Date
July 18, 2025, 1:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.609181] ================================================================== [ 34.609320] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.609445] Write of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.609504] [ 34.609549] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.609638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.609666] Hardware name: linux,dummy-virt (DT) [ 34.609701] Call trace: [ 34.609729] show_stack+0x20/0x38 (C) [ 34.609783] dump_stack_lvl+0x8c/0xd0 [ 34.609835] print_report+0x118/0x5e8 [ 34.609881] kasan_report+0xdc/0x128 [ 34.609924] kasan_check_range+0x100/0x1a8 [ 34.609972] __kasan_check_write+0x20/0x30 [ 34.610038] copy_user_test_oob+0x234/0xec8 [ 34.610250] kunit_try_run_case+0x170/0x3f0 [ 34.610307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.610359] kthread+0x328/0x630 [ 34.610403] ret_from_fork+0x10/0x20 [ 34.610496] [ 34.610524] Allocated by task 316: [ 34.610574] kasan_save_stack+0x3c/0x68 [ 34.610616] kasan_save_track+0x20/0x40 [ 34.610659] kasan_save_alloc_info+0x40/0x58 [ 34.610714] __kasan_kmalloc+0xd4/0xd8 [ 34.610751] __kmalloc_noprof+0x198/0x4c8 [ 34.610793] kunit_kmalloc_array+0x34/0x88 [ 34.610832] copy_user_test_oob+0xac/0xec8 [ 34.610872] kunit_try_run_case+0x170/0x3f0 [ 34.610912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.611804] kthread+0x328/0x630 [ 34.611924] ret_from_fork+0x10/0x20 [ 34.611976] [ 34.612016] The buggy address belongs to the object at fff00000c970b200 [ 34.612016] which belongs to the cache kmalloc-128 of size 128 [ 34.612140] The buggy address is located 0 bytes inside of [ 34.612140] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.612232] [ 34.612288] The buggy address belongs to the physical page: [ 34.612427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.612494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.612577] page_type: f5(slab) [ 34.612665] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.612774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.612849] page dumped because: kasan: bad access detected [ 34.612934] [ 34.613003] Memory state around the buggy address: [ 34.613112] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.613187] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.613264] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.613340] ^ [ 34.613403] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.613445] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.613485] ================================================================== [ 34.624935] ================================================================== [ 34.625010] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.625065] Write of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.625148] [ 34.625198] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.625284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.625330] Hardware name: linux,dummy-virt (DT) [ 34.625379] Call trace: [ 34.625405] show_stack+0x20/0x38 (C) [ 34.625471] dump_stack_lvl+0x8c/0xd0 [ 34.625519] print_report+0x118/0x5e8 [ 34.625564] kasan_report+0xdc/0x128 [ 34.625612] kasan_check_range+0x100/0x1a8 [ 34.625698] __kasan_check_write+0x20/0x30 [ 34.625764] copy_user_test_oob+0x35c/0xec8 [ 34.625819] kunit_try_run_case+0x170/0x3f0 [ 34.625867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.625920] kthread+0x328/0x630 [ 34.626088] ret_from_fork+0x10/0x20 [ 34.626142] [ 34.626164] Allocated by task 316: [ 34.626212] kasan_save_stack+0x3c/0x68 [ 34.626271] kasan_save_track+0x20/0x40 [ 34.626326] kasan_save_alloc_info+0x40/0x58 [ 34.626383] __kasan_kmalloc+0xd4/0xd8 [ 34.626419] __kmalloc_noprof+0x198/0x4c8 [ 34.626465] kunit_kmalloc_array+0x34/0x88 [ 34.626519] copy_user_test_oob+0xac/0xec8 [ 34.626562] kunit_try_run_case+0x170/0x3f0 [ 34.626618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.626661] kthread+0x328/0x630 [ 34.626696] ret_from_fork+0x10/0x20 [ 34.626857] [ 34.626880] The buggy address belongs to the object at fff00000c970b200 [ 34.626880] which belongs to the cache kmalloc-128 of size 128 [ 34.626940] The buggy address is located 0 bytes inside of [ 34.626940] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.627044] [ 34.627068] The buggy address belongs to the physical page: [ 