Date
July 16, 2025, 12:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.702927] ================================================================== [ 33.703053] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 33.703110] Read of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.703417] [ 33.703465] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.703572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.703982] Hardware name: linux,dummy-virt (DT) [ 33.704062] Call trace: [ 33.704175] show_stack+0x20/0x38 (C) [ 33.704385] dump_stack_lvl+0x8c/0xd0 [ 33.704456] print_report+0x118/0x5d0 [ 33.704503] kasan_report+0xdc/0x128 [ 33.704711] kasan_check_range+0x100/0x1a8 [ 33.705131] __kasan_check_read+0x20/0x30 [ 33.705310] copy_user_test_oob+0x3c8/0xec8 [ 33.705482] kunit_try_run_case+0x170/0x3f0 [ 33.705714] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.705953] kthread+0x328/0x630 [ 33.706159] ret_from_fork+0x10/0x20 [ 33.706346] [ 33.706427] Allocated by task 316: [ 33.706586] kasan_save_stack+0x3c/0x68 [ 33.706656] kasan_save_track+0x20/0x40 [ 33.706723] kasan_save_alloc_info+0x40/0x58 [ 33.706765] __kasan_kmalloc+0xd4/0xd8 [ 33.706804] __kmalloc_noprof+0x198/0x4c8 [ 33.706846] kunit_kmalloc_array+0x34/0x88 [ 33.706928] copy_user_test_oob+0xac/0xec8 [ 33.706983] kunit_try_run_case+0x170/0x3f0 [ 33.707024] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.707068] kthread+0x328/0x630 [ 33.707105] ret_from_fork+0x10/0x20 [ 33.707142] [ 33.707166] The buggy address belongs to the object at fff00000c9bb7300 [ 33.707166] which belongs to the cache kmalloc-128 of size 128 [ 33.707237] The buggy address is located 0 bytes inside of [ 33.707237] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.707314] [ 33.707351] The buggy address belongs to the physical page: [ 33.707384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.707439] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.707489] page_type: f5(slab) [ 33.707548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.707613] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.707658] page dumped because: kasan: bad access detected [ 33.707702] [ 33.707737] Memory state around the buggy address: [ 33.707772] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.708449] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.708537] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.708600] ^ [ 33.708668] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.708848] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.709250] ================================================================== [ 33.657947] ================================================================== [ 33.658064] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 33.658298] Write of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.658354] [ 33.658724] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.659147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.659678] Hardware name: linux,dummy-virt (DT) [ 33.659761] Call trace: [ 33.659842] show_stack+0x20/0x38 (C) [ 33.660006] dump_stack_lvl+0x8c/0xd0 [ 33.660110] print_report+0x118/0x5d0 [ 33.660223] kasan_report+0xdc/0x128 [ 33.660523] kasan_check_range+0x100/0x1a8 [ 33.660795] __kasan_check_write+0x20/0x30 [ 33.660988] copy_user_test_oob+0x234/0xec8 [ 33.661044] kunit_try_run_case+0x170/0x3f0 [ 33.661247] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.661492] kthread+0x328/0x630 [ 33.661607] ret_from_fork+0x10/0x20 [ 33.661761] [ 33.661847] Allocated by task 316: [ 33.662107] kasan_save_stack+0x3c/0x68 [ 33.662324] kasan_save_track+0x20/0x40 [ 33.662396] kasan_save_alloc_info+0x40/0x58 [ 33.662437] __kasan_kmalloc+0xd4/0xd8 [ 33.662487] __kmalloc_noprof+0x198/0x4c8 [ 33.662542] kunit_kmalloc_array+0x34/0x88 [ 33.662584] copy_user_test_oob+0xac/0xec8 [ 33.662625] kunit_try_run_case+0x170/0x3f0 [ 33.662666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.662713] kthread+0x328/0x630 [ 33.662750] ret_from_fork+0x10/0x20 [ 33.662788] [ 33.662811] The buggy address belongs to the object at fff00000c9bb7300 [ 33.662811] which belongs to the cache kmalloc-128 of size 128 [ 33.662886] The buggy address is located 0 bytes inside of [ 33.662886] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.662956] [ 33.662990] The buggy address belongs to the physical page: [ 33.663032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.663099] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.663163] page_type: f5(slab) [ 33.663219] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.663282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.663353] page dumped because: kasan: bad access detected [ 33.663389] [ 33.663418] Memory state around the buggy address: [ 33.663480] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.663538] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.664132] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.664204] ^ [ 33.664314] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.664536] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.664891] ================================================================== [ 33.721614] ================================================================== [ 33.721669] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 33.721721] Read of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.721774] [ 33.722106] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.722357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.722822] Hardware name: linux,dummy-virt (DT) [ 33.723083] Call trace: [ 33.723338] show_stack+0x20/0x38 (C) [ 33.723413] dump_stack_lvl+0x8c/0xd0 [ 33.723471] print_report+0x118/0x5d0 [ 33.723701] kasan_report+0xdc/0x128 [ 33.723766] kasan_check_range+0x100/0x1a8 [ 33.724010] __kasan_check_read+0x20/0x30 [ 33.724167] copy_user_test_oob+0x4a0/0xec8 [ 33.724274] kunit_try_run_case+0x170/0x3f0 [ 33.724625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.724783] kthread+0x328/0x630 [ 33.724972] ret_from_fork+0x10/0x20 [ 33.725140] [ 33.725246] Allocated by task 316: [ 33.725335] kasan_save_stack+0x3c/0x68 [ 33.725739] kasan_save_track+0x20/0x40 [ 33.725799] kasan_save_alloc_info+0x40/0x58 [ 33.726015] __kasan_kmalloc+0xd4/0xd8 [ 33.726080] __kmalloc_noprof+0x198/0x4c8 [ 33.726263] kunit_kmalloc_array+0x34/0x88 [ 33.726394] copy_user_test_oob+0xac/0xec8 [ 33.726892] kunit_try_run_case+0x170/0x3f0 [ 33.726970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.727435] kthread+0x328/0x630 [ 33.727801] ret_from_fork+0x10/0x20 [ 33.727939] [ 33.728036] The buggy address belongs to the object at fff00000c9bb7300 [ 33.728036] which belongs to the cache kmalloc-128 of size 128 [ 33.728260] The buggy address is located 0 bytes inside of [ 33.728260] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.728341] [ 33.728364] The buggy address belongs to the physical page: [ 33.728858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.729190] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.729248] page_type: f5(slab) [ 33.729291] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.729373] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.729418] page dumped because: kasan: bad access detected [ 33.729453] [ 33.729483] Memory state around the buggy address: [ 33.729531] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.729583] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.729641] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.729682] ^ [ 33.729727] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.729771] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.729814] ================================================================== [ 33.674145] ================================================================== [ 33.674454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 33.674599] Read of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.674684] [ 33.675584] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.675696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.675740] Hardware name: linux,dummy-virt (DT) [ 33.675775] Call trace: [ 33.676081] show_stack+0x20/0x38 (C) [ 33.676186] dump_stack_lvl+0x8c/0xd0 [ 33.676284] print_report+0x118/0x5d0 [ 33.676580] kasan_report+0xdc/0x128 [ 33.676635] kasan_check_range+0x100/0x1a8 [ 33.676961] __kasan_check_read+0x20/0x30 [ 33.677218] copy_user_test_oob+0x728/0xec8 [ 33.677343] kunit_try_run_case+0x170/0x3f0 [ 33.677474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.677546] kthread+0x328/0x630 [ 33.677694] ret_from_fork+0x10/0x20 [ 33.677750] [ 33.678090] Allocated by task 316: [ 33.678207] kasan_save_stack+0x3c/0x68 [ 33.678396] kasan_save_track+0x20/0x40 [ 