Date
July 24, 2025, 4:41 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.385789] ================================================================== [ 35.385941] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 35.386037] Write of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.386103] [ 35.386158] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.386251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.386281] Hardware name: linux,dummy-virt (DT) [ 35.386318] Call trace: [ 35.386347] show_stack+0x20/0x38 (C) [ 35.386402] dump_stack_lvl+0x8c/0xd0 [ 35.386466] print_report+0x118/0x5e8 [ 35.386511] kasan_report+0xdc/0x128 [ 35.386558] kasan_check_range+0x100/0x1a8 [ 35.386606] __kasan_check_write+0x20/0x30 [ 35.386655] copy_user_test_oob+0x234/0xec8 [ 35.386704] kunit_try_run_case+0x170/0x3f0 [ 35.386767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.386821] kthread+0x328/0x630 [ 35.386870] ret_from_fork+0x10/0x20 [ 35.387527] [ 35.387574] Allocated by task 316: [ 35.387635] kasan_save_stack+0x3c/0x68 [ 35.387708] kasan_save_track+0x20/0x40 [ 35.387793] kasan_save_alloc_info+0x40/0x58 [ 35.387876] __kasan_kmalloc+0xd4/0xd8 [ 35.387955] __kmalloc_noprof+0x198/0x4c8 [ 35.388034] kunit_kmalloc_array+0x34/0x88 [ 35.388124] copy_user_test_oob+0xac/0xec8 [ 35.388234] kunit_try_run_case+0x170/0x3f0 [ 35.388323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.388419] kthread+0x328/0x630 [ 35.388460] ret_from_fork+0x10/0x20 [ 35.388499] [ 35.388522] The buggy address belongs to the object at fff00000c9b92400 [ 35.388522] which belongs to the cache kmalloc-128 of size 128 [ 35.388586] The buggy address is located 0 bytes inside of [ 35.388586] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.388703] [ 35.388730] The buggy address belongs to the physical page: [ 35.388788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.389025] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.389157] page_type: f5(slab) [ 35.389240] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.389496] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.389548] page dumped because: kasan: bad access detected [ 35.389647] [ 35.389696] Memory state around the buggy address: [ 35.389815] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.389881] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.389927] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.389970] ^ [ 35.390015] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.390060] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.390099] ================================================================== [ 35.418911] ================================================================== [ 35.418995] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 35.419046] Read of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.419259] [ 35.419360] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.419499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.419556] Hardware name: linux,dummy-virt (DT) [ 35.419588] Call trace: [ 35.419615] show_stack+0x20/0x38 (C) [ 35.419838] dump_stack_lvl+0x8c/0xd0 [ 35.419972] print_report+0x118/0x5e8 [ 35.420040] kasan_report+0xdc/0x128 [ 35.420147] kasan_check_range+0x100/0x1a8 [ 35.420234] __kasan_check_read+0x20/0x30 [ 35.420301] copy_user_test_oob+0x4a0/0xec8 [ 35.420393] kunit_try_run_case+0x170/0x3f0 [ 35.420467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.420522] kthread+0x328/0x630 [ 35.420589] ret_from_fork+0x10/0x20 [ 35.420639] [ 35.420685] Allocated by task 316: [ 35.420717] kasan_save_stack+0x3c/0x68 [ 35.420769] kasan_save_track+0x20/0x40 [ 35.420807] kasan_save_alloc_info+0x40/0x58 [ 35.420846] __kasan_kmalloc+0xd4/0xd8 [ 35.421022] __kmalloc_noprof+0x198/0x4c8 [ 35.421137] kunit_kmalloc_array+0x34/0x88 [ 35.421205] copy_user_test_oob+0xac/0xec8 [ 35.421273] kunit_try_run_case+0x170/0x3f0 [ 35.421360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.421418] kthread+0x328/0x630 [ 35.421454] ret_from_fork+0x10/0x20 [ 35.421521] [ 35.421651] The buggy address belongs to the object at fff00000c9b92400 [ 35.421651] which belongs to the cache kmalloc-128 of size 128 [ 35.421719] The buggy address is located 0 bytes inside of [ 35.421719] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.421798] [ 35.421822] The buggy address belongs to the physical page: [ 35.421858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.422064] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.422165] page_type: f5(slab) [ 35.422273] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.422350] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.422404] page dumped because: kasan: bad access detected [ 35.422439] [ 35.422460] Memory state