34.627128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.627182] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.627238] page_type: f5(slab) [ 34.627283] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.627357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.627399] page dumped because: kasan: bad access detected [ 34.627449] [ 34.627478] Memory state around the buggy address: [ 34.627512] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.627557] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.627626] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.627685] ^ [ 34.627726] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.627804] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.627841] ================================================================== [ 34.634220] ================================================================== [ 34.634270] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.634318] Read of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.634369] [ 34.634444] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.634541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.634577] Hardware name: linux,dummy-virt (DT) [ 34.634741] Call trace: [ 34.634783] show_stack+0x20/0x38 (C) [ 34.634848] dump_stack_lvl+0x8c/0xd0 [ 34.635016] print_report+0x118/0x5e8 [ 34.635270] kasan_report+0xdc/0x128 [ 34.635322] kasan_check_range+0x100/0x1a8 [ 34.635399] __kasan_check_read+0x20/0x30 [ 34.635474] copy_user_test_oob+0x4a0/0xec8 [ 34.635530] kunit_try_run_case+0x170/0x3f0 [ 34.635594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.635692] kthread+0x328/0x630 [ 34.635761] ret_from_fork+0x10/0x20 [ 34.635841] [ 34.635876] Allocated by task 316: [ 34.635905] kasan_save_stack+0x3c/0x68 [ 34.635943] kasan_save_track+0x20/0x40 [ 34.636221] kasan_save_alloc_info+0x40/0x58 [ 34.636274] __kasan_kmalloc+0xd4/0xd8 [ 34.636489] __kmalloc_noprof+0x198/0x4c8 [ 34.636562] kunit_kmalloc_array+0x34/0x88 [ 34.636661] copy_user_test_oob+0xac/0xec8 [ 34.636747] kunit_try_run_case+0x170/0x3f0 [ 34.636978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.637189] kthread+0x328/0x630 [ 34.637264] ret_from_fork+0x10/0x20 [ 34.637310] [ 34.637331] The buggy address belongs to the object at fff00000c970b200 [ 34.637331] which belongs to the cache kmalloc-128 of size 128 [ 34.637584] The buggy address is located 0 bytes inside of [ 34.637584] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.637770] [ 34.637839] The buggy address belongs to the physical page: [ 34.637917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.638138] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.638295] page_type: f5(slab) [ 34.638355] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.638414] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.638694] page dumped because: kasan: bad access detected [ 34.638754] [ 34.638798] Memory state around the buggy address: [ 34.638996] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.639076] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.639205] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.639306] ^ [ 34.639380] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.639575] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.639795] ================================================================== [ 34.628618] ================================================================== [ 34.628770] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.628825] Read of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.628877] [ 34.628906] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.628991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.629019] Hardware name: linux,dummy-virt (DT) [ 34.629051] Call trace: [ 34.629076] show_stack+0x20/0x38 (C) [ 34.629135] dump_stack_lvl+0x8c/0xd0 [ 34.629184] print_report+0x118/0x5e8 [ 34.629228] kasan_report+0xdc/0x128 [ 34.629274] kasan_check_range+0x100/0x1a8 [ 34.629319] __kasan_check_read+0x20/0x30 [ 34.629366] copy_user_test_oob+0x3c8/0xec8 [ 34.629415] kunit_try_run_case+0x170/0x3f0 [ 34.629460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.629512] kthread+0x328/0x630 [ 34.629553] ret_from_fork+0x10/0x20 [ 34.629601] [ 34.629621] Allocated by task 316: [ 34.629650] kasan_save_stack+0x3c/0x68 [ 34.629689] kasan_save_track+0x20/0x40 [ 34.629726] kasan_save_alloc_info+0x40/0x58 [ 34.629764] __kasan_kmalloc+0xd4/0xd8 [ 34.629800] __kmalloc_noprof+0x198/0x4c8 [ 34.629839] kunit_kmalloc_array+0x34/0x88 [ 34.629879] copy_user_test_oob+0xac/0xec8 [ 34.629918] kunit_try_run_case+0x170/0x3f0 [ 34.629955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.629999] kthread+0x328/0x630 [ 34.630040] ret_from_fork+0x10/0x20 [ 34.630076] [ 34.630106] The buggy address belongs to the object at fff00000c970b200 [ 34.630106] which belongs to the cache kmalloc-128 of size 128 [ 34.630165] The buggy address is located 0 bytes inside of [ 34.630165] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.630231] [ 34.630259] The buggy address belongs to the physical page: [ 34.630290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.630343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.630391] page_type: f5(slab) [ 34.630430] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.630483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.630525] page dumped because: kasan: bad access detected [ 34.630559] [ 34.630579] Memory state around the buggy address: [ 34.630611] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.630656] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.630701] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.630740] ^ [ 34.630779] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.630823] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.630863] ================================================================== [ 34.617789] ================================================================== [ 34.617843] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.617897] Read of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.617948] [ 34.618029] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.618146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.618193] Hardware name: linux,dummy-virt (DT) [ 34.618263] Call trace: [ 34.618289] show_stack+0x20/0x38 (C) [ 34.618356] dump_stack_lvl+0x8c/0xd0 [ 34.618419] print_report+0x118/0x5e8 [ 34.618487] kasan_report+0xdc/0x128 [ 34.618532] kasan_check_range+0x100/0x1a8 [ 34.618577] __kasan_check_read+0x20/0x30 [ 34.618635] copy_user_test_oob+0x728/0xec8 [ 34.618684] kunit_try_run_case+0x170/0x3f0 [ 34.618733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.618786] kthread+0x328/0x630 [ 34.618829] ret_from_fork+0x10/0x20 [ 34.618875] [ 34.618895] Allocated by task 316: [ 34.618925] kasan_save_stack+0x3c/0x68 [ 34.618973] kasan_save_track+0x20/0x40 [ 34.619012] kasan_save_alloc_info+0x40/0x58 [ 34.619059] __kasan_kmalloc+0xd4/0xd8 [ 34.619105] __kmalloc_noprof+0x198/0x4c8 [ 34.619145] kunit_kmalloc_array+0x34/0x88 [ 34.619183] copy_user_test_oob+0xac/0xec8 [ 34.619222] kunit_try_run_case+0x170/0x3f0 [ 34.619262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.619304] kthread+0x328/0x630 [ 34.619337] ret_from_fork+0x10/0x20 [ 34.619375] [ 34.619396] The buggy address belongs to the object at fff00000c970b200 [ 34.619396] which belongs to the cache kmalloc-128 of size 128 [ 34.619467] The buggy address is located 0 bytes inside of [ 34.619467] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.619546] [ 34.619571] The buggy address belongs to the physical page: [ 34.619605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.619660] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.619709] page_type: f5(slab) [ 34.619746] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.619799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.619881] page dumped because: kasan: bad access detected [ 34.619941] [ 34.619961] Memory state around the buggy address: [ 34.619995] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.620040] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.620122] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.620165] ^ [ 34.620208] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.620252] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.620289] ================================================================== [ 34.630968] ================================================================== [ 34.631007] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.631052] Write of size 121 at addr fff00000c970b200 by task kunit_try_catch/316 [ 34.631178] [ 34.631226] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 34.631342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.631380] Hardware name: linux,dummy-virt (DT) [ 34.631428] Call trace: [ 