Date
July 17, 2025, 10:12 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 32.455734] ================================================================== [ 32.455784] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.456507] Read of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.456578] [ 32.456610] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.457283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.457316] Hardware name: linux,dummy-virt (DT) [ 32.457349] Call trace: [ 32.457384] show_stack+0x20/0x38 (C) [ 32.457434] dump_stack_lvl+0x8c/0xd0 [ 32.457485] print_report+0x118/0x5d0 [ 32.457531] kasan_report+0xdc/0x128 [ 32.457576] kasan_check_range+0x100/0x1a8 [ 32.457624] __kasan_check_read+0x20/0x30 [ 32.457671] copy_user_test_oob+0x4a0/0xec8 [ 32.457721] kunit_try_run_case+0x170/0x3f0 [ 32.457767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.457820] kthread+0x328/0x630 [ 32.457861] ret_from_fork+0x10/0x20 [ 32.457910] [ 32.457931] Allocated by task 316: [ 32.457961] kasan_save_stack+0x3c/0x68 [ 32.458001] kasan_save_track+0x20/0x40 [ 32.458040] kasan_save_alloc_info+0x40/0x58 [ 32.458091] __kasan_kmalloc+0xd4/0xd8 [ 32.458128] __kmalloc_noprof+0x198/0x4c8 [ 32.458168] kunit_kmalloc_array+0x34/0x88 [ 32.458208] copy_user_test_oob+0xac/0xec8 [ 32.458247] kunit_try_run_case+0x170/0x3f0 [ 32.458285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.458329] kthread+0x328/0x630 [ 32.458365] ret_from_fork+0x10/0x20 [ 32.458401] [ 32.458423] The buggy address belongs to the object at fff00000c98f2e00 [ 32.458423] which belongs to the cache kmalloc-128 of size 128 [ 32.458482] The buggy address is located 0 bytes inside of [ 32.458482] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.458546] [ 32.458568] The buggy address belongs to the physical page: [ 32.458601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.458652] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.458702] page_type: f5(slab) [ 32.458742] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.458801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.458843] page dumped because: kasan: bad access detected [ 32.458878] [ 32.458898] Memory state around the buggy address: [ 32.458931] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.458976] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.459020] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.459131] ^ [ 32.459174] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.459218] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.459258] ================================================================== [ 32.450456] ================================================================== [ 32.450650] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.450723] Write of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.450788] [ 32.450889] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.450998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.451033] Hardware name: linux,dummy-virt (DT) [ 32.451076] Call trace: [ 32.451101] show_stack+0x20/0x38 (C) [ 32.451286] dump_stack_lvl+0x8c/0xd0 [ 32.451344] print_report+0x118/0x5d0 [ 32.451390] kasan_report+0xdc/0x128 [ 32.451482] kasan_check_range+0x100/0x1a8 [ 32.451554] __kasan_check_write+0x20/0x30 [ 32.451639] copy_user_test_oob+0x434/0xec8 [ 32.451849] kunit_try_run_case+0x170/0x3f0 [ 32.451917] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.451994] kthread+0x328/0x630 [ 32.452050] ret_from_fork+0x10/0x20 [ 32.452149] [ 32.452197] Allocated by task 316: [ 32.452244] kasan_save_stack+0x3c/0x68 [ 32.452287] kasan_save_track+0x20/0x40 [ 32.452333] kasan_save_alloc_info+0x40/0x58 [ 32.452435] __kasan_kmalloc+0xd4/0xd8 [ 32.452515] __kmalloc_noprof+0x198/0x4c8 [ 32.452633] kunit_kmalloc_array+0x34/0x88 [ 32.452674] copy_user_test_oob+0xac/0xec8 [ 32.452724] kunit_try_run_case+0x170/0x3f0 [ 32.452764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.453128] kthread+0x328/0x630 [ 32.453222] ret_from_fork+0x10/0x20 [ 32.453301] [ 32.453512] The buggy address belongs to the object at fff00000c98f2e00 [ 32.453512] which belongs to the cache kmalloc-128 of size 128 [ 32.453587] The buggy address is located 0 bytes inside of [ 32.453587] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.453653] [ 32.453735] The buggy address belongs to the physical