Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.545615] ================================================================== [ 33.545667] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 33.545721] Read of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.545774] [ 33.546143] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.546379] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.546415] Hardware name: linux,dummy-virt (DT) [ 33.546465] Call trace: [ 33.546492] show_stack+0x20/0x38 (C) [ 33.547050] dump_stack_lvl+0x8c/0xd0 [ 33.547135] print_report+0x118/0x5e8 [ 33.547182] kasan_report+0xdc/0x128 [ 33.547399] kasan_check_range+0x100/0x1a8 [ 33.547462] __kasan_check_read+0x20/0x30 [ 33.547539] copy_user_test_oob+0x4a0/0xec8 [ 33.547653] kunit_try_run_case+0x170/0x3f0 [ 33.547702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.547753] kthread+0x328/0x630 [ 33.547983] ret_from_fork+0x10/0x20 [ 33.548385] [ 33.548422] Allocated by task 316: [ 33.548459] kasan_save_stack+0x3c/0x68 [ 33.548615] kasan_save_track+0x20/0x40 [ 33.548667] kasan_save_alloc_info+0x40/0x58 [ 33.548848] __kasan_kmalloc+0xd4/0xd8 [ 33.549420] __kmalloc_noprof+0x198/0x4c8 [ 33.549472] kunit_kmalloc_array+0x34/0x88 [ 33.549698] copy_user_test_oob+0xac/0xec8 [ 33.549989] kunit_try_run_case+0x170/0x3f0 [ 33.550373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.550850] kthread+0x328/0x630 [ 33.551091] ret_from_fork+0x10/0x20 [ 33.551181] [ 33.551204] The buggy address belongs to the object at fff00000c922a400 [ 33.551204] which belongs to the cache kmalloc-128 of size 128 [ 33.551751] The buggy address is located 0 bytes inside of [ 33.551751] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.552093] [ 33.552138] The buggy address belongs to the physical page: [ 33.552451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.553048] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.553242] page_type: f5(slab) [ 33.553724] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.553971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.554200] page dumped because: kasan: bad access detected [ 33.554261] [ 33.554592] Memory state around the buggy address: [ 33.554743] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.554871] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.555058] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.555143] ^ [ 33.555390] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.555501] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.555746] ================================================================== [ 33.534741] ================================================================== [ 33.535229] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 33.535312] Write of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.535365] [ 33.535678] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.535792] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.535893] Hardware name: linux,dummy-virt (DT) [ 33.535951] Call trace: [ 33.535976] show_stack+0x20/0x38 (C) [ 33.536030] dump_stack_lvl+0x8c/0xd0 [ 33.536382] print_report+0x118/0x5e8 [ 33.536487] kasan_report+0xdc/0x128 [ 33.536541] kasan_check_range+0x100/0x1a8 [ 33.536587] __kasan_check_write+0x20/0x30 [ 33.537049] copy_user_test_oob+0x434/0xec8 [ 33.537198] kunit_try_run_case+0x170/0x3f0 [ 33.537392] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.537594] kthread+0x328/0x630 [ 33.537664] ret_from_fork+0x10/0x20 [ 33.537922] [ 33.538155] Allocated by task 316: [ 33.538251] kasan_save_stack+0x3c/0x68 [ 33.538406] kasan_save_track+0x20/0x40 [ 33.538449] kasan_save_alloc_info+0x40/0x58 [ 33.538673] __kasan_kmalloc+0xd4/0xd8 [ 33.538940] __kmalloc_noprof+0x198/0x4c8 [ 33.539009] kunit_kmalloc_array+0x34/0x88 [ 33.539245] copy_user_test_oob+0xac/0xec8 [ 33.539509] kunit_try_run_case+0x170/0x3f0 [ 33.539704] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.539932] kthread+0x328/0x630 [ 33.540182] ret_from_fork+0x10/0x20 [ 33.540260] [ 33.540503] The buggy address belongs to the object at fff00000c922a400 [ 33.540503] which belongs to the cache kmalloc-128 of size 128 [ 33.540776] The buggy address is located 0 bytes inside of [ 33.540776] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.541275] [ 33.541341] The buggy address belongs to the physical page: [ 33.541400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.541698] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.541868] page_type: f5(slab) [ 33.542081] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.542229] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.542381] page dumped because: kasan: bad access detected [ 33.542585] [ 33.542771] Memory state around the buggy address: [ 33.542853] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.542903] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.543471] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.543560] ^ [ 