around the buggy address: [ 35.422617] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.422712] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.422824] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.422923] ^ [ 35.423043] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.423091] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.423133] ================================================================== [ 35.414343] ================================================================== [ 35.414406] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 35.414460] Write of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.414522] [ 35.414554] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.414642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.414682] Hardware name: linux,dummy-virt (DT) [ 35.414724] Call trace: [ 35.414762] show_stack+0x20/0x38 (C) [ 35.414810] dump_stack_lvl+0x8c/0xd0 [ 35.414858] print_report+0x118/0x5e8 [ 35.414903] kasan_report+0xdc/0x128 [ 35.414955] kasan_check_range+0x100/0x1a8 [ 35.415002] __kasan_check_write+0x20/0x30 [ 35.415050] copy_user_test_oob+0x434/0xec8 [ 35.415100] kunit_try_run_case+0x170/0x3f0 [ 35.415148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.415204] kthread+0x328/0x630 [ 35.415271] ret_from_fork+0x10/0x20 [ 35.415322] [ 35.415342] Allocated by task 316: [ 35.415373] kasan_save_stack+0x3c/0x68 [ 35.415568] kasan_save_track+0x20/0x40 [ 35.415894] kasan_save_alloc_info+0x40/0x58 [ 35.415944] __kasan_kmalloc+0xd4/0xd8 [ 35.416003] __kmalloc_noprof+0x198/0x4c8 [ 35.416047] kunit_kmalloc_array+0x34/0x88 [ 35.416086] copy_user_test_oob+0xac/0xec8 [ 35.416126] kunit_try_run_case+0x170/0x3f0 [ 35.416164] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.416234] kthread+0x328/0x630 [ 35.416416] ret_from_fork+0x10/0x20 [ 35.416529] [ 35.416589] The buggy address belongs to the object at fff00000c9b92400 [ 35.416589] which belongs to the cache kmalloc-128 of size 128 [ 35.416699] The buggy address is located 0 bytes inside of [ 35.416699] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.416932] [ 35.416961] The buggy address belongs to the physical page: [ 35.417071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.417188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.417288] page_type: f5(slab) [ 35.417364] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.417438] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.417482] page dumped because: kasan: bad access detected [ 35.417516] [ 35.417550] Memory state around the buggy address: [ 35.417692] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.417810] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.417992] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.418066] ^ [ 35.418154] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.418199] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.418241] ================================================================== [ 35.395987] ================================================================== [ 35.396081] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 35.396140] Read of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.396216] [ 35.396262] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.396354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.396389] Hardware name: linux,dummy-virt (DT) [ 35.396424] Call trace: [ 35.396452] show_stack+0x20/0x38 (C) [ 35.396503] dump_stack_lvl+0x8c/0xd0 [ 35.396549] print_report+0x118/0x5e8 [ 35.396607] kasan_report+0xdc/0x128 [ 35.396652] kasan_check_range+0x100/0x1a8 [ 35.396699] __kasan_check_read+0x20/0x30 [ 35.396766] copy_user_test_oob+0x728/0xec8 [ 35.396817] kunit_try_run_case+0x170/0x3f0 [ 35.396865] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.396919] kthread+0x328/0x630 [ 35.396962] ret_from_fork+0x10/0x20 [ 35.397011] [ 35.397033] Allocated by task 316: [ 35.397062] kasan_save_stack+0x3c/0x68 [ 35.397104] kasan_save_track+0x20/0x40 [ 35.397141] kasan_save_alloc_info+0x40/0x58 [ 35.397181] __kasan_kmalloc+0xd4/0xd8 [ 35.397217] __kmalloc_noprof+0x198/0x4c8 [ 35.397259] kunit_kmalloc_array+0x34/0x88 [ 35.397297] copy_user_test_oob+0xac/0xec8 [ 35.397339] kunit_try_run_case+0x170/0x3f0 [ 35.397377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.397421] kthread+0x328/0x630 [ 35.397457] ret_from_fork+0x10/0x20 [ 35.397495] [ 35.397517] The buggy address belongs to the object at fff00000c9b92400 [ 35.397517] which belongs to the cache kmalloc-128 of size 128 [ 35.397578] The buggy address is located 0 bytes inside of [ 35.397578] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.397660] [ 35.397684] The buggy address belongs to the physical page: [ 