Date
July 23, 2025, 3:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.893372] ================================================================== [ 33.893441] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 33.893503] Read of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.893689] [ 33.893730] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.893825] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.893858] Hardware name: linux,dummy-virt (DT) [ 33.893890] Call trace: [ 33.893929] show_stack+0x20/0x38 (C) [ 33.893978] dump_stack_lvl+0x8c/0xd0 [ 33.894027] print_report+0x118/0x5e8 [ 33.894073] kasan_report+0xdc/0x128 [ 33.894125] kasan_check_range+0x100/0x1a8 [ 33.894345] __kasan_check_read+0x20/0x30 [ 33.894576] copy_user_test_oob+0x728/0xec8 [ 33.894665] kunit_try_run_case+0x170/0x3f0 [ 33.894874] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.894955] kthread+0x328/0x630 [ 33.894997] ret_from_fork+0x10/0x20 [ 33.895045] [ 33.895065] Allocated by task 318: [ 33.895096] kasan_save_stack+0x3c/0x68 [ 33.895135] kasan_save_track+0x20/0x40 [ 33.895173] kasan_save_alloc_info+0x40/0x58 [ 33.895244] __kasan_kmalloc+0xd4/0xd8 [ 33.895281] __kmalloc_noprof+0x198/0x4c8 [ 33.895324] kunit_kmalloc_array+0x34/0x88 [ 33.895363] copy_user_test_oob+0xac/0xec8 [ 33.895405] kunit_try_run_case+0x170/0x3f0 [ 33.895444] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.895489] kthread+0x328/0x630 [ 33.895524] ret_from_fork+0x10/0x20 [ 33.895563] [ 33.895585] The buggy address belongs to the object at fff00000c9c2f300 [ 33.895585] which belongs to the cache kmalloc-128 of size 128 [ 33.895647] The buggy address is located 0 bytes inside of [ 33.895647] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.895712] [ 33.895735] The buggy address belongs to the physical page: [ 33.895800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.895909] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.895963] page_type: f5(slab) [ 33.896004] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.896057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.896100] page dumped because: kasan: bad access detected [ 33.896132] [ 33.896152] Memory state around the buggy address: [ 33.896186] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.896230] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.896275] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.896314] ^ [ 33.896428] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.896474] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.896543] ================================================================== [ 33.919716] ================================================================== [ 33.919830] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 33.919887] Write of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.919955] [ 33.919987] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.920076] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.920108] Hardware name: linux,dummy-virt (DT) [ 33.920140] Call trace: [ 33.920164] show_stack+0x20/0x38 (C) [ 33.920213] dump_stack_lvl+0x8c/0xd0 [ 33.920260] print_report+0x118/0x5e8 [ 33.920325] kasan_report+0xdc/0x128 [ 33.920379] kasan_check_range+0x100/0x1a8 [ 33.920426] __kasan_check_write+0x20/0x30 [ 33.920486] copy_user_test_oob+0x434/0xec8 [ 33.921210] kunit_try_run_case+0x170/0x3f0 [ 33.921520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.922114] kthread+0x328/0x630 [ 33.922246] ret_from_fork+0x10/0x20 [ 33.922345] [ 33.922374] Allocated by task 318: [ 33.922600] kasan_save_stack+0x3c/0x68 [ 33.922756] kasan_save_track+0x20/0x40 [ 33.923192] kasan_save_alloc_info+0x40/0x58 [ 33.923280] __kasan_kmalloc+0xd4/0xd8 [ 33.923626] __kmalloc_noprof+0x198/0x4c8 [ 33.923970] kunit_kmalloc_array+0x34/0x88 [ 33.924357] copy_user_test_oob+0xac/0xec8 [ 33.924520] kunit_try_run_case+0x170/0x3f0 [ 33.924599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.924655] kthread+0x328/0x630 [ 33.925040] ret_from_fork+0x10/0x20 [ 33.925164] [ 33.925241] The buggy address belongs to the object at fff00000c9c2f300 [ 33.925241] which belongs to the cache kmalloc-128 of size 128 [ 33.925467] The buggy address is located 0 bytes inside of [ 33.925467] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.925953] [ 33.926002] The buggy address belongs to the physical page: [ 