34.631468] show_stack+0x20/0x38 (C) [ 34.631557] dump_stack_lvl+0x8c/0xd0 [ 34.631623] print_report+0x118/0x5e8 [ 34.631667] kasan_report+0xdc/0x128 [ 34.631739] kasan_check_range+0x100/0x1a8 [ 34.631814] __kasan_check_write+0x20/0x30 [ 34.631902] copy_user_test_oob+0x434/0xec8 [ 34.631999] kunit_try_run_case+0x170/0x3f0 [ 34.632105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.632175] kthread+0x328/0x630 [ 34.632220] ret_from_fork+0x10/0x20 [ 34.632266] [ 34.632286] Allocated by task 316: [ 34.632315] kasan_save_stack+0x3c/0x68 [ 34.632353] kasan_save_track+0x20/0x40 [ 34.632391] kasan_save_alloc_info+0x40/0x58 [ 34.632431] __kasan_kmalloc+0xd4/0xd8 [ 34.632654] __kmalloc_noprof+0x198/0x4c8 [ 34.632697] kunit_kmalloc_array+0x34/0x88 [ 34.632736] copy_user_test_oob+0xac/0xec8 [ 34.632776] kunit_try_run_case+0x170/0x3f0 [ 34.632849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.632906] kthread+0x328/0x630 [ 34.632952] ret_from_fork+0x10/0x20 [ 34.633046] [ 34.633125] The buggy address belongs to the object at fff00000c970b200 [ 34.633125] which belongs to the cache kmalloc-128 of size 128 [ 34.633196] The buggy address is located 0 bytes inside of [ 34.633196] allocated 120-byte region [fff00000c970b200, fff00000c970b278) [ 34.633259] [ 34.633281] The buggy address belongs to the physical page: [ 34.633314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10970b [ 34.633377] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.633427] page_type: f5(slab) [ 34.633474] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.633526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.633584] page dumped because: kasan: bad access detected [ 34.633617] [ 34.633645] Memory state around the buggy address: [ 34.633679] fff00000c970b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.633733] fff00000c970b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.633787] >fff00000c970b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.633833] ^ [ 34.633874] fff00000c970b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.633918] fff00000c970b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.633975] ==================================================================
[ 28.633908] ================================================================== [ 28.634233] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.634680] Write of size 121 at addr ffff8881053b7a00 by task kunit_try_catch/333 [ 28.635320] [ 28.635467] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.635524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.635538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.635709] Call Trace: [ 28.635730] <TASK> [ 28.635829] dump_stack_lvl+0x73/0xb0 [ 28.635871] print_report+0xd1/0x640 [ 28.635896] ? __virt_addr_valid+0x1db/0x2d0 [ 28.635921] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.635944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.635970] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.635994] kasan_report+0x141/0x180 [ 28.636016] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.636044] kasan_check_range+0x10c/0x1c0 [ 28.636068] __kasan_check_write+0x18/0x20 [ 28.636091] copy_user_test_oob+0x3fd/0x10f0 [ 28.636117] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.636140] ? finish_task_switch.isra.0+0x153/0x700 [ 28.636162] ? __switch_to+0x47/0xf80 [ 28.636188] ? __schedule+0x10da/0x2b60 [ 28.636212] ? __pfx_read_tsc+0x10/0x10 [ 28.636235] ? ktime_get_ts64+0x86/0x230 [ 28.636260] kunit_try_run_case+0x1a5/0x480 [ 28.636285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.636308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.636358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.636393] ? __kthread_parkme+0x82/0x180 [ 28.636413] ? preempt_count_sub+0x50/0x80 [ 28.636436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.636461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.636485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.636508] kthread+0x337/0x6f0 [ 28.636528] ? trace_preempt_on+0x20/0xc0 [ 28.636552] ? __pfx_kthread+0x10/0x10 [ 28.636573] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.636604] ? calculate_sigpending+0x7b/0xa0 [ 28.636629] ? __pfx_kthread+0x10/0x10 [ 28.636650] ret_from_fork+0x116/0x1d0 [ 28.636669] ? __pfx_kthread+0x10/0x10 [ 28.636690] ret_from_fork_asm+0x1a/0x30 [ 28.636721] </TASK> [ 28.636733] [ 28.645596] Allocated