35.397730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.397798] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.397848] page_type: f5(slab) [ 35.398463] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.398536] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.398581] page dumped because: kasan: bad access detected [ 35.398618] [ 35.398666] Memory state around the buggy address: [ 35.398703] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.398765] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.398812] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.398853] ^ [ 35.398897] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.398971] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.399165] ================================================================== [ 35.410193] ================================================================== [ 35.410270] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 35.410349] Read of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.410415] [ 35.410463] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.410551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.410580] Hardware name: linux,dummy-virt (DT) [ 35.410786] Call trace: [ 35.410822] show_stack+0x20/0x38 (C) [ 35.410889] dump_stack_lvl+0x8c/0xd0 [ 35.410998] print_report+0x118/0x5e8 [ 35.411095] kasan_report+0xdc/0x128 [ 35.411153] kasan_check_range+0x100/0x1a8 [ 35.411239] __kasan_check_read+0x20/0x30 [ 35.411310] copy_user_test_oob+0x3c8/0xec8 [ 35.411401] kunit_try_run_case+0x170/0x3f0 [ 35.411535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.411601] kthread+0x328/0x630 [ 35.411643] ret_from_fork+0x10/0x20 [ 35.411719] [ 35.411740] Allocated by task 316: [ 35.411781] kasan_save_stack+0x3c/0x68 [ 35.411821] kasan_save_track+0x20/0x40 [ 35.411859] kasan_save_alloc_info+0x40/0x58 [ 35.411898] __kasan_kmalloc+0xd4/0xd8 [ 35.411935] __kmalloc_noprof+0x198/0x4c8 [ 35.412119] kunit_kmalloc_array+0x34/0x88 [ 35.412203] copy_user_test_oob+0xac/0xec8 [ 35.412274] kunit_try_run_case+0x170/0x3f0 [ 35.412354] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.412440] kthread+0x328/0x630 [ 35.412487] ret_from_fork+0x10/0x20 [ 35.412524] [ 35.412547] The buggy address belongs to the object at fff00000c9b92400 [ 35.412547] which belongs to the cache kmalloc-128 of size 128 [ 35.412710] The buggy address is located 0 bytes inside of [ 35.412710] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.412839] [ 35.412919] The buggy address belongs to the physical page: [ 35.412980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.413066] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.413182] page_type: f5(slab) [ 35.413283] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.413355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.413399] page dumped because: kasan: bad access detected [ 35.413435] [ 35.413456] Memory state around the buggy address: [ 35.413490] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.413537] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.413583] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.413809] ^ [ 35.413907] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.413985] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.414053] ================================================================== [ 35.404877] ================================================================== [ 35.404939] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 35.405024] Write of size 121 at addr fff00000c9b92400 by task kunit_try_catch/316 [ 35.405081] [ 35.405116] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 35.405321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.405351] Hardware name: linux,dummy-virt (DT) [ 35.405530] Call trace: [ 35.405565] show_stack+0x20/0x38 (C) [ 35.405619] dump_stack_lvl+0x8c/0xd0 [ 35.405685] print_report+0x118/0x5e8 [ 35.405772] kasan_report+0xdc/0x128 [ 35.405838] kasan_check_range+0x100/0x1a8 [ 35.405888] __kasan_check_write+0x20/0x30 [ 35.405953] copy_user_test_oob+0x35c/0xec8 [ 35.406019] kunit_try_run_case+0x170/0x3f0 [ 35.406084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.406168] kthread+0x328/0x630 [ 35.406211] ret_from_fork+0x10/0x20 [ 35.406267] [ 35.406288] Allocated by task 316: [ 35.406318] kasan_save_stack+0x3c/0x68 [ 35.406359] kasan_save_track+0x20/0x40 [ 35.406493] kasan_save_alloc_info+0x40/0x58 [ 35.406594] __kasan_kmalloc+0xd4/0xd8 [ 35.406705] __kmalloc_noprof+0x198/0x4c8 [ 35.406825] kunit_kmalloc_array+0x34/0x88 [ 35.406884] copy_user_test_oob+0xac/0xec8 [ 35.406941] kunit_try_run_case+0x170/0x3f0 [ 35.407017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.407062] kthread+0x328/0x630 [ 35.407096] ret_from_fork+0x10/0x20 [ 35.407159] [ 