33.543846] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.543983] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.544072] ================================================================== [ 33.524992] ================================================================== [ 33.525218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 33.525417] Read of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.525511] [ 33.525564] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.525782] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.525945] Hardware name: linux,dummy-virt (DT) [ 33.526008] Call trace: [ 33.526191] show_stack+0x20/0x38 (C) [ 33.526336] dump_stack_lvl+0x8c/0xd0 [ 33.526747] print_report+0x118/0x5e8 [ 33.526944] kasan_report+0xdc/0x128 [ 33.527022] kasan_check_range+0x100/0x1a8 [ 33.527153] __kasan_check_read+0x20/0x30 [ 33.527259] copy_user_test_oob+0x3c8/0xec8 [ 33.527309] kunit_try_run_case+0x170/0x3f0 [ 33.527853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.528159] kthread+0x328/0x630 [ 33.528267] ret_from_fork+0x10/0x20 [ 33.528439] [ 33.528501] Allocated by task 316: [ 33.528537] kasan_save_stack+0x3c/0x68 [ 33.528718] kasan_save_track+0x20/0x40 [ 33.529010] kasan_save_alloc_info+0x40/0x58 [ 33.529304] __kasan_kmalloc+0xd4/0xd8 [ 33.529363] __kmalloc_noprof+0x198/0x4c8 [ 33.529994] kunit_kmalloc_array+0x34/0x88 [ 33.530109] copy_user_test_oob+0xac/0xec8 [ 33.530161] kunit_try_run_case+0x170/0x3f0 [ 33.530201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.530467] kthread+0x328/0x630 [ 33.530883] ret_from_fork+0x10/0x20 [ 33.531029] [ 33.531252] The buggy address belongs to the object at fff00000c922a400 [ 33.531252] which belongs to the cache kmalloc-128 of size 128 [ 33.531567] The buggy address is located 0 bytes inside of [ 33.531567] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.531874] [ 33.531905] The buggy address belongs to the physical page: [ 33.531941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.531998] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.532050] page_type: f5(slab) [ 33.532158] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.532227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.532273] page dumped because: kasan: bad access detected [ 33.532304] [ 33.532324] Memory state around the buggy address: [ 33.532359] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.532412] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.532465] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.532525] ^ [ 33.532567] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.532627] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.532667] ================================================================== [ 33.474100] ================================================================== [ 33.474204] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 33.474707] Write of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.474809] [ 33.474949] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.475647] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.475691] Hardware name: linux,dummy-virt (DT) [ 33.475747] Call trace: [ 33.475910] show_stack+0x20/0x38 (C) [ 33.475997] dump_stack_lvl+0x8c/0xd0 [ 33.476406] print_report+0x118/0x5e8 [ 33.476469] kasan_report+0xdc/0x128 [ 33.476515] kasan_check_range+0x100/0x1a8 [ 33.476738] __kasan_check_write+0x20/0x30 [ 33.476930] copy_user_test_oob+0x234/0xec8 [ 33.477132] kunit_try_run_case+0x170/0x3f0 [ 33.477246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.477387] kthread+0x328/0x630 [ 33.477438] ret_from_fork+0x10/0x20 [ 33.477490] [ 33.477513] Allocated by task 316: [ 33.477548] kasan_save_stack+0x3c/0x68 [ 33.478036] kasan_save_track+0x20/0x40 [ 33.478122] kasan_save_alloc_info+0x40/0x58 [ 33.478271] __kasan_kmalloc+0xd4/0xd8 [ 33.478353] __kmalloc_noprof+0x198/0x4c8 [ 33.478584] kunit_kmalloc_array+0x34/0x88 [ 33.478737] copy_user_test_oob+0xac/0xec8 [ 33.478883] kunit_try_run_case+0x170/0x3f0 [ 33.479036] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.479133] kthread+0x328/0x630 [ 33.479254] ret_from_fork+0x10/0x20 [ 33.479303] [ 33.479326] The buggy address belongs to the object at fff00000c922a400 [ 33.479326] which belongs to the cache kmalloc-128 of size 128 [ 33.479608] The buggy address is located 0 bytes inside of [ 33.479608] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.479770] [ 33.479868] The buggy address belongs to the physical page: [ 33.480457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.480651] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.480952] page_type: f5(slab) [ 33.481041] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.481097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.481141] page dumped because: kasan: bad access detected [ 33.481196] [ 33.481541] Memory state around the buggy address: [ 33.482098] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.482337] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.482387] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.482528] ^ [ 