33.678471] kasan_save_alloc_info+0x40/0x58 [ 33.678597] __kasan_kmalloc+0xd4/0xd8 [ 33.678673] __kmalloc_noprof+0x198/0x4c8 [ 33.678771] kunit_kmalloc_array+0x34/0x88 [ 33.678850] copy_user_test_oob+0xac/0xec8 [ 33.679004] kunit_try_run_case+0x170/0x3f0 [ 33.679202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.679348] kthread+0x328/0x630 [ 33.679489] ret_from_fork+0x10/0x20 [ 33.679539] [ 33.679561] The buggy address belongs to the object at fff00000c9bb7300 [ 33.679561] which belongs to the cache kmalloc-128 of size 128 [ 33.679691] The buggy address is located 0 bytes inside of [ 33.679691] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.679918] [ 33.680242] The buggy address belongs to the physical page: [ 33.680651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.680735] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.681049] page_type: f5(slab) [ 33.681157] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.681314] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.681529] page dumped because: kasan: bad access detected [ 33.681824] [ 33.681923] Memory state around the buggy address: [ 33.681964] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.682521] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.682686] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.682774] ^ [ 33.682823] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.682869] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.683194] ================================================================== [ 33.710766] ================================================================== [ 33.710839] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 33.710892] Write of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.711240] [ 33.711448] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.711804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.711865] Hardware name: linux,dummy-virt (DT) [ 33.712086] Call trace: [ 33.712169] show_stack+0x20/0x38 (C) [ 33.712545] dump_stack_lvl+0x8c/0xd0 [ 33.712638] print_report+0x118/0x5d0 [ 33.712825] kasan_report+0xdc/0x128 [ 33.713030] kasan_check_range+0x100/0x1a8 [ 33.713215] __kasan_check_write+0x20/0x30 [ 33.713300] copy_user_test_oob+0x434/0xec8 [ 33.713546] kunit_try_run_case+0x170/0x3f0 [ 33.713798] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.713938] kthread+0x328/0x630 [ 33.714057] ret_from_fork+0x10/0x20 [ 33.714130] [ 33.714351] Allocated by task 316: [ 33.714427] kasan_save_stack+0x3c/0x68 [ 33.714634] kasan_save_track+0x20/0x40 [ 33.714845] kasan_save_alloc_info+0x40/0x58 [ 33.715033] __kasan_kmalloc+0xd4/0xd8 [ 33.715209] __kmalloc_noprof+0x198/0x4c8 [ 33.715393] kunit_kmalloc_array+0x34/0x88 [ 33.715437] copy_user_test_oob+0xac/0xec8 [ 33.715666] kunit_try_run_case+0x170/0x3f0 [ 33.716034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.716198] kthread+0x328/0x630 [ 33.716367] ret_from_fork+0x10/0x20 [ 33.716593] [ 33.716638] The buggy address belongs to the object at fff00000c9bb7300 [ 33.716638] which belongs to the cache kmalloc-128 of size 128 [ 33.716975] The buggy address is located 0 bytes inside of [ 33.716975] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.717059] [ 33.717081] The buggy address belongs to the physical page: [ 33.717326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.717497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.717892] page_type: f5(slab) [ 33.717939] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.718247] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.718358] page dumped because: kasan: bad access detected [ 33.718847] [ 33.718876] Memory state around the buggy address: [ 33.719220] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.719317] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.719578] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.719764] ^ [ 33.720035] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.720306] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.720359] ================================================================== [ 33.693207] ================================================================== [ 33.693349] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 33.693414] Write of size 121 at addr fff00000c9bb7300 by task kunit_try_catch/316 [ 33.693744] [ 33.693829] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT [ 33.693926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.693976] Hardware name: linux,dummy-virt (DT) [ 33.694073] Call trace: [ 33.694099] show_stack+0x20/0x38 (C) [ 33.694300] dump_stack_lvl+0x8c/0xd0 [ 33.694391] print_report+0x118/0x5d0 [ 33.694720] kasan_report+0xdc/0x128 [ 33.694802] kasan_check_range+0x100/0x1a8 [ 33.694855] __kasan_check_write+0x20/0x30 [ 33.694947] copy_user_test_oob+0x35c/0xec8 [ 33.695001] kunit_try_run_case+0x170/0x3f0 [ 33.695054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.695153] kthread+0x328/0x630 [ 33.695197] ret_from_fork+0x10/0x20 [ 33.695264] [ 33.695566] Allocated by task 316: [ 33.695647] kasan_save_stack+0x3c/0x68 [ 33.695734] kasan_save_track+0x20/0x40 [ 33.695789] kasan_save_alloc_info+0x40/0x58 [ 33.695941] __kasan_kmalloc+0xd4/0xd8 [ 33.696027] __kmalloc_noprof+0x198/0x4c8 [ 33.696123] kunit_kmalloc_array+0x34/0x88 [ 33.696370] copy_user_test_oob+0xac/0xec8 [ 33.696571] kunit_try_run_case+0x170/0x3f0 [ 33.696718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.696947] kthread+0x328/0x630 [ 33.697127] ret_from_fork+0x10/0x20 [ 33.697319] [ 33.697351] The buggy address belongs to the object at fff00000c9bb7300 [ 33.697351] which belongs to the cache kmalloc-128 of size 128 [ 33.698024] The buggy address is located 0 bytes inside of [ 33.698024] allocated 120-byte region [fff00000c9bb7300, fff00000c9bb7378) [ 33.698128] [ 33.698183] The buggy address belongs to the physical page: [ 33.698237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb7 [ 33.698874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.699096] page_type: f5(slab) [ 33.699312] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.699463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.699649] page dumped because: kasan: bad access detected [ 33.699906] [ 33.700066] Memory state around the buggy address: [ 33.700253] fff00000c9bb7200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.700319] fff00000c9bb7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.700504] >fff00000c9bb7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.700893] ^ [ 33.700998] fff00000c9bb7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.701131] fff00000c9bb7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.701502] ==================================================================
[ 27.243860] ================================================================== [ 27.244192] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.244552] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.245067] [ 27.245189] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.245243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.245258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.245281] Call Trace: [ 27.245297] <TASK> [ 27.245314] dump_stack_lvl+0x73/0xb0 [ 27.245356] print_report+0xd1/0x610 [ 27.245379] ? __virt_addr_valid+0x1db/0x2d0 [ 27.245404] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.245455] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245480] kasan_report+0x141/0x180 [ 27.245503] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245532] kasan_check_range+0x10c/0x1c0 [ 27.245556] __kasan_check_write+0x18/0x20 [ 27.245581] copy_user_test_oob+0x3fd/0x10f0 [ 27.245751] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.245892] ? finish_task_switch.isra.0+0x153/0x700 [ 27.245917] ? __switch_to+0x47/0xf80 [ 27.245946] ? __schedule+0x10c6/0x2b60 [ 27.245969] ? __pfx_read_tsc+0x10/0x10 [ 27.245992] ? ktime_get_ts64+0x86/0x230 [ 27.246017] kunit_try_run_case+0x1a5/0x480 [ 27.246042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.246065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.246089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.246113] ? __kthread_parkme+0x82/0x180 [ 27.246135] ? preempt_count_sub+0x50/0x80 [ 27.246158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.246183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.246211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.246238] kthread+0x337/0x6f0 [ 27.246260] ? trace_preempt_on+0x20/0xc0 [ 27.246285] ? __pfx_kthread+0x10/0x10 [ 27.246306] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.246340] ? calculate_sigpending+0x7b/0xa0 [ 27.246364] ? __pfx_kthread+0x10/0x10 [ 27.246387] ret_from_fork+0x116/0x1d0 [ 27.246406] ? __pfx_kthread+0x10/0x10 [ 27.246428] ret_from_fork_asm+0x1a/0x30 [ 27.246460] </TASK> [ 27.246472] [ 27.256669] Allocated by task 334: [ 27.256865] kasan_save_stack+0x45/0x70 [ 27.257059] kasan_save_track+0x18/0x40 [ 27.257246] kasan_save_alloc_info+0x3b/0x50 [ 27.257467] __kasan_kmalloc+0xb7/0xc0 [ 27.257646] __kmalloc_noprof+0x1c9/0x500 [ 27.258220] kunit_kmalloc_array+0x25/0x60 [ 27.258416] copy_user_test_oob+0xab/0x10f0 [ 27.258844] kunit_try_run_case+0x1a5/0x480 [ 27.259061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.259440] kthread+0x337/0x6f0 [ 27.259720] ret_from_fork+0x116/0x1d0 [ 27.259996] ret_from_fork_asm+0x1a/0x30 [ 27.260188] [ 27.260266] The buggy address belongs to the object at ffff88810611db00 [ 27.260266] which belongs to the cache kmalloc-128 of size 128 [ 27.260978] The buggy address is located 0 bytes inside of [ 27.260978] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.261637] [ 27.261904] The buggy address belongs to the physical page: [ 27.262218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.262577] flags: 0x200000000000000(node=0|zone=2) [ 27.262996] page_type: f5(slab) [ 27.263197] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.263656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.264184] page dumped because: kasan: bad access detected [ 27.264516] [ 27.264610] Memory state around the buggy address: [ 27.264880] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.265356] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.265673] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.266217] ^ [ 27.266542] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267079] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267460] ================================================================== [ 27.293011] ================================================================== [ 27.293678] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.295611] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.296482] [ 27.296693] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.296747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.296773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.296797] Call Trace: [ 27.296818] <TASK> [ 27.296835] dump_stack_lvl+0x73/0xb0 [ 27.296880] print_report+0xd1/0x610 [ 27.296903] ? __virt_addr_valid+0x1db/0x2d0 [ 27.296928] ? copy_user_test_oob+0x557/0x10f0 [ 27.296952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.296979] ? copy_user_test_oob+0x557/0x10f0 [ 27.297003] kasan_report+0x141/0x180 [ 27.297027] ? copy_user_test_oob+0x557/0x10f0 [ 27.297056] kasan_check_range+0x10c/0x1c0 [ 27.297091] __kasan_check_write+0x18/0x20 [ 27.297115] copy_user_test_oob+0x557/0x10f0 [ 27.297172] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.297196] ? finish_task_switch.isra.0+0x153/0x700 [ 27.297219] ? __switch_to+0x47/0xf80 [ 27.297245] ? __schedule+0x10c6/0x2b60 [ 27.297268] ? __pfx_read_tsc+0x10/0x10 [ 27.297293] ? ktime_get_ts64+0x86/0x230 [ 27.297321] kunit_try_run_case+0x1a5/0x480 [ 27.297362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.297409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.297433] ? __kthread_parkme+0x82/0x180 [ 27.297454] ? preempt_count_sub+0x50/0x80 [ 27.297478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.297529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.297559] kthread+0x337/0x6f0 [ 27.297580] ? trace_preempt_on+0x20/0xc0 [ 27.297603] ? __pfx_kthread+0x10/0x10 [ 27.297657] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.297678] ? calculate_sigpending+0x7b/0xa0 [ 27.297703] ? __pfx_kthread+0x10/0x10 [ 27.297735] ret_from_fork+0x116/0x1d0 [ 27.297756] ? __pfx_kthread+0x10/0x10 [ 27.297778] ret_from_fork_asm+0x1a/0x30 [ 27.297810] </TASK> [ 27.297821] [ 27.305649] Allocated by task 334: [ 27.305824] kasan_save_stack+0x45/0x70 [ 27.306023] kasan_save_track+0x18/0x40 [ 27.306334] kasan_save_alloc_info+0x3b/0x50 [ 27.306491] __kasan_kmalloc+0xb7/0xc0 [ 27.306659] __kmalloc_noprof+0x1c9/0x500 [ 27.306869] kunit_kmalloc_array+0x25/0x60 [ 27.307095] copy_user_test_oob+0xab/0x10f0 [ 27.307273] kunit_try_run_case+0x1a5/0x480 [ 27.307464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.307725] kthread+0x337/0x6f0 [ 27.307842] ret_from_fork+0x116/0x1d0 [ 27.307998] ret_from_fork_asm+0x1a/0x30 [ 27.308195] [ 