by task 333: [ 28.645777] kasan_save_stack+0x45/0x70 [ 28.645932] kasan_save_track+0x18/0x40 [ 28.646114] kasan_save_alloc_info+0x3b/0x50 [ 28.646294] __kasan_kmalloc+0xb7/0xc0 [ 28.647005] __kmalloc_noprof+0x1ca/0x510 [ 28.647159] kunit_kmalloc_array+0x25/0x60 [ 28.647528] copy_user_test_oob+0xab/0x10f0 [ 28.647815] kunit_try_run_case+0x1a5/0x480 [ 28.647966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.648214] kthread+0x337/0x6f0 [ 28.648360] ret_from_fork+0x116/0x1d0 [ 28.648528] ret_from_fork_asm+0x1a/0x30 [ 28.648704] [ 28.648776] The buggy address belongs to the object at ffff8881053b7a00 [ 28.648776] which belongs to the cache kmalloc-128 of size 128 [ 28.649261] The buggy address is located 0 bytes inside of [ 28.649261] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.650114] [ 28.650379] The buggy address belongs to the physical page: [ 28.650706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.651083] flags: 0x200000000000000(node=0|zone=2) [ 28.651414] page_type: f5(slab) [ 28.651545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.651987] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.652383] page dumped because: kasan: bad access detected [ 28.652696] [ 28.652768] Memory state around the buggy address: [ 28.652978] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.653262] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.653541] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.653817] ^ [ 28.654082] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.654705] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.654965] ================================================================== [ 28.697938] ================================================================== [ 28.698517] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.698843] Read of size 121 at addr ffff8881053b7a00 by task kunit_try_catch/333 [ 28.699149] [ 28.699234] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.699281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.699294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.699317] Call Trace: [ 28.699332] <TASK> [ 28.699358] dump_stack_lvl+0x73/0xb0 [ 28.699389] print_report+0xd1/0x640 [ 28.699412] ? __virt_addr_valid+0x1db/0x2d0 [ 28.699435] ? copy_user_test_oob+0x604/0x10f0 [ 28.699458] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.699484] ? copy_user_test_oob+0x604/0x10f0 [ 28.699508] kasan_report+0x141/0x180 [ 28.699530] ? copy_user_test_oob+0x604/0x10f0 [ 28.699558] kasan_check_range+0x10c/0x1c0 [ 28.699582] __kasan_check_read+0x15/0x20 [ 28.699606] copy_user_test_oob+0x604/0x10f0 [ 28.699631] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.699654] ? finish_task_switch.isra.0+0x153/0x700 [ 28.699675] ? __switch_to+0x47/0xf80 [ 28.699701] ? __schedule+0x10da/0x2b60 [ 28.699724] ? __pfx_read_tsc+0x10/0x10 [ 28.699746] ? ktime_get_ts64+0x86/0x230 [ 28.699770] kunit_try_run_case+0x1a5/0x480 [ 28.699795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.699817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.699851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.699885] ? __kthread_parkme+0x82/0x180 [ 28.699906] ? preempt_count_sub+0x50/0x80 [ 28.699930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.699954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.699977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.700001] kthread+0x337/0x6f0 [ 28.700021] ? trace_preempt_on+0x20/0xc0 [ 28.700045] ? __pfx_kthread+0x10/0x10 [ 28.700065] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.700096] ? calculate_sigpending+0x7b/0xa0 [ 28.700119] ? __pfx_kthread+0x10/0x10 [ 28.700141] ret_from_fork+0x116/0x1d0 [ 28.700160] ? __pfx_kthread+0x10/0x10 [ 28.700181] ret_from_fork_asm+0x1a/0x30 [ 28.700212] </TASK> [ 28.700223] [ 28.706732] Allocated by task 333: [ 28.706862] kasan_save_stack+0x45/0x70 [ 28.706996] kasan_save_track+0x18/0x40 [ 28.707184] kasan_save_alloc_info+0x3b/0x50 [ 28.707395] __kasan_kmalloc+0xb7/0xc0 [ 28.707575] __kmalloc_noprof+0x1ca/0x510 [ 28.707768] kunit_kmalloc_array+0x25/0x60 [ 28.707950] copy_user_test_oob+0xab/0x10f0 [ 28.708088] kunit_try_run_case+0x1a5/0x480 [ 28.708227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.708404] kthread+0x337/0x6f0 [ 28.708568] ret_from_fork+0x116/0x1d0 [ 28.708749] ret_from_fork_asm+0x1a/0x30 [ 28.708949] [ 28.709038] The buggy address belongs