33.926051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.926325] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.926468] page_type: f5(slab) [ 33.926513] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.926727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.927236] page dumped because: kasan: bad access detected [ 33.927298] [ 33.927407] Memory state around the buggy address: [ 33.927474] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.927692] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.927963] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.928126] ^ [ 33.928183] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.928329] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.928404] ================================================================== [ 33.929665] ================================================================== [ 33.929741] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 33.930098] Read of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.930420] [ 33.930627] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.930757] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.930850] Hardware name: linux,dummy-virt (DT) [ 33.930884] Call trace: [ 33.930919] show_stack+0x20/0x38 (C) [ 33.931107] dump_stack_lvl+0x8c/0xd0 [ 33.931369] print_report+0x118/0x5e8 [ 33.931611] kasan_report+0xdc/0x128 [ 33.931674] kasan_check_range+0x100/0x1a8 [ 33.931884] __kasan_check_read+0x20/0x30 [ 33.931965] copy_user_test_oob+0x4a0/0xec8 [ 33.932021] kunit_try_run_case+0x170/0x3f0 [ 33.932238] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.932310] kthread+0x328/0x630 [ 33.932353] ret_from_fork+0x10/0x20 [ 33.932406] [ 33.932427] Allocated by task 318: [ 33.932458] kasan_save_stack+0x3c/0x68 [ 33.932501] kasan_save_track+0x20/0x40 [ 33.932927] kasan_save_alloc_info+0x40/0x58 [ 33.933244] __kasan_kmalloc+0xd4/0xd8 [ 33.933334] __kmalloc_noprof+0x198/0x4c8 [ 33.933459] kunit_kmalloc_array+0x34/0x88 [ 33.933767] copy_user_test_oob+0xac/0xec8 [ 33.933933] kunit_try_run_case+0x170/0x3f0 [ 33.934253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.934671] kthread+0x328/0x630 [ 33.934788] ret_from_fork+0x10/0x20 [ 33.934947] [ 33.935001] The buggy address belongs to the object at fff00000c9c2f300 [ 33.935001] which belongs to the cache kmalloc-128 of size 128 [ 33.935326] The buggy address is located 0 bytes inside of [ 33.935326] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.935709] [ 33.935752] The buggy address belongs to the physical page: [ 33.935875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.935975] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.936039] page_type: f5(slab) [ 33.936093] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.936153] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.936195] page dumped because: kasan: bad access detected [ 33.936229] [ 33.936258] Memory state around the buggy address: [ 33.936293] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.936352] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.936398] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.936438] ^ [ 33.936484] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.937006] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.937075] ================================================================== [ 33.910940] ================================================================== [ 33.910994] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 33.911047] Read of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.911175] [ 33.911221] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.911588] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.911640] Hardware name: linux,dummy-virt (DT) [ 33.911694] Call trace: [ 33.911723] show_stack+0x20/0x38 (C) [ 33.911776] dump_stack_lvl+0x8c/0xd0 [ 33.911951] print_report+0x118/0x5e8 [ 33.912120] kasan_report+0xdc/0x128 [ 33.912203] kasan_check_range+0x100/0x1a8 [ 33.912279] __kasan_check_read+0x20/0x30 [ 33.912345] copy_user_test_oob+0x3c8/0xec8 [ 33.912439] kunit_try_run_case+0x170/0x3f0 [ 33.912486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.912833] kthread+0x328/0x630 [ 33.912936] ret_from_fork+0x10/0x20 [ 33.913015] [ 33.913355] Allocated by task 318: [ 33.913421] kasan_save_stack+0x3c/0x68 [ 33.913628] kasan_save_track+0x20/0x40 [ 33.913888] kasan_save_alloc_info+0x40/0x58 [ 33.913998] __kasan_kmalloc+0xd4/0xd8 [ 33.914324] __kmalloc_noprof+0x198/0x4c8 [ 33.914472] kunit_kmalloc_array+0x34/0x88 [ 33.914516] copy_user_test_oob+0xac/0xec8 [ 33.914567] kunit_try_run_case+0x170/0x3f0 [ 33.914930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.915157] kthread+0x328/0x630 [ 33.915258] ret_from_fork+0x10/0x20 [ 33.915473] [ 33.915499] The buggy address belongs to the object at fff00000c9c2f300 [ 33.915499] which belongs to the cache kmalloc-128 of size 128 [ 33.915869] The buggy address is located 0 bytes inside of [ 33.915869] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.916178] [ 33.916554] The buggy address belongs to the physical page: [ 33.916790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.916864] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.917125] page_type: f5(slab) [ 33.917213] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.917280] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.917323] page dumped because: kasan: bad access detected [ 33.917360] [ 33.917380] Memory state around the buggy address: [ 33.917721] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.917951] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.918290] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.918380] ^ [ 33.918877] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.919042] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.919106] ================================================================== [ 33.883229] ================================================================== [ 33.883398] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 33.883628] Write of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.883720] [ 33.883825] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.884291] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.884485] Hardware name: linux,dummy-virt (DT) [ 33.884784] Call trace: [ 33.884906] show_stack+0x20/0x38 (C) [ 33.884967] dump_stack_lvl+0x8c/0xd0 [ 33.885038] print_report+0x118/0x5e8 [ 33.885084] kasan_report+0xdc/0x128 [ 33.885127] kasan_check_range+0x100/0x1a8 [ 33.885333] __kasan_check_write+0x20/0x30 [ 33.885454] copy_user_test_oob+0x234/0xec8 [ 33.885508] kunit_try_run_case+0x170/0x3f0 [ 33.885560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.885638] kthread+0x328/0x630 [ 33.885695] ret_from_fork+0x10/0x20 [ 33.885810] [ 33.885956] Allocated by task 318: [ 33.885990] kasan_save_stack+0x3c/0x68 [ 33.886035] kasan_save_track+0x20/0x40 [ 33.886073] kasan_save_alloc_info+0x40/0x58 [ 33.886124] __kasan_kmalloc+0xd4/0xd8 [ 33.886161] __kmalloc_noprof+0x198/0x4c8 [ 33.886204] kunit_kmalloc_array+0x34/0x88 [ 33.886330] copy_user_test_oob+0xac/0xec8 [ 33.886469] kunit_try_run_case+0x170/0x3f0 [ 33.886549] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.886685] kthread+0x328/0x630 [ 33.886755] ret_from_fork+0x10/0x20 [ 33.886801] [ 33.886822] The buggy address belongs to the object at fff00000c9c2f300 [ 33.886822] which belongs to the cache kmalloc-128 of size 128 [ 33.887033] The buggy address is located 0 bytes inside of [ 33.887033] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.887394] [ 33.887425] The buggy address belongs to the physical page: [ 33.887490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.887648] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.887705] page_type: f5(slab) [ 33.887749] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.887802] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.887848] page dumped because: kasan: bad access detected [ 33.887944] [ 33.888038] Memory state around the buggy address: [ 33.888215] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.888279] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.888497] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.888624] ^ [ 33.888672] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.888716] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.888756] ================================================================== [ 33.902160] ================================================================== [ 33.902248] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 33.902317] Write of size 121 at addr fff00000c9c2f300 by task kunit_try_catch/318 [ 33.902379] [ 33.902553] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 