27.308309] The buggy address belongs to the object at ffff88810611db00 [ 27.308309] which belongs to the cache kmalloc-128 of size 128 [ 27.308825] The buggy address is located 0 bytes inside of [ 27.308825] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.309340] [ 27.309432] The buggy address belongs to the physical page: [ 27.309690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.310019] flags: 0x200000000000000(node=0|zone=2) [ 27.310252] page_type: f5(slab) [ 27.310423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.310753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.311073] page dumped because: kasan: bad access detected [ 27.311310] [ 27.311390] Memory state around the buggy address: [ 27.311540] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.311752] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311962] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.312266] ^ [ 27.312762] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.313080] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.313408] ================================================================== [ 27.313967] ================================================================== [ 27.314302] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.314599] Read of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.315247] [ 27.315882] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.315948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.316135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.316159] Call Trace: [ 27.316175] <TASK> [ 27.316203] dump_stack_lvl+0x73/0xb0 [ 27.316237] print_report+0xd1/0x610 [ 27.316260] ? __virt_addr_valid+0x1db/0x2d0 [ 27.316285] ? copy_user_test_oob+0x604/0x10f0 [ 27.316309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.316348] ? copy_user_test_oob+0x604/0x10f0 [ 27.316372] kasan_report+0x141/0x180 [ 27.316394] ? copy_user_test_oob+0x604/0x10f0 [ 27.316424] kasan_check_range+0x10c/0x1c0 [ 27.316448] __kasan_check_read+0x15/0x20 [ 27.316473] copy_user_test_oob+0x604/0x10f0 [ 27.316498] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.316521] ? finish_task_switch.isra.0+0x153/0x700 [ 27.316544] ? __switch_to+0x47/0xf80 [ 27.316571] ? __schedule+0x10c6/0x2b60 [ 27.316593] ? __pfx_read_tsc+0x10/0x10 [ 27.316801] ? ktime_get_ts64+0x86/0x230 [ 27.316843] kunit_try_run_case+0x1a5/0x480 [ 27.316870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.316894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.316951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.316978] ? __kthread_parkme+0x82/0x180 [ 27.316999] ? preempt_count_sub+0x50/0x80 [ 27.317023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.317047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.317075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.317103] kthread+0x337/0x6f0 [ 27.317124] ? trace_preempt_on+0x20/0xc0 [ 27.317148] ? __pfx_kthread+0x10/0x10 [ 27.317169] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.317192] ? calculate_sigpending+0x7b/0xa0 [ 27.317216] ? __pfx_kthread+0x10/0x10 [ 27.317238] ret_from_fork+0x116/0x1d0 [ 27.317258] ? __pfx_kthread+0x10/0x10 [ 27.317279] ret_from_fork_asm+0x1a/0x30 [ 27.317310] </TASK> [ 27.317333] [ 27.328030] Allocated by task 334: [ 27.328369] kasan_save_stack+0x45/0x70 [ 27.328561] kasan_save_track+0x18/0x40 [ 27.328878] kasan_save_alloc_info+0x3b/0x50 [ 27.329364] __kasan_kmalloc+0xb7/0xc0 [ 27.329660] __kmalloc_noprof+0x1c9/0x500 [ 27.330067] kunit_kmalloc_array+0x25/0x60 [ 27.330432] copy_user_test_oob+0xab/0x10f0 [ 27.330904] kunit_try_run_case+0x1a5/0x480 [ 27.331182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.331609] kthread+0x337/0x6f0 [ 27.331890] ret_from_fork+0x116/0x1d0 [ 27.332090] ret_from_fork_asm+0x1a/0x30 [ 27.332266] [ 27.332363] The buggy address belongs to the object at ffff88810611db00 [ 27.332363] which belongs to the cache kmalloc-128 of size 128 [ 27.333197] The buggy address is located 0 bytes inside of [ 27.333197] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.334190] [ 27.334461] The buggy address belongs to the physical page: [ 27.334916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.335269] flags: 0x200000000000000(node=0|zone=2) [ 27.335500] page_type: f5(slab) [ 27.335701] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.336014] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.336315] page