33.482845] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.483064] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.483158] ================================================================== [ 33.512330] ================================================================== [ 33.512728] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 33.512806] Write of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.512911] [ 33.512981] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.513456] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.513557] Hardware name: linux,dummy-virt (DT) [ 33.513899] Call trace: [ 33.513937] show_stack+0x20/0x38 (C) [ 33.514180] dump_stack_lvl+0x8c/0xd0 [ 33.514291] print_report+0x118/0x5e8 [ 33.514443] kasan_report+0xdc/0x128 [ 33.514869] kasan_check_range+0x100/0x1a8 [ 33.514934] __kasan_check_write+0x20/0x30 [ 33.515101] copy_user_test_oob+0x35c/0xec8 [ 33.515356] kunit_try_run_case+0x170/0x3f0 [ 33.515423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.515678] kthread+0x328/0x630 [ 33.516054] ret_from_fork+0x10/0x20 [ 33.516389] [ 33.516641] Allocated by task 316: [ 33.516689] kasan_save_stack+0x3c/0x68 [ 33.516905] kasan_save_track+0x20/0x40 [ 33.517116] kasan_save_alloc_info+0x40/0x58 [ 33.517168] __kasan_kmalloc+0xd4/0xd8 [ 33.517206] __kmalloc_noprof+0x198/0x4c8 [ 33.517249] kunit_kmalloc_array+0x34/0x88 [ 33.517551] copy_user_test_oob+0xac/0xec8 [ 33.517789] kunit_try_run_case+0x170/0x3f0 [ 33.517878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.518104] kthread+0x328/0x630 [ 33.518431] ret_from_fork+0x10/0x20 [ 33.518515] [ 33.518538] The buggy address belongs to the object at fff00000c922a400 [ 33.518538] which belongs to the cache kmalloc-128 of size 128 [ 33.518787] The buggy address is located 0 bytes inside of [ 33.518787] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.519159] [ 33.519413] The buggy address belongs to the physical page: [ 33.519792] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.520062] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.520260] page_type: f5(slab) [ 33.520654] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.520963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.521155] page dumped because: kasan: bad access detected [ 33.521391] [ 33.521623] Memory state around the buggy address: [ 33.521692] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.521748] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522028] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.522262] ^ [ 33.522545] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522632] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.522725] ================================================================== [ 33.490289] ================================================================== [ 33.490353] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 33.490876] Read of size 121 at addr fff00000c922a400 by task kunit_try_catch/316 [ 33.490982] [ 33.491385] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 33.491774] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.491889] Hardware name: linux,dummy-virt (DT) [ 33.491955] Call trace: [ 33.491983] show_stack+0x20/0x38 (C) [ 33.492077] dump_stack_lvl+0x8c/0xd0 [ 33.492498] print_report+0x118/0x5e8 [ 33.492910] kasan_report+0xdc/0x128 [ 33.493007] kasan_check_range+0x100/0x1a8 [ 33.493075] __kasan_check_read+0x20/0x30 [ 33.493254] copy_user_test_oob+0x728/0xec8 [ 33.493435] kunit_try_run_case+0x170/0x3f0 [ 33.493779] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.493919] kthread+0x328/0x630 [ 33.494114] ret_from_fork+0x10/0x20 [ 33.494610] [ 33.494880] Allocated by task 316: [ 33.494965] kasan_save_stack+0x3c/0x68 [ 33.495013] kasan_save_track+0x20/0x40 [ 33.495252] kasan_save_alloc_info+0x40/0x58 [ 33.495441] __kasan_kmalloc+0xd4/0xd8 [ 33.495606] __kmalloc_noprof+0x198/0x4c8 [ 33.495939] kunit_kmalloc_array+0x34/0x88 [ 33.496350] copy_user_test_oob+0xac/0xec8 [ 33.496567] kunit_try_run_case+0x170/0x3f0 [ 33.496826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.497030] kthread+0x328/0x630 [ 33.497138] ret_from_fork+0x10/0x20 [ 33.497327] [ 33.497575] The buggy address belongs to the object at fff00000c922a400 [ 33.497575] which belongs to the cache kmalloc-128 of size 128 [ 33.497784] The buggy address is located 0 bytes inside of [ 33.497784] allocated 120-byte region [fff00000c922a400, fff00000c922a478) [ 33.498061] [ 33.498128] The buggy address belongs to the physical page: [ 33.498201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10922a [ 33.498296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.498403] page_type: f5(slab) [ 33.498491] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.498699] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.499118] page dumped because: kasan: bad access detected [ 33.499217] [ 33.499288] Memory state around the buggy address: [ 33.499426] fff00000c922a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.499575] fff00000c922a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.499649] >fff00000c922a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.499690] ^ [ 33.499769] fff00000c922a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.499970] fff00000c922a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.500176] ==================================================================