33.902797] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.902831] Hardware name: linux,dummy-virt (DT) [ 33.902865] Call trace: [ 33.902890] show_stack+0x20/0x38 (C) [ 33.902959] dump_stack_lvl+0x8c/0xd0 [ 33.903287] print_report+0x118/0x5e8 [ 33.903368] kasan_report+0xdc/0x128 [ 33.903477] kasan_check_range+0x100/0x1a8 [ 33.903531] __kasan_check_write+0x20/0x30 [ 33.903578] copy_user_test_oob+0x35c/0xec8 [ 33.903915] kunit_try_run_case+0x170/0x3f0 [ 33.904007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.904104] kthread+0x328/0x630 [ 33.904146] ret_from_fork+0x10/0x20 [ 33.904462] [ 33.904499] Allocated by task 318: [ 33.904543] kasan_save_stack+0x3c/0x68 [ 33.904841] kasan_save_track+0x20/0x40 [ 33.904926] kasan_save_alloc_info+0x40/0x58 [ 33.905066] __kasan_kmalloc+0xd4/0xd8 [ 33.905167] __kmalloc_noprof+0x198/0x4c8 [ 33.905307] kunit_kmalloc_array+0x34/0x88 [ 33.905360] copy_user_test_oob+0xac/0xec8 [ 33.905716] kunit_try_run_case+0x170/0x3f0 [ 33.905814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.905949] kthread+0x328/0x630 [ 33.906026] ret_from_fork+0x10/0x20 [ 33.906082] [ 33.906104] The buggy address belongs to the object at fff00000c9c2f300 [ 33.906104] which belongs to the cache kmalloc-128 of size 128 [ 33.906464] The buggy address is located 0 bytes inside of [ 33.906464] allocated 120-byte region [fff00000c9c2f300, fff00000c9c2f378) [ 33.906540] [ 33.906574] The buggy address belongs to the physical page: [ 33.906871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2f [ 33.907262] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.907395] page_type: f5(slab) [ 33.907442] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.907799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.907892] page dumped because: kasan: bad access detected [ 33.908200] [ 33.908476] Memory state around the buggy address: [ 33.908565] fff00000c9c2f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.908663] fff00000c9c2f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.908995] >fff00000c9c2f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.909044] ^ [ 33.909337] fff00000c9c2f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.909398] fff00000c9c2f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.909687] ==================================================================
[ 29.360486] ================================================================== [ 29.360889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.361116] Read of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.361471] [ 29.361580] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.361631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.361645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.361669] Call Trace: [ 29.361689] <TASK> [ 29.361709] dump_stack_lvl+0x73/0xb0 [ 29.361750] print_report+0xd1/0x640 [ 29.361774] ? __virt_addr_valid+0x1db/0x2d0 [ 29.361812] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.361866] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361891] kasan_report+0x141/0x180 [ 29.361915] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361943] kasan_check_range+0x10c/0x1c0 [ 29.361968] __kasan_check_read+0x15/0x20 [ 29.361994] copy_user_test_oob+0x4aa/0x10f0 [ 29.362022] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.362046] ? finish_task_switch.isra.0+0x153/0x700 [ 29.362070] ? __switch_to+0x47/0xf80 [ 29.362098] ? __schedule+0x10da/0x2b60 [ 29.362125] ? __pfx_read_tsc+0x10/0x10 [ 29.362157] ? ktime_get_ts64+0x86/0x230 [ 29.362199] kunit_try_run_case+0x1a5/0x480 [ 29.362225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.362259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.362285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.362312] ? __kthread_parkme+0x82/0x180 [ 29.362333] ? preempt_count_sub+0x50/0x80 [ 29.362357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.362384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.362411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.362437] kthread+0x337/0x6f0 [ 29.362458] ? trace_preempt_on+0x20/0xc0 [ 29.362483] ? __pfx_kthread+0x10/0x10 [ 29.362506] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.362530] ? calculate_sigpending+0x7b/0xa0 [ 29.362555] ? __pfx_kthread+0x10/0x10 [ 29.362578] ret_from_fork+0x116/0x1d0 [ 29.362598] ? __pfx_kthread+0x10/0x10 [ 