page: [ 32.453769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.453822] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.453871] page_type: f5(slab) [ 32.453919] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.453984] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.454033] page dumped because: kasan: bad access detected [ 32.454101] [ 32.454336] Memory state around the buggy address: [ 32.454486] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.454579] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.454720] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.454793] ^ [ 32.454841] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.455043] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.455227] ================================================================== [ 32.430365] ================================================================== [ 32.430438] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.430512] Read of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.430567] [ 32.430613] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.430701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.430728] Hardware name: linux,dummy-virt (DT) [ 32.430761] Call trace: [ 32.430792] show_stack+0x20/0x38 (C) [ 32.430841] dump_stack_lvl+0x8c/0xd0 [ 32.430890] print_report+0x118/0x5d0 [ 32.430935] kasan_report+0xdc/0x128 [ 32.430980] kasan_check_range+0x100/0x1a8 [ 32.431043] __kasan_check_read+0x20/0x30 [ 32.431109] copy_user_test_oob+0x728/0xec8 [ 32.431194] kunit_try_run_case+0x170/0x3f0 [ 32.431259] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.431332] kthread+0x328/0x630 [ 32.431396] ret_from_fork+0x10/0x20 [ 32.431479] [ 32.431793] Allocated by task 316: [ 32.431825] kasan_save_stack+0x3c/0x68 [ 32.431883] kasan_save_track+0x20/0x40 [ 32.431938] kasan_save_alloc_info+0x40/0x58 [ 32.432007] __kasan_kmalloc+0xd4/0xd8 [ 32.432090] __kmalloc_noprof+0x198/0x4c8 [ 32.432135] kunit_kmalloc_array+0x34/0x88 [ 32.432175] copy_user_test_oob+0xac/0xec8 [ 32.432215] kunit_try_run_case+0x170/0x3f0 [ 32.432272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.432317] kthread+0x328/0x630 [ 32.432363] ret_from_fork+0x10/0x20 [ 32.432402] [ 32.432423] The buggy address belongs to the object at fff00000c98f2e00 [ 32.432423] which belongs to the cache kmalloc-128 of size 128 [ 32.432484] The buggy address is located 0 bytes inside of [ 32.432484] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.432547] [ 32.432568] The buggy address belongs to the physical page: [ 32.432601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.432654] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.432703] page_type: f5(slab) [ 32.432741] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.432807] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.432888] page dumped because: kasan: bad access detected [ 32.432981] [ 32.433062] Memory state around the buggy address: [ 32.433118] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.433270] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.433330] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.433371] ^ [ 32.433414] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.433456] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.433495] ================================================================== [ 32.438283] ================================================================== [ 32.438357] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.438429] Write of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.438499] [ 32.438562] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.438648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.438677] Hardware name: linux,dummy-virt (DT) [ 32.438710] Call trace: [ 32.438909] show_stack+0x20/0x38 (C) [ 32.438959] dump_stack_lvl+0x8c/0xd0 [ 32.439162] print_report+0x118/0x5d0 [ 32.439253] kasan_report+0xdc/0x128 [ 32.439306] kasan_check_range+0x100/0x1a8 [ 32.439370] __kasan_check_write+0x20/0x30 [ 32.439607] copy_user_test_oob+0x35c/0xec8 [ 32.439694] kunit_try_run_case+0x170/0x3f0 [ 32.439746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.439798] kthread+0x328/0x630 [ 32.439842] ret_from_fork+0x10/0x20 [ 32.439982] [ 32.440007] Allocated by task 316: [ 32.440036] kasan_save_stack+0x3c/0x68 [ 32.440281] kasan_save_track+0x20/0x40 [ 32.440389] kasan_save_alloc_info+0x40/0x58 [ 32.440434] __kasan_kmalloc+0xd4/0xd8 [ 32.440489] __kmalloc_noprof+0x198/0x4c8 [ 32.440606] kunit_kmalloc_array+0x34/0x88 [ 32.440863] copy_user_test_oob+0xac/0xec8 [ 32.440927] kunit_try_run_case+0x170/0x3f0 [ 32.440968] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.441040] kthread+0x328/0x630 [ 32.441146] ret_from_fork+0x10/0x20 [ 32.441235] [ 32.441259] The buggy address belongs to the object at fff00000c98f2e00 [ 32.441259] which belongs to the cache kmalloc-128 of size 128 [ 32.441319] The buggy address is located 0 bytes inside of [ 32.441319] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.441426] [ 32.441448] The buggy address belongs to the physical page: [ 32.441482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.441534] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.441591] page_type: f5(slab) [ 32.441645] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.441702] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.441755] page dumped because: kasan: bad access detected [ 32.441804] [ 32.441829] Memory state around the buggy address: [ 32.441878] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.441923] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.441967] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.442007] ^ [ 32.442076] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.442117] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.442166] ================================================================== [ 32.419725] ================================================================== [ 32.419946] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.420066] Write of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.420153] [ 32.420220] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.420312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.420339] Hardware name: linux,dummy-virt (DT) [ 32.420384] Call trace: [ 32.420485] show_stack+0x20/0x38 (C) [ 32.420563] dump_stack_lvl+0x8c/0xd0 [ 32.420651] print_report+0x118/0x5d0 [ 32.420698] kasan_report+0xdc/0x128 [ 32.420874] kasan_check_range+0x100/0x1a8 [ 32.420924] __kasan_check_write+0x20/0x30 [ 32.420972] copy_user_test_oob+0x234/0xec8 [ 32.421211] kunit_try_run_case+0x170/0x3f0 [ 32.421373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.421428] kthread+0x328/0x630 [ 32.421481] ret_from_fork+0x10/0x20 [ 32.421577] [ 32.421608] Allocated by task 316: [ 32.421656] kasan_save_stack+0x3c/0x68 [ 32.421702] kasan_save_track+0x20/0x40 [ 32.421745] kasan_save_alloc_info+0x40/0x58 [ 32.421792] __kasan_kmalloc+0xd4/0xd8 [ 32.421830] __kmalloc_noprof+0x198/0x4c8 [ 32.421880] kunit_kmalloc_array+0x34/0x88 [ 32.421929] copy_user_test_oob+0xac/0xec8 [ 32.421969] kunit_try_run_case+0x170/0x3f0 [ 32.422008] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.422068] kthread+0x328/0x630 [ 32.422102] ret_from_fork+0x10/0x20 [ 32.422139] [ 32.422161] The buggy address belongs to the object at fff00000c98f2e00 [ 32.422161] which belongs to the cache kmalloc-128 of size 128 [ 32.422223] The buggy address is located 0 bytes inside of [ 32.422223] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.422487] [ 32.422783] The buggy address belongs to the physical page: [ 32.422914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.426093] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.426154] page_type: f5(slab) [ 32.426200] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.426252] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.426297] page dumped because: kasan: bad access detected [ 32.426330] [ 32.426352] Memory state around the buggy address: [ 32.426386] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.426430] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.426476] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.426515] ^ [ 32.426559] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.426601] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.426642] ================================================================== [ 32.443375] ================================================================== [ 32.443460] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.443514] Read of size 121 at addr fff00000c98f2e00 by task kunit_try_catch/316 [ 32.443573] [ 