dumped because: kasan: bad access detected [ 27.336935] [ 27.337166] Memory state around the buggy address: [ 27.337667] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.338115] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.338623] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.339123] ^ [ 27.339436] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.339912] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.340190] ================================================================== [ 27.268431] ================================================================== [ 27.269042] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.269449] Read of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.270139] [ 27.270270] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.270347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.270361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.270385] Call Trace: [ 27.270404] <TASK> [ 27.270421] dump_stack_lvl+0x73/0xb0 [ 27.270453] print_report+0xd1/0x610 [ 27.270476] ? __virt_addr_valid+0x1db/0x2d0 [ 27.270502] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.270553] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270577] kasan_report+0x141/0x180 [ 27.270600] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270752] kasan_check_range+0x10c/0x1c0 [ 27.270778] __kasan_check_read+0x15/0x20 [ 27.270802] copy_user_test_oob+0x4aa/0x10f0 [ 27.270829] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.270852] ? finish_task_switch.isra.0+0x153/0x700 [ 27.270874] ? __switch_to+0x47/0xf80 [ 27.270901] ? __schedule+0x10c6/0x2b60 [ 27.270924] ? __pfx_read_tsc+0x10/0x10 [ 27.270947] ? ktime_get_ts64+0x86/0x230 [ 27.270975] kunit_try_run_case+0x1a5/0x480 [ 27.271000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.271024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.271049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.271074] ? __kthread_parkme+0x82/0x180 [ 27.271096] ? preempt_count_sub+0x50/0x80 [ 27.271120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.271144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.271172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.271202] kthread+0x337/0x6f0 [ 27.271222] ? trace_preempt_on+0x20/0xc0 [ 27.271246] ? __pfx_kthread+0x10/0x10 [ 27.271267] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.271289] ? calculate_sigpending+0x7b/0xa0 [ 27.271315] ? __pfx_kthread+0x10/0x10 [ 27.271348] ret_from_fork+0x116/0x1d0 [ 27.271368] ? __pfx_kthread+0x10/0x10 [ 27.271389] ret_from_fork_asm+0x1a/0x30 [ 27.271437] </TASK> [ 27.271449] [ 27.281268] Allocated by task 334: [ 27.281573] kasan_save_stack+0x45/0x70 [ 27.281935] kasan_save_track+0x18/0x40 [ 27.282231] kasan_save_alloc_info+0x3b/0x50 [ 27.282586] __kasan_kmalloc+0xb7/0xc0 [ 27.282750] __kmalloc_noprof+0x1c9/0x500 [ 27.282894] kunit_kmalloc_array+0x25/0x60 [ 27.283037] copy_user_test_oob+0xab/0x10f0 [ 27.283178] kunit_try_run_case+0x1a5/0x480 [ 27.283318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.283587] kthread+0x337/0x6f0 [ 27.283753] ret_from_fork+0x116/0x1d0 [ 27.283937] ret_from_fork_asm+0x1a/0x30 [ 27.284135] [ 27.284228] The buggy address belongs to the object at ffff88810611db00 [ 27.284228] which belongs to the cache kmalloc-128 of size 128 [ 27.284996] The buggy address is located 0 bytes inside of [ 27.284996] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.285809] [ 27.286009] The buggy address belongs to the physical page: [ 27.286411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.286858] flags: 0x200000000000000(node=0|zone=2) [ 27.287349] page_type: f5(slab) [ 27.287710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.288078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.288304] page dumped because: kasan: bad access detected [ 27.288481] [ 27.288546] Memory state around the buggy address: [ 27.289004] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.289662] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.290235] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.290885] ^ [ 27.291469] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291876] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.292089] ==================================================================