29.362620] ret_from_fork_asm+0x1a/0x30 [ 29.362652] </TASK> [ 29.362664] [ 29.369826] Allocated by task 334: [ 29.369976] kasan_save_stack+0x45/0x70 [ 29.370222] kasan_save_track+0x18/0x40 [ 29.370411] kasan_save_alloc_info+0x3b/0x50 [ 29.370616] __kasan_kmalloc+0xb7/0xc0 [ 29.370798] __kmalloc_noprof+0x1ca/0x510 [ 29.371047] kunit_kmalloc_array+0x25/0x60 [ 29.371274] copy_user_test_oob+0xab/0x10f0 [ 29.371433] kunit_try_run_case+0x1a5/0x480 [ 29.371575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.371749] kthread+0x337/0x6f0 [ 29.371887] ret_from_fork+0x116/0x1d0 [ 29.372237] ret_from_fork_asm+0x1a/0x30 [ 29.372458] [ 29.372554] The buggy address belongs to the object at ffff8881060a7500 [ 29.372554] which belongs to the cache kmalloc-128 of size 128 [ 29.373139] The buggy address is located 0 bytes inside of [ 29.373139] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.373500] [ 29.373568] The buggy address belongs to the physical page: [ 29.373742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.373990] flags: 0x200000000000000(node=0|zone=2) [ 29.374230] page_type: f5(slab) [ 29.374396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.374730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.375056] page dumped because: kasan: bad access detected [ 29.375333] [ 29.375421] Memory state around the buggy address: [ 29.375645] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.375988] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.376208] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.376416] ^ [ 29.376742] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.377215] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.377530] ================================================================== [ 29.335664] ================================================================== [ 29.336516] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.336780] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.337677] [ 29.337993] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.338075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.338090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.338114] Call Trace: [ 29.338129] <TASK> [ 29.338159] dump_stack_lvl+0x73/0xb0 [ 29.338193] print_report+0xd1/0x640 [ 29.338218] ? __virt_addr_valid+0x1db/0x2d0 [ 29.338245] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.338298] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338323] kasan_report+0x141/0x180 [ 29.338347] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338376] kasan_check_range+0x10c/0x1c0 [ 29.338401] __kasan_check_write+0x18/0x20 [ 29.338427] copy_user_test_oob+0x3fd/0x10f0 [ 29.338454] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.338478] ? finish_task_switch.isra.0+0x153/0x700 [ 29.338503] ? __switch_to+0x47/0xf80 [ 29.338531] ? __schedule+0x10da/0x2b60 [ 29.338558] ? __pfx_read_tsc+0x10/0x10 [ 29.338582] ? ktime_get_ts64+0x86/0x230 [ 29.338608] kunit_try_run_case+0x1a5/0x480 [ 29.338633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.338657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.338682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.338709] ? __kthread_parkme+0x82/0x180 [ 29.338731] ? preempt_count_sub+0x50/0x80 [ 29.338755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.338779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.338805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.338830] kthread+0x337/0x6f0 [ 29.338852] ? trace_preempt_on+0x20/0xc0 [ 29.338878] ? __pfx_kthread+0x10/0x10 [ 29.338899] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.338924] ? calculate_sigpending+0x7b/0xa0 [ 29.338950] ? __pfx_kthread+0x10/0x10 [ 29.338972] ret_from_fork+0x116/0x1d0 [ 29.338995] ? __pfx_kthread+0x10/0x10 [ 29.339016] ret_from_fork_asm+0x1a/0x30 [ 29.339049] </TASK> [ 29.339061] [ 29.351461] Allocated by task 334: [ 29.351605] kasan_save_stack+0x45/0x70 [ 29.351758] kasan_save_track+0x18/0x40 [ 29.351890] kasan_save_alloc_info+0x3b/0x50 [ 29.352072] __kasan_kmalloc+0xb7/0xc0 [ 29.352235] __kmalloc_noprof+0x1ca/0x510 [ 29.352456] kunit_kmalloc_array+0x25/0x60 [ 29.352656] copy_user_test_oob+0xab/0x10f0 [ 29.352830] kunit_try_run_case+0x1a5/0x480 [ 29.353187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.353661] kthread+0x337/0x6f0 [ 29.353816] ret_from_fork+0x116/0x1d0 [ 29.354280] ret_from_fork_asm+0x1a/0x30 [ 29.354627] [ 29.354698] The buggy address belongs to the object at ffff8881060a7500 [ 29.354698] which belongs to the cache kmalloc-128 of size 128 [ 29.355088] The buggy address is located 0 bytes inside of [ 29.355088] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.355550] [ 29.355626] The buggy address belongs to the physical page: [ 29.355879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.356209] flags: 0x200000000000000(node=0|zone=2) [ 29.356670] page_type: f5(slab) [ 29.356805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.357199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.357514] page dumped because: kasan: bad access detected [ 29.357749] [ 29.357843] Memory state around the buggy address: [ 29.358063] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.358377] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.358610] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.358844] ^ [ 29.359194] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.359463] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.359869] ================================================================== [ 29.378120] ================================================================== [ 29.378503] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.378823] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.379175] [ 29.379290] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.379351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.379365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.379389] Call Trace: [ 29.379422] <TASK> [ 29.379442] dump_stack_lvl+0x73/0xb0 [ 29.379474] print_report+0xd1/0x640 [ 29.379498] ? __virt_addr_valid+0x1db/0x2d0 [ 29.379525] ? copy_user_test_oob+0x557/0x10f0 [ 29.379550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.379577] ? copy_user_test_oob+0x557/0x10f0 [ 29.379603] kasan_report+0x141/0x180 [ 29.379632] ? copy_user_test_oob+0x557/0x10f0 [ 29.379663] kasan_check_range+0x10c/0x1c0 [ 29.379692] __kasan_check_write+0x18/0x20 [ 29.379716] copy_user_test_oob+0x557/0x10f0 [ 29.379743] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.379766] ? finish_task_switch.isra.0+0x153/0x700 [ 29.379800] ? __switch_to+0x47/0xf80 [ 29.379828] ? __schedule+0x10da/0x2b60 [ 29.379866] ? __pfx_read_tsc+0x10/0x10 [ 29.379890] ? ktime_get_ts64+0x86/0x230 [ 29.379916] kunit_try_run_case+0x1a5/0x480 [ 29.379942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.379966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.379991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.380018] ? __kthread_parkme+0x82/0x180 [ 29.380040] ? preempt_count_sub+0x50/0x80 [ 29.380063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.380088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.380113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.380137] kthread+0x337/0x6f0 [ 29.380167] ? trace_preempt_on+0x20/0xc0 [ 29.380201] ? __pfx_kthread+0x10/0x10 [ 29.380223] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.380248] ? calculate_sigpending+0x7b/0xa0 [ 29.380274] ? __pfx_kthread+0x10/0x10 [ 29.380296] ret_from_fork+0x116/0x1d0 [ 29.380317] ? __pfx_kthread+0x10/0x10 [ 29.380339] ret_from_fork_asm+0x1a/0x30 [ 29.380372] </TASK> [ 29.380384] [ 29.387837] Allocated by task 334: [ 29.388028] kasan_save_stack+0x45/0x70 [ 29.388251] kasan_save_track+0x18/0x40 [ 29.388444] kasan_save_alloc_info+0x3b/0x50 [ 29.388653] __kasan_kmalloc+0xb7/0xc0 [ 29.388834] __kmalloc_noprof+0x1ca/0x510 [ 29.389047] kunit_kmalloc_array+0x25/0x60 [ 29.389237] copy_user_test_oob+0xab/0x10f0 [ 29.389432] kunit_try_run_case+0x1a5/0x480 [ 29.389635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.389819] kthread+0x337/0x6f0 [ 29.390021] ret_from_fork+0x116/0x1d0 [ 29.390213] ret_from_fork_asm+0x1a/0x30 [ 29.390390] [ 29.390459] The buggy address belongs to the object at ffff8881060a7500 [ 29.390459] which belongs to the cache kmalloc-128 of size 128 [ 29.390998] The buggy address is located 0 bytes inside of [ 29.390998] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.391424] [ 29.391494] The buggy address belongs to the physical page: [ 29.391675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.391918] flags: 0x200000000000000(node=0|zone=2) [ 29.392369] page_type: f5(slab) [ 29.393832] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.394498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.394845] page