32.443675] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 32.443770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.443798] Hardware name: linux,dummy-virt (DT) [ 32.443831] Call trace: [ 32.443958] show_stack+0x20/0x38 (C) [ 32.444255] dump_stack_lvl+0x8c/0xd0 [ 32.444348] print_report+0x118/0x5d0 [ 32.444450] kasan_report+0xdc/0x128 [ 32.444553] kasan_check_range+0x100/0x1a8 [ 32.444621] __kasan_check_read+0x20/0x30 [ 32.444808] copy_user_test_oob+0x3c8/0xec8 [ 32.444858] kunit_try_run_case+0x170/0x3f0 [ 32.445017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.445202] kthread+0x328/0x630 [ 32.445306] ret_from_fork+0x10/0x20 [ 32.445542] [ 32.445563] Allocated by task 316: [ 32.445602] kasan_save_stack+0x3c/0x68 [ 32.445683] kasan_save_track+0x20/0x40 [ 32.445778] kasan_save_alloc_info+0x40/0x58 [ 32.445864] __kasan_kmalloc+0xd4/0xd8 [ 32.445992] __kmalloc_noprof+0x198/0x4c8 [ 32.446037] kunit_kmalloc_array+0x34/0x88 [ 32.446130] copy_user_test_oob+0xac/0xec8 [ 32.446469] kunit_try_run_case+0x170/0x3f0 [ 32.446542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.446725] kthread+0x328/0x630 [ 32.446946] ret_from_fork+0x10/0x20 [ 32.447029] [ 32.447126] The buggy address belongs to the object at fff00000c98f2e00 [ 32.447126] which belongs to the cache kmalloc-128 of size 128 [ 32.447267] The buggy address is located 0 bytes inside of [ 32.447267] allocated 120-byte region [fff00000c98f2e00, fff00000c98f2e78) [ 32.447389] [ 32.447488] The buggy address belongs to the physical page: [ 32.447521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1098f2 [ 32.447575] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.447805] page_type: f5(slab) [ 32.447947] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.448051] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.448288] page dumped because: kasan: bad access detected [ 32.448427] [ 32.448477] Memory state around the buggy address: [ 32.448663] fff00000c98f2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.448731] fff00000c98f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.448778] >fff00000c98f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.448825] ^ [ 32.448868] fff00000c98f2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.449079] fff00000c98f2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.449239] ==================================================================
[ 29.671490] ================================================================== [ 29.671823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.672106] Read of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.672563] [ 29.672664] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.672711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.672724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.672745] Call Trace: [ 29.672759] <TASK> [ 29.672773] dump_stack_lvl+0x73/0xb0 [ 29.672814] print_report+0xd1/0x610 [ 29.672836] ? __virt_addr_valid+0x1db/0x2d0 [ 29.672868] ? copy_user_test_oob+0x604/0x10f0 [ 29.672891] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.672918] ? copy_user_test_oob+0x604/0x10f0 [ 29.672957] kasan_report+0x141/0x180 [ 29.672980] ? copy_user_test_oob+0x604/0x10f0 [ 29.673009] kasan_check_range+0x10c/0x1c0 [ 29.673033] __kasan_check_read+0x15/0x20 [ 29.673056] copy_user_test_oob+0x604/0x10f0 [ 29.673092] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.673115] ? finish_task_switch.isra.0+0x153/0x700 [ 29.673136] ? __switch_to+0x47/0xf80 [ 29.673162] ? __schedule+0x10c6/0x2b60 [ 29.673185] ? __pfx_read_tsc+0x10/0x10 [ 29.673206] ? ktime_get_ts64+0x86/0x230 [ 29.673231] kunit_try_run_case+0x1a5/0x480 [ 29.673254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.673284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.673308] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.673332] ? __kthread_parkme+0x82/0x180 [ 29.673356] ? preempt_count_sub+0x50/0x80 [ 29.673379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.673403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.673426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.673450] kthread+0x337/0x6f0 [ 29.673469] ? trace_preempt_on+0x20/0xc0 [ 29.673492] ? __pfx_kthread+0x10/0x10 [ 29.673513] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.673535] ? calculate_sigpending+0x7b/0xa0 [ 