] flags: 0x200000000000000(node=0|zone=2) [ 28.070439] page_type: f5(slab) [ 28.070613] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.070930] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.071257] page dumped because: kasan: bad access detected [ 28.071445] [ 28.071543] Memory state around the buggy address: [ 28.071817] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.072131] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.072431] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.072697] ^ [ 28.072896] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073202] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073510] ==================================================================