dumped because: kasan: bad access detected [ 29.396045] [ 29.396310] Memory state around the buggy address: [ 29.396486] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.397068] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.397466] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.397861] ^ [ 29.398188] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.398639] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.399009] ================================================================== [ 29.399850] ================================================================== [ 29.400223] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.400656] Read of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.401233] [ 29.401365] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.401554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.401625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.401710] Call Trace: [ 29.401732] <TASK> [ 29.401756] dump_stack_lvl+0x73/0xb0 [ 29.401789] print_report+0xd1/0x640 [ 29.401814] ? __virt_addr_valid+0x1db/0x2d0 [ 29.401843] ? copy_user_test_oob+0x604/0x10f0 [ 29.401868] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.401896] ? copy_user_test_oob+0x604/0x10f0 [ 29.401920] kasan_report+0x141/0x180 [ 29.401953] ? copy_user_test_oob+0x604/0x10f0 [ 29.401982] kasan_check_range+0x10c/0x1c0 [ 29.402008] __kasan_check_read+0x15/0x20 [ 29.402033] copy_user_test_oob+0x604/0x10f0 [ 29.402060] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.402085] ? finish_task_switch.isra.0+0x153/0x700 [ 29.402109] ? __switch_to+0x47/0xf80 [ 29.402137] ? __schedule+0x10da/0x2b60 [ 29.402177] ? __pfx_read_tsc+0x10/0x10 [ 29.402200] ? ktime_get_ts64+0x86/0x230 [ 29.402225] kunit_try_run_case+0x1a5/0x480 [ 29.402252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.402276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.402303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.402329] ? __kthread_parkme+0x82/0x180 [ 29.402350] ? preempt_count_sub+0x50/0x80 [ 29.402374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.402400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.402424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.402449] kthread+0x337/0x6f0 [ 29.402470] ? trace_preempt_on+0x20/0xc0 [ 29.402497] ? __pfx_kthread+0x10/0x10 [ 29.402519] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.402544] ? calculate_sigpending+0x7b/0xa0 [ 29.402569] ? __pfx_kthread+0x10/0x10 [ 29.402591] ret_from_fork+0x116/0x1d0 [ 29.402613] ? __pfx_kthread+0x10/0x10 [ 29.402634] ret_from_fork_asm+0x1a/0x30 [ 29.402667] </TASK> [ 29.402680] [ 29.412656] Allocated by task 334: [ 29.412811] kasan_save_stack+0x45/0x70 [ 29.413190] kasan_save_track+0x18/0x40 [ 29.413370] kasan_save_alloc_info+0x3b/0x50 [ 29.413658] __kasan_kmalloc+0xb7/0xc0 [ 29.413802] __kmalloc_noprof+0x1ca/0x510 [ 29.414104] kunit_kmalloc_array+0x25/0x60 [ 29.414345] copy_user_test_oob+0xab/0x10f0 [ 29.414676] kunit_try_run_case+0x1a5/0x480 [ 29.414998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.415240] kthread+0x337/0x6f0 [ 29.415557] ret_from_fork+0x116/0x1d0 [ 29.415739] ret_from_fork_asm+0x1a/0x30 [ 29.416154] [ 29.416232] The buggy address belongs to the object at ffff8881060a7500 [ 29.416232] which belongs to the cache kmalloc-128 of size 128 [ 29.416868] The buggy address is located 0 bytes inside of [ 29.416868] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.417465] [ 29.417572] The buggy address belongs to the physical page: [ 29.418015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.418471] flags: 0x200000000000000(node=0|zone=2) [ 29.418675] page_type: f5(slab) [ 29.418982] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.419426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.419822] page dumped because: kasan: bad access detected [ 29.420091] [ 29.420308] Memory state around the buggy address: [ 29.420504] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.420821] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.421336] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.421643] ^ [ 29.422069] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422476] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422836] ==================================================================