[ 29.349669] ================================================================== [ 29.349955] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.350201] Read of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.350530] [ 29.350648] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.350698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.350712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.350734] Call Trace: [ 29.350751] <TASK> [ 29.350768] dump_stack_lvl+0x73/0xb0 [ 29.350813] print_report+0xd1/0x640 [ 29.350850] ? __virt_addr_valid+0x1db/0x2d0 [ 29.350876] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.350903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.350932] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.350967] kasan_report+0x141/0x180 [ 29.350993] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.351022] kasan_check_range+0x10c/0x1c0 [ 29.351049] __kasan_check_read+0x15/0x20 [ 29.351074] copy_user_test_oob+0x4aa/0x10f0 [ 29.351102] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.351127] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.351162] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.351192] kunit_try_run_case+0x1a5/0x480 [ 29.351218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.351244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.351271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.351298] ? __kthread_parkme+0x82/0x180 [ 29.351320] ? preempt_count_sub+0x50/0x80 [ 29.351344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.351370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.351395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.351421] kthread+0x337/0x6f0 [ 29.351443] ? trace_preempt_on+0x20/0xc0 [ 29.351467] ? __pfx_kthread+0x10/0x10 [ 29.351490] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.351515] ? calculate_sigpending+0x7b/0xa0 [ 29.351541] ? __pfx_kthread+0x10/0x10 [ 29.351564] ret_from_fork+0x116/0x1d0 [ 29.351586] ? __pfx_kthread+0x10/0x10 [ 29.351608] ret_from_fork_asm+0x1a/0x30 [ 29.351641] </TASK> [ 29.351654] [ 29.358366] Allocated by task 333: [ 29.358534] kasan_save_stack+0x45/0x70 [ 29.358761] kasan_save_track+0x18/0x40 [ 29.358931] kasan_save_alloc_info+0x3b/0x50 [ 29.359143] __kasan_kmalloc+0xb7/0xc0 [ 29.359329] __kmalloc_noprof+0x1ca/0x510 [ 29.359492] kunit_kmalloc_array+0x25/0x60 [ 29.359679] copy_user_test_oob+0xab/0x10f0 [ 29.359884] kunit_try_run_case+0x1a5/0x480 [ 29.360053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.360234] kthread+0x337/0x6f0 [ 29.360439] ret_from_fork+0x116/0x1d0 [ 29.360658] ret_from_fork_asm+0x1a/0x30 [ 29.360851] [ 29.360925] The buggy address belongs to the object at ffff888104975500 [ 29.360925] which belongs to the cache kmalloc-128 of size 128 [ 29.361512] The buggy address is located 0 bytes inside of [ 29.361512] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.362020] [ 29.362115] The buggy address belongs to the physical page: [ 29.362345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.362589] flags: 0x200000000000000(node=0|zone=2) [ 29.362755] page_type: f5(slab) [ 29.362907] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.363326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.363665] page dumped because: kasan: bad access detected [ 29.363924] [ 29.364016] Memory state around the buggy address: [ 29.364306] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.364583] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.364871] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.365196] ^ [ 29.365464] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.365757] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366027] ================================================================== [ 29.385852] ================================================================== [ 29.386167] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.386742] Read of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.387605] [ 29.387810] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.387877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.387892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.387923] Call Trace: [ 29.387940] <TASK> [ 29.387955] dump_stack_lvl+0x73/0xb0 [ 29.387986] print_report+0xd1/0x640 [ 29.388011] ? __virt_addr_valid+0x1db/0x2d0 [ 29.388036] ? copy_user_test_oob+0x604/0x10f0 [ 29.388061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.388091] ? copy_user_test_oob+0x604/0x10f0 [ 29.388117] kasan_report+0x141/0x180 [ 29.388142] ? copy_user_test_oob+0x604/0x10f0 [ 29.388288] kasan_check_range+0x10c/0x1c0 [ 29.388322] __kasan_check_read+0x15/0x20 [ 29.388350] copy_user_test_oob+0x604/0x10f0 [ 29.388379] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.388405] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.388483] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.388515] kunit_try_run_case+0x1a5/0x480 [ 29.388542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388567] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.388594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.388622] ? __kthread_parkme+0x82/0x180 [ 29.388645] ? preempt_count_sub+0x50/0x80 [ 29.388671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.388722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.388748] kthread+0x337/0x6f0 [ 29.388769] ? trace_preempt_on+0x20/0xc0 [ 29.388793] ? __pfx_kthread+0x10/0x10 [ 29.388817] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.388852] ? calculate_sigpending+0x7b/0xa0 [ 29.388883] ? __pfx_kthread+0x10/0x10 [ 29.388906] ret_from_fork+0x116/0x1d0 [ 29.388928] ? __pfx_kthread+0x10/0x10 [ 29.388951] ret_from_fork_asm+0x1a/0x30 [ 29.388984] </TASK> [ 29.388997] [ 29.398262] Allocated by task 333: [ 29.398619] kasan_save_stack+0x45/0x70 [ 29.398799] kasan_save_track+0x18/0x40 [ 29.399132] kasan_save_alloc_info+0x3b/0x50 [ 29.399325] __kasan_kmalloc+0xb7/0xc0 [ 29.399524] __kmalloc_noprof+0x1ca/0x510 [ 29.399698] kunit_kmalloc_array+0x25/0x60 [ 29.399917] copy_user_test_oob+0xab/0x10f0 [ 29.400095] kunit_try_run_case+0x1a5/0x480 [ 29.400329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.400952] kthread+0x337/0x6f0 [ 29.401116] ret_from_fork+0x116/0x1d0 [ 29.401336] ret_from_fork_asm+0x1a/0x30 [ 29.401601] [ 29.401928] The buggy address belongs to the object at ffff888104975500 [ 29.401928] which belongs to the cache kmalloc-128 of size 128 [ 29.402481] The buggy address is located 0 bytes inside of [ 29.402481] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.403102] [ 29.403265] The buggy address belongs to the physical page: [ 29.403582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.404034] flags: 0x200000000000000(node=0|zone=2) [ 29.404399] page_type: f5(slab) [ 29.404631] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.405080] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.405636] page dumped because: kasan: bad access detected [ 29.405942] [ 29.406030] Memory state around the buggy address: [ 29.406213] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.406766] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.407051] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.407597] ^ [ 29.407985] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.408321] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.408733] ================================================================== [ 29.366541] ================================================================== [ 29.366859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.367149] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.367445] [ 29.367559] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.367605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.367619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.367641] Call Trace: [ 29.367657] <TASK> [ 29.367672] dump_stack_lvl+0x73/0xb0 [ 29.367700] print_report+0xd1/0x640 [ 29.367724] ? __virt_addr_valid+0x1db/0x2d0 [ 29.367750] ? copy_user_test_oob+0x557/0x10f0 [ 29.367775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.367803] ? copy_user_test_oob+0x557/0x10f0 [ 29.367840] kasan_report+0x141/0x180 [ 29.367865] ? copy_user_test_oob+0x557/0x10f0 [ 29.367895] kasan_check_range+0x10c/0x1c0 [ 29.367922] __kasan_check_write+0x18/0x20 [ 29.367948] copy_user_test_oob+0x557/0x10f0 [ 29.367975] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.367999] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.368035] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.368066] kunit_try_run_case+0x1a5/0x480 [ 29.368095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.368121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.368149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.368187] ? __kthread_parkme+0x82/0x180 [ 29.368209] ? preempt_count_sub+0x50/0x80 [ 29.368235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.368261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.368287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.368311] kthread+0x337/0x6f0 [ 29.368334] ? trace_preempt_on+0x20/0xc0 [ 29.368359] ? __pfx_kthread+0x10/0x10 [ 29.368382] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.368407] ? calculate_sigpending+0x7b/0xa0 [ 29.368435] ? __pfx_kthread+0x10/0x10 [ 29.368458] ret_from_fork+0x116/0x1d0 [ 29.368481] ? __pfx_kthread+0x10/0x10 [ 29.368503] ret_from_fork_asm+0x1a/0x30 [ 29.368536] </TASK> [ 29.368548] [ 29.375117] Allocated by task 333: [ 29.375464] kasan_save_stack+0x45/0x70 [ 29.375653] kasan_save_track+0x18/0x40 [ 29.375820] kasan_save_alloc_info+0x3b/0x50 [ 29.376025] __kasan_kmalloc+0xb7/0xc0 [ 29.376209] __kmalloc_noprof+0x1ca/0x510 [ 29.376352] kunit_kmalloc_array+0x25/0x60 [ 29.376498] copy_user_test_oob+0xab/0x10f0 [ 29.376646] kunit_try_run_case+0x1a5/0x480 [ 29.376799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.377072] kthread+0x337/0x6f0 [ 29.377312] ret_from_fork+0x116/0x1d0 [ 29.377507] ret_from_fork_asm+0x1a/0x30 [ 29.377716] [ 29.377800] The buggy address belongs to the object at ffff888104975500 [ 29.377800] which belongs to the cache kmalloc-128 of size 128 [ 29.378354] The buggy address is located 0 bytes inside of [ 29.378354] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.378720] [ 29.378790] The buggy address belongs to the physical page: [ 29.378977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.379259] flags: 0x200000000000000(node=0|zone=2) [ 29.379489] page_type: f5(slab) [ 29.379654] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.380248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.380592] page dumped because: kasan: bad access detected [ 29.380851] [ 29.380950] Memory state around the buggy address: [ 29.381876] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.383168] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.383458] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.383672] ^ [ 29.383923] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.384646] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.385129] ================================================================== [ 29.332530] ================================================================== [ 29.332820] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.333078] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.333331] [ 29.333518] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.333569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.333584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.333608] Call Trace: [ 29.333623] <TASK> [ 29.333640] dump_stack_lvl+0x73/0xb0 [ 29.333669] print_report+0xd1/0x640 [ 29.333693] ? __virt_addr_valid+0x1db/0x2d0 [ 29.333719] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.333772] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333798] kasan_report+0x141/0x180 [ 29.333823] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333865] kasan_check_range+0x10c/0x1c0 [ 29.333890] __kasan_check_write+0x18/0x20 [ 29.333916] copy_user_test_oob+0x3fd/0x10f0 [ 29.333944] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.333969] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.334005] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.334035] kunit_try_run_case+0x1a5/0x480 [ 29.334062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.334114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.334140] ? __kthread_parkme+0x82/0x180 [ 29.334162] ? preempt_count_sub+0x50/0x80 [ 29.334186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.334238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.334264] kthread+0x337/0x6f0 [ 29.334287] ? trace_preempt_on+0x20/0xc0 [ 29.334311] ? __pfx_kthread+0x10/0x10 [ 29.334335] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.334369] ? calculate_sigpending+0x7b/0xa0 [ 29.334395] ? __pfx_kthread+0x10/0x10 [ 29.334418] ret_from_fork+0x116/0x1d0 [ 29.334440] ? __pfx_kthread+0x10/0x10 [ 29.334462] ret_from_fork_asm+0x1a/0x30 [ 29.334495] </TASK> [ 29.334508] [ 29.341351] Allocated by task 333: [ 29.341500] kasan_save_stack+0x45/0x70 [ 29.341700] kasan_save_track+0x18/0x40 [ 29.341860] kasan_save_alloc_info+0x3b/0x50 [ 29.342073] __kasan_kmalloc+0xb7/0xc0 [ 29.342273] __kmalloc_noprof+0x1ca/0x510 [ 29.342462] kunit_kmalloc_array+0x25/0x60 [ 29.342633] copy_user_test_oob+0xab/0x10f0 [ 29.342843] kunit_try_run_case+0x1a5/0x480 [ 29.343023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.343264] kthread+0x337/0x6f0 [ 29.343402] ret_from_fork+0x116/0x1d0 [ 29.343536] ret_from_fork_asm+0x1a/0x30 [ 29.343683] [ 29.343779] The buggy address belongs to the object at ffff888104975500 [ 29.343779] which belongs to the cache kmalloc-128 of size 128 [ 29.344329] The buggy address is located 0 bytes inside of [ 29.344329] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.344935] [ 29.345027] The buggy address belongs to the physical page: [ 29.345299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.345606] flags: 0x200000000000000(node=0|zone=2) [ 29.345816] page_type: f5(slab) [ 29.345960] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.346417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.346648] page dumped because: kasan: bad access detected [ 29.346821] [ 29.346927] Memory state around the buggy address: [ 29.347153] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.347578] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.347800] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.348032] ^ [ 29.348453] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.348775] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.349107] ==================================================================