29.673558] ? __pfx_kthread+0x10/0x10 [ 29.673579] ret_from_fork+0x116/0x1d0 [ 29.673599] ? __pfx_kthread+0x10/0x10 [ 29.673619] ret_from_fork_asm+0x1a/0x30 [ 29.673651] </TASK> [ 29.673663] [ 29.681672] Allocated by task 334: [ 29.681795] kasan_save_stack+0x45/0x70 [ 29.681945] kasan_save_track+0x18/0x40 [ 29.682075] kasan_save_alloc_info+0x3b/0x50 [ 29.683400] __kasan_kmalloc+0xb7/0xc0 [ 29.683841] __kmalloc_noprof+0x1ca/0x510 [ 29.684446] kunit_kmalloc_array+0x25/0x60 [ 29.685895] copy_user_test_oob+0xab/0x10f0 [ 29.686612] kunit_try_run_case+0x1a5/0x480 [ 29.686910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.687110] kthread+0x337/0x6f0 [ 29.687229] ret_from_fork+0x116/0x1d0 [ 29.687924] ret_from_fork_asm+0x1a/0x30 [ 29.688637] [ 29.688929] The buggy address belongs to the object at ffff888104588600 [ 29.688929] which belongs to the cache kmalloc-128 of size 128 [ 29.690326] The buggy address is located 0 bytes inside of [ 29.690326] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.690955] [ 29.691028] The buggy address belongs to the physical page: [ 29.691869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.692798] flags: 0x200000000000000(node=0|zone=2) [ 29.693466] page_type: f5(slab) [ 29.693916] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.694676] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.695488] page dumped because: kasan: bad access detected [ 29.696150] [ 29.696456] Memory state around the buggy address: [ 29.696875] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.697117] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697338] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.697546] ^ [ 29.697753] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697976] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.698464] ================================================================== [ 29.654402] ================================================================== [ 29.654975] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.655392] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.655835] [ 29.655939] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.655985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.655998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.656022] Call Trace: [ 29.656035] <TASK> [ 29.656051] dump_stack_lvl+0x73/0xb0 [ 29.656090] print_report+0xd1/0x610 [ 29.656112] ? __virt_addr_valid+0x1db/0x2d0 [ 29.656136] ? copy_user_test_oob+0x557/0x10f0 [ 29.656159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.656186] ? copy_user_test_oob+0x557/0x10f0 [ 29.656212] kasan_report+0x141/0x180 [ 29.656234] ? copy_user_test_oob+0x557/0x10f0 [ 29.656264] kasan_check_range+0x10c/0x1c0 [ 29.656299] __kasan_check_write+0x18/0x20 [ 29.656322] copy_user_test_oob+0x557/0x10f0 [ 29.656349] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.656372] ? finish_task_switch.isra.0+0x153/0x700 [ 29.656394] ? __switch_to+0x47/0xf80 [ 29.656420] ? __schedule+0x10c6/0x2b60 [ 29.656443] ? __pfx_read_tsc+0x10/0x10 [ 29.656464] ? ktime_get_ts64+0x86/0x230 [ 29.656488] kunit_try_run_case+0x1a5/0x480 [ 29.656512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656534] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.656558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.656581] ? __kthread_parkme+0x82/0x180 [ 29.656605] ? preempt_count_sub+0x50/0x80 [ 29.656629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.656676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.656699] kthread+0x337/0x6f0 [ 29.656719] ? trace_preempt_on+0x20/0xc0 [ 29.656741] ? __pfx_kthread+0x10/0x10 [ 29.656762] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.656784] ? calculate_sigpending+0x7b/0xa0 [ 29.656808] ? __pfx_kthread+0x10/0x10 [ 29.656829] ret_from_fork+0x116/0x1d0 [ 29.656849] ? __pfx_kthread+0x10/0x10 [ 29.656869] ret_from_fork_asm+0x1a/0x30 [ 29.656901] </TASK> [ 29.656912] [ 29.663867] Allocated by task 334: [ 29.664013] kasan_save_stack+0x45/0x70 [ 29.664160] kasan_save_track+0x18/0x40 [ 29.664344] kasan_save_alloc_info+0x3b/0x50 [ 29.664554] __kasan_kmalloc+0xb7/0xc0 [ 29.664733] __kmalloc_noprof+0x1ca/0x510 [ 29.664925] kunit_kmalloc_array+0x25/0x60 [ 29.665069] copy_user_test_oob+0xab/0x10f0 [ 29.665253] kunit_try_run_case+0x1a5/0x480 [ 29.665462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.665688] kthread+0x337/0x6f0 [ 29.665837] ret_from_fork+0x116/0x1d0 [ 29.666008] ret_from_fork_asm+0x1a/0x30 [ 29.666184] [ 29.666273] The buggy address belongs to the object at ffff888104588600 [ 29.666273] which belongs to the cache kmalloc-128 of size 128 [ 29.666735] The buggy address is located 0 bytes inside of [ 29.666735] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.667213] [ 29.667311] The buggy address belongs to the physical page: [ 29.667524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.667818] flags: 0x200000000000000(node=0|zone=2) [ 29.668010] page_type: f5(slab) [ 29.668174] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.668512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.668804] page dumped because: kasan: bad access detected [ 29.669008] [ 29.669106] Memory state around the buggy address: [ 29.669303] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.669570] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.669804] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.670049] ^ [ 29.670463] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.670700] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.670906] ================================================================== [ 29.637401] ================================================================== [ 29.637640] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.637973] Read of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.638337] [ 29.638423] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.638471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.638484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.638507] Call Trace: [ 29.638523] <TASK> [ 29.638541] dump_stack_lvl+0x73/0xb0 [ 29.638570] print_report+0xd1/0x610 [ 29.638593] ? __virt_addr_valid+0x1db/0x2d0 [ 29.638618] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.638668] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638692] kasan_report+0x141/0x180 [ 29.638714] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638743] kasan_check_range+0x10c/0x1c0 [ 29.638766] __kasan_check_read+0x15/0x20 [ 29.638790] copy_user_test_oob+0x4aa/0x10f0 [ 29.638815] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.638837] ? finish_task_switch.isra.0+0x153/0x700 [ 29.638859] ? __switch_to+0x47/0xf80 [ 29.638885] ? __schedule+0x10c6/0x2b60 [ 29.638909] ? __pfx_read_tsc+0x10/0x10 [ 29.638930] ? ktime_get_ts64+0x86/0x230 [ 29.638955] kunit_try_run_case+0x1a5/0x480 [ 29.638994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.639016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.639038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.639062] ? __kthread_parkme+0x82/0x180 [ 29.639099] ? preempt_count_sub+0x50/0x80 [ 29.639121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.639145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.639169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.639192] kthread+0x337/0x6f0 [ 29.639211] ? trace_preempt_on+0x20/0xc0 [ 29.639235] ? __pfx_kthread+0x10/0x10 [ 29.639256] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.639278] ? calculate_sigpending+0x7b/0xa0 [ 29.639302] ? __pfx_kthread+0x10/0x10 [ 29.639336] ret_from_fork+0x116/0x1d0 [ 29.639355] ? __pfx_kthread+0x10/0x10 [ 29.639375] ret_from_fork_asm+0x1a/0x30 [ 29.639407] </TASK> [ 29.639418] [ 29.646568] Allocated by task 334: [ 29.646718] kasan_save_stack+0x45/0x70 [ 29.646852] kasan_save_track+0x18/0x40 [ 29.646980] kasan_save_alloc_info+0x3b/0x50 [ 29.647131] __kasan_kmalloc+0xb7/0xc0 [ 29.647257] __kmalloc_noprof+0x1ca/0x510 [ 29.647392] kunit_kmalloc_array+0x25/0x60 [ 29.647733] copy_user_test_oob+0xab/0x10f0 [ 29.647934] kunit_try_run_case+0x1a5/0x480 [ 29.648149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.648554] kthread+0x337/0x6f0 [ 29.648720] ret_from_fork+0x116/0x1d0 [ 29.648901] ret_from_fork_asm+0x1a/0x30 [ 29.649106] [ 29.649194] The buggy address belongs to the object at ffff888104588600 [ 29.649194] which belongs to the cache kmalloc-128 of size 128 [ 29.649778] The buggy address is located 0 bytes inside of [ 29.649778] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.650200] [ 29.650264] The buggy address belongs to the physical page: [ 29.650519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.650862] flags: 0x200000000000000(node=0|zone=2) [ 29.651064] page_type: f5(slab) [ 29.651188] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.651413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.651632] page dumped because: kasan: bad access detected [ 29.651798] [ 29.651860] Memory state around the buggy address: [ 29.652192] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.652496] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.652798] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.653344] ^ [ 29.653586] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.653791] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.654006] ================================================================== [ 29.619311] ================================================================== [ 29.619614] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.619926] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.620343] [ 29.620513] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.620566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.620579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.620602] Call Trace: [ 29.620615] <TASK> [ 29.620633] dump_stack_lvl+0x73/0xb0 [ 29.620664] print_report+0xd1/0x610 [ 29.620686] ? __virt_addr_valid+0x1db/0x2d0 [ 29.620711] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.620762] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620786] kasan_report+0x141/0x180 [ 29.620810] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620840] kasan_check_range+0x10c/0x1c0 [ 29.620867] __kasan_check_write+0x18/0x20 [ 29.620891] copy_user_test_oob+0x3fd/0x10f0 [ 29.620917] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.620939] ? finish_task_switch.isra.0+0x153/0x700 [ 29.620962] ? __switch_to+0x47/0xf80 [ 29.620989] ? __schedule+0x10c6/0x2b60 [ 29.621012] ? __pfx_read_tsc+0x10/0x10 [ 29.621034] ? ktime_get_ts64+0x86/0x230 [ 29.621060] kunit_try_run_case+0x1a5/0x480 [ 29.621098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.621144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.621169] ? __kthread_parkme+0x82/0x180 [ 29.621193] ? preempt_count_sub+0x50/0x80 [ 29.621217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.621264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.621301] kthread+0x337/0x6f0 [ 29.621321] ? trace_preempt_on+0x20/0xc0 [ 29.621344] ? __pfx_kthread+0x10/0x10 [ 29.621366] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.621387] ? calculate_sigpending+0x7b/0xa0 [ 29.621412] ? __pfx_kthread+0x10/0x10 [ 29.621434] ret_from_fork+0x116/0x1d0 [ 29.621453] ? __pfx_kthread+0x10/0x10 [ 29.621474] ret_from_fork_asm+0x1a/0x30 [ 29.621506] </TASK> [ 29.621517] [ 29.628747] Allocated by task 334: [ 29.628891] kasan_save_stack+0x45/0x70 [ 29.629075] kasan_save_track+0x18/0x40 [ 29.629258] kasan_save_alloc_info+0x3b/0x50 [ 29.629447] __kasan_kmalloc+0xb7/0xc0 [ 29.629603] __kmalloc_noprof+0x1ca/0x510 [ 29.629741] kunit_kmalloc_array+0x25/0x60 [ 29.629943] copy_user_test_oob+0xab/0x10f0 [ 29.630152] kunit_try_run_case+0x1a5/0x480 [ 29.630337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.630558] kthread+0x337/0x6f0 [ 29.630690] ret_from_fork+0x116/0x1d0 [ 29.630817] ret_from_fork_asm+0x1a/0x30 [ 29.630952] [ 29.631019] The buggy address belongs to the object at ffff888104588600 [ 29.631019] which belongs to the cache kmalloc-128 of size 128 [ 29.631936] The buggy address is located 0 bytes inside of [ 29.631936] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.632330] [ 29.632395] The buggy address belongs to the physical page: [ 29.632562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.632817] flags: 0x200000000000000(node=0|zone=2) [ 29.633050] page_type: f5(slab) [ 29.633219] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.633597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.634178] page dumped because: kasan: bad access detected [ 29.634342] [ 29.634403] Memory state around the buggy address: [ 29.634551] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.634758] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635221] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.635821] ^ [ 29.636116] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.636344] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.636558] ==================================================================