to the object at ffff8881053b7a00 [ 28.709038] which belongs to the cache kmalloc-128 of size 128 [ 28.709594] The buggy address is located 0 bytes inside of [ 28.709594] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.710017] [ 28.710100] The buggy address belongs to the physical page: [ 28.710364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.710679] flags: 0x200000000000000(node=0|zone=2) [ 28.710873] page_type: f5(slab) [ 28.710988] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.711215] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.711443] page dumped because: kasan: bad access detected [ 28.711611] [ 28.711673] Memory state around the buggy address: [ 28.711838] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.712161] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712480] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.712786] ^ [ 28.713090] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.713411] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.713674] ================================================================== [ 28.676135] ================================================================== [ 28.677027] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.677320] Write of size 121 at addr ffff8881053b7a00 by task kunit_try_catch/333 [ 28.677772] [ 28.677942] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.678045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.678059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.678081] Call Trace: [ 28.678151] <TASK> [ 28.678166] dump_stack_lvl+0x73/0xb0 [ 28.678252] print_report+0xd1/0x640 [ 28.678278] ? __virt_addr_valid+0x1db/0x2d0 [ 28.678301] ? copy_user_test_oob+0x557/0x10f0 [ 28.678324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.678362] ? copy_user_test_oob+0x557/0x10f0 [ 28.678385] kasan_report+0x141/0x180 [ 28.678408] ? copy_user_test_oob+0x557/0x10f0 [ 28.678436] kasan_check_range+0x10c/0x1c0 [ 28.678460] __kasan_check_write+0x18/0x20 [ 28.678485] copy_user_test_oob+0x557/0x10f0 [ 28.678510] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.678534] ? finish_task_switch.isra.0+0x153/0x700 [ 28.678555] ? __switch_to+0x47/0xf80 [ 28.678581] ? __schedule+0x10da/0x2b60 [ 28.678605] ? __pfx_read_tsc+0x10/0x10 [ 28.678627] ? ktime_get_ts64+0x86/0x230 [ 28.678650] kunit_try_run_case+0x1a5/0x480 [ 28.678681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.678703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.678738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.678771] ? __kthread_parkme+0x82/0x180 [ 28.678791] ? preempt_count_sub+0x50/0x80 [ 28.678814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.678837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.678861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.678884] kthread+0x337/0x6f0 [ 28.678904] ? trace_preempt_on+0x20/0xc0 [ 28.678927] ? __pfx_kthread+0x10/0x10 [ 28.678948] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.678978] ? calculate_sigpending+0x7b/0xa0 [ 28.679002] ? __pfx_kthread+0x10/0x10 [ 28.679023] ret_from_fork+0x116/0x1d0 [ 28.679042] ? __pfx_kthread+0x10/0x10 [ 28.679062] ret_from_fork_asm+0x1a/0x30 [ 28.679093] </TASK> [ 28.679105] [ 28.687965] Allocated by task 333: [ 28.688124] kasan_save_stack+0x45/0x70 [ 28.688307] kasan_save_track+0x18/0x40 [ 28.688620] kasan_save_alloc_info+0x3b/0x50 [ 28.688888] __kasan_kmalloc+0xb7/0xc0 [ 28.689158] __kmalloc_noprof+0x1ca/0x510 [ 28.689363] kunit_kmalloc_array+0x25/0x60 [ 28.689666] copy_user_test_oob+0xab/0x10f0 [ 28.689858] kunit_try_run_case+0x1a5/0x480 [ 28.690165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.690378] kthread+0x337/0x6f0 [ 28.690618] ret_from_fork+0x116/0x1d0 [ 28.690844] ret_from_fork_asm+0x1a/0x30 [ 28.691127] [ 28.691325] The buggy address belongs to the object at ffff8881053b7a00 [ 28.691325] which belongs to the cache kmalloc-128 of size 128 [ 28.691933] The buggy address is located 0 bytes inside of [ 28.691933] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.692548] [ 28.692654] The buggy address belongs to the physical page: [ 28.692989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.693362] flags: 0x200000000000000(node=0|zone=2) [ 28.693544] page_type: f5(slab) [ 28.693714] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.694143] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.694558] page