35.407334] The buggy address belongs to the object at fff00000c9b92400 [ 35.407334] which belongs to the cache kmalloc-128 of size 128 [ 35.407438] The buggy address is located 0 bytes inside of [ 35.407438] allocated 120-byte region [fff00000c9b92400, fff00000c9b92478) [ 35.407548] [ 35.407616] The buggy address belongs to the physical page: [ 35.407678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b92 [ 35.407780] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.407848] page_type: f5(slab) [ 35.407940] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.408024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.408115] page dumped because: kasan: bad access detected [ 35.408149] [ 35.408170] Memory state around the buggy address: [ 35.408230] fff00000c9b92300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.408276] fff00000c9b92380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.408322] >fff00000c9b92400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.408376] ^ [ 35.408417] fff00000c9b92480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.408462] fff00000c9b92500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.408501] ==================================================================
[ 31.151760] ================================================================== [ 31.152381] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 31.152795] Read of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.153096] [ 31.153224] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.153278] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.153292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.153315] Call Trace: [ 31.153337] <TASK> [ 31.153357] dump_stack_lvl+0x73/0xb0 [ 31.153386] print_report+0xd1/0x640 [ 31.153411] ? __virt_addr_valid+0x1db/0x2d0 [ 31.153436] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.153486] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153512] kasan_report+0x141/0x180 [ 31.153546] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153591] kasan_check_range+0x10c/0x1c0 [ 31.153617] __kasan_check_read+0x15/0x20 [ 31.153641] copy_user_test_oob+0x4aa/0x10f0 [ 31.153676] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.153700] ? finish_task_switch.isra.0+0x153/0x700 [ 31.153732] ? __switch_to+0x47/0xf80 [ 31.153761] ? __schedule+0x10da/0x2b60 [ 31.153786] ? __pfx_read_tsc+0x10/0x10 [ 31.153810] ? ktime_get_ts64+0x86/0x230 [ 31.153847] kunit_try_run_case+0x1a5/0x480 [ 31.153876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.153899] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.153933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.153969] ? __kthread_parkme+0x82/0x180 [ 31.153991] ? preempt_count_sub+0x50/0x80 [ 31.154025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.154050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.154074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.154098] kthread+0x337/0x6f0 [ 31.154119] ? trace_preempt_on+0x20/0xc0 [ 31.154144] ? __pfx_kthread+0x10/0x10 [ 31.154165] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.154190] ? calculate_sigpending+0x7b/0xa0 [ 31.154215] ? __pfx_kthread+0x10/0x10 [ 31.154236] ret_from_fork+0x116/0x1d0 [ 31.154257] ? __pfx_kthread+0x10/0x10 [ 31.154277] ret_from_fork_asm+0x1a/0x30 [ 31.154310] </TASK> [ 31.154322] [ 31.164029] Allocated by task 333: [ 31.164209] kasan_save_stack+0x45/0x70 [ 31.164404] kasan_save_track+0x18/0x40 [ 31.164587] kasan_save_alloc_info+0x3b/0x50 [ 31.164778] __kasan_kmalloc+0xb7/0xc0 [ 31.165498] __kmalloc_noprof+0x1ca/0x510 [ 31.165903] kunit_kmalloc_array+0x25/0x60 [ 31.166260] copy_user_test_oob+0xab/0x10f0 [ 31.166471] kunit_try_run_case+0x1a5/0x480 [ 31.166674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.166910] kthread+0x337/0x6f0 [ 31.167368] ret_from_fork+0x116/0x1d0 [ 31.167542] ret_from_fork_asm+0x1a/0x30 [ 31.167736] [ 31.167824] The buggy address belongs to the object at ffff888105635400 [ 31.167824] which belongs to the cache kmalloc-128 of size 128 [ 31.169178] The buggy address is located 0 bytes inside of [ 31.169178] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.170078] [ 31.170182] The buggy address belongs to the physical page: [ 31.170661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.171324] flags: 0x200000000000000(node=0|zone=2) [ 31.171514] page_type: f5(slab) [ 31.171724] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.172058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.172489] page dumped because: kasan: bad access detected [ 31.172717] [ 31.172804] Memory state around the buggy address: [ 31.173039] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.173347] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.173636] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.173936] ^ [ 31.174238] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.174519] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.174818] ================================================================== [ 31.133468] ================================================================== [ 31.133886] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 31.134249] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.134531] [ 31.134631] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.134697] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.134713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.134736] Call Trace: [ 31.134762] <TASK> [ 31.134783] dump_stack_lvl+0x73/0xb0 [ 31.134812] print_report+0xd1/0x640 [ 31.134838] ? __virt_addr_valid+0x1db/0x2d0 [ 31.134864] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.134888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.134944] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.134968] kasan_report+0x141/0x180 [ 31.134990] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.135030] kasan_check_range+0x10c/0x1c0 [ 31.135055] __kasan_check_write+0x18/0x20 [ 31.135079] copy_user_test_oob+0x3fd/0x10f0 [ 31.135105] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.135137] ? finish_task_switch.isra.0+0x153/0x700 [ 31.135160] ? __switch_to+0x47/0xf80 [ 31.135186] ? __schedule+0x10da/0x2b60 [ 31.135223] ? __pfx_read_tsc+0x10/0x10 [ 31.135245] ? ktime_get_ts64+0x86/0x230 [ 31.135279] kunit_try_run_case+0x1a5/0x480 [ 31.135306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.135329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.135355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.135381] ? __kthread_parkme+0x82/0x180 [ 31.135402] ? preempt_count_sub+0x50/0x80 [ 31.135425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.135451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.135475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.135508] kthread+0x337/0x6f0 [ 31.135530] ? trace_preempt_on+0x20/0xc0 [ 31.135555] ? __pfx_kthread+0x10/0x10 [ 31.135595] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.135620] ? calculate_sigpending+0x7b/0xa0 [ 31.135644] ? __pfx_kthread+0x10/0x10 [ 31.135666] ret_from_fork+0x116/0x1d0 [ 31.135700] ? __pfx_kthread+0x10/0x10 [ 31.135724] ret_from_fork_asm+0x1a/0x30 [ 31.135769] </TASK> [ 31.135783] [ 31.143204] Allocated by task 333: [ 31.143413] kasan_save_stack+0x45/0x70 [ 31.143645] kasan_save_track+0x18/0x40 [ 31.143806] kasan_save_alloc_info+0x3b/0x50 [ 31.144064] __kasan_kmalloc+0xb7/0xc0 [ 31.144197] __kmalloc_noprof+0x1ca/0x510 [ 31.144336] kunit_kmalloc_array+0x25/0x60 [ 31.144476] copy_user_test_oob+0xab/0x10f0 [ 31.144691] kunit_try_run_case+0x1a5/0x480 [ 31.144930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.145176] kthread+0x337/0x6f0 [ 31.145338] ret_from_fork+0x116/0x1d0 [ 31.145517] ret_from_fork_asm+0x1a/0x30 [ 31.145693] [ 31.145759] The buggy address belongs to the object at ffff888105635400 [ 31.145759] which belongs to the cache kmalloc-128 of size 128 [ 31.146468] The buggy address is located 0 bytes inside of [ 31.146468] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.147026] [ 31.147101] The buggy address belongs to the physical page: [ 31.147348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.147701] flags: 0x200000000000000(node=0|zone=2) [ 31.147918] page_type: f5(slab) [ 31.148100] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.148403] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.148721] page dumped because: kasan: bad access detected [ 31.148969] [ 31.149053] Memory state around the buggy address: [ 31.149264] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.149563] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.149895] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.150189] ^ [ 31.150483] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.150791] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.151075] ================================================================== [ 31.193851] ================================================================== [ 31.194175] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 31.194512] Read of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.194846] [ 31.194932] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.195000] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.195014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.195038] Call Trace: [ 31.195058] <TASK> [ 31.195078] dump_stack_lvl+0x73/0xb0 [ 31.195106] print_report+0xd1/0x640 [ 31.195130] ? __virt_addr_valid+0x1db/0x2d0 [ 31.195155] ? copy_user_test_oob+0x604/0x10f0 [ 31.195179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.195205] ? copy_user_test_oob+0x604/0x10f0 [ 31.195229] kasan_report+0x141/0x180 [ 31.195256] ? copy_user_test_oob+0x604/0x10f0 [ 31.195285] kasan_check_range+0x10c/0x1c0 [ 31.195309] __kasan_check_read+0x15/0x20 [ 31.195333] copy_user_test_oob+0x604/0x10f0 [ 31.195359] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.195382] ? finish_task_switch.isra.0+0x153/0x700 [ 31.195405] ? __switch_to+0x47/0xf80 [ 31.195431] ? __schedule+0x10da/0x2b60 [ 31.195469] ? __pfx_read_tsc+0x10/0x10 [ 31.195491] ? ktime_get_ts64+0x86/0x230 [ 31.195517] kunit_try_run_case+0x1a5/0x480 [ 31.195554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.195586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.195612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.195639] ? __kthread_parkme+0x82/0x180 [ 31.195659] ? preempt_count_sub+0x50/0x80 [ 31.195682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.195707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.195732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.195756] kthread+0x337/0x6f0 [ 31.195776] ? trace_preempt_on+0x20/0xc0 [ 31.195802] ? __pfx_kthread+0x10/0x10 [ 31.195824] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.195848] ? calculate_sigpending+0x7b/0xa0 [ 31.195872] ? __pfx_kthread+0x10/0x10 [ 31.195894] ret_from_fork+0x116/0x1d0 [ 31.195915] ? __pfx_kthread+0x10/0x10 [ 31.195937] ret_from_fork_asm+0x1a/0x30 [ 31.195969] </TASK> [ 31.195980] [ 31.203458] Allocated by task 333: [ 31.203664] kasan_save_stack+0x45/0x70 [ 31.203878] kasan_save_track+0x18/0x40 [ 31.204072] kasan_save_alloc_info+0x3b/0x50 [ 31.204292] __kasan_kmalloc+0xb7/0xc0 [ 31.204453] __kmalloc_noprof+0x1ca/0x510 [ 31.204668] kunit_kmalloc_array+0x25/0x60 [ 31.204833] copy_user_test_oob+0xab/0x10f0 [ 31.205032] kunit_try_run_case+0x1a5/0x480 [ 31.205252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.205424] kthread+0x337/0x6f0 [ 31.205613] ret_from_fork+0x116/0x1d0 [ 31.205802] ret_from_fork_asm+0x1a/0x30 [ 31.205937] [ 31.206002] The buggy address belongs to the object at ffff888105635400 [ 31.206002] which belongs to the cache kmalloc-128 of size 128 [ 31.206355] The buggy address is located 0 bytes inside of [ 31.206355] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.206715] [ 31.206784] The buggy address belongs to the physical page: [ 31.206955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.207191] flags: 0x200000000000000(node=0|zone=2) [ 31.207356] page_type: f5(slab) [ 31.207498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.207904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.208346] page dumped because: kasan: bad access detected [ 31.208637] [ 31.208727] Memory state around the buggy address: [ 31.208973] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.209333] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.209665] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.209887] ^ [ 31.210375] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.210596] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.210804] ================================================================== [ 31.175528] ================================================================== [ 31.175859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 31.176404] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.176762] [ 31.176857] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.176912] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.176928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.176952] Call Trace: [ 31.176974] <TASK> [ 31.176996] dump_stack_lvl+0x73/0xb0 [ 31.177027] print_report+0xd1/0x640 [ 31.177050] ? __virt_addr_valid+0x1db/0x2d0 [ 31.177075] ? copy_user_test_oob+0x557/0x10f0 [ 31.177099] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.177126] ? copy_user_test_oob+0x557/0x10f0 [ 31.177150] kasan_report+0x141/0x180 [ 31.177174] ? copy_user_test_oob+0x557/0x10f0 [ 31.177203] kasan_check_range+0x10c/0x1c0 [ 31.177251] __kasan_check_write+0x18/0x20 [ 31.177275] copy_user_test_oob+0x557/0x10f0 [ 31.177314] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.177338] ? finish_task_switch.isra.0+0x153/0x700 [ 31.177360] ? __switch_to+0x47/0xf80 [ 31.177387] ? __schedule+0x10da/0x2b60 [ 31.177413] ? __pfx_read_tsc+0x10/0x10 [ 31.177436] ? ktime_get_ts64+0x86/0x230 [ 31.177463] kunit_try_run_case+0x1a5/0x480 [ 31.177489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.177512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.177538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.177564] ? __kthread_parkme+0x82/0x180 [ 31.177596] ? preempt_count_sub+0x50/0x80 [ 