dumped because: kasan: bad access detected [ 28.694789] [ 28.694940] Memory state around the buggy address: [ 28.695175] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.695616] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.695870] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.696157] ^ [ 28.696585] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.696952] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.697200] ================================================================== [ 28.655772] ================================================================== [ 28.656369] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.656713] Read of size 121 at addr ffff8881053b7a00 by task kunit_try_catch/333 [ 28.657016] [ 28.657097] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 28.657145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.657158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.657182] Call Trace: [ 28.657200] <TASK> [ 28.657215] dump_stack_lvl+0x73/0xb0 [ 28.657246] print_report+0xd1/0x640 [ 28.657472] ? __virt_addr_valid+0x1db/0x2d0 [ 28.657504] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.657614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.657644] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.657668] kasan_report+0x141/0x180 [ 28.657691] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.657719] kasan_check_range+0x10c/0x1c0 [ 28.657743] __kasan_check_read+0x15/0x20 [ 28.657768] copy_user_test_oob+0x4aa/0x10f0 [ 28.657793] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.657816] ? finish_task_switch.isra.0+0x153/0x700 [ 28.657838] ? __switch_to+0x47/0xf80 [ 28.657863] ? __schedule+0x10da/0x2b60 [ 28.657888] ? __pfx_read_tsc+0x10/0x10 [ 28.657910] ? ktime_get_ts64+0x86/0x230 [ 28.657934] kunit_try_run_case+0x1a5/0x480 [ 28.657959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.657982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.658017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.658049] ? __kthread_parkme+0x82/0x180 [ 28.658071] ? preempt_count_sub+0x50/0x80 [ 28.658094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.658141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.658164] kthread+0x337/0x6f0 [ 28.658184] ? trace_preempt_on+0x20/0xc0 [ 28.658208] ? __pfx_kthread+0x10/0x10 [ 28.658229] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.658260] ? calculate_sigpending+0x7b/0xa0 [ 28.658284] ? __pfx_kthread+0x10/0x10 [ 28.658306] ret_from_fork+0x116/0x1d0 [ 28.658325] ? __pfx_kthread+0x10/0x10 [ 28.658356] ret_from_fork_asm+0x1a/0x30 [ 28.658387] </TASK> [ 28.658398] [ 28.666871] Allocated by task 333: [ 28.667224] kasan_save_stack+0x45/0x70 [ 28.667491] kasan_save_track+0x18/0x40 [ 28.667666] kasan_save_alloc_info+0x3b/0x50 [ 28.667967] __kasan_kmalloc+0xb7/0xc0 [ 28.668145] __kmalloc_noprof+0x1ca/0x510 [ 28.668312] kunit_kmalloc_array+0x25/0x60 [ 28.668503] copy_user_test_oob+0xab/0x10f0 [ 28.668676] kunit_try_run_case+0x1a5/0x480 [ 28.668852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.669072] kthread+0x337/0x6f0 [ 28.669219] ret_from_fork+0x116/0x1d0 [ 28.669694] ret_from_fork_asm+0x1a/0x30 [ 28.669868] [ 28.669934] The buggy address belongs to the object at ffff8881053b7a00 [ 28.669934] which belongs to the cache kmalloc-128 of size 128 [ 28.670573] The buggy address is located 0 bytes inside of [ 28.670573] allocated 120-byte region [ffff8881053b7a00, ffff8881053b7a78) [ 28.671211] [ 28.671286] The buggy address belongs to the physical page: [ 28.671665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7 [ 28.672023] flags: 0x200000000000000(node=0|zone=2) [ 28.672248] page_type: f5(slab) [ 28.672498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.672850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.673205] page dumped because: kasan: bad access detected [ 28.673408] [ 28.673567] Memory state around the buggy address: [ 28.673877] ffff8881053b7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.674119] ffff8881053b7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.674425] >ffff8881053b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.674711] ^ [ 28.674986] ffff8881053b7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.675260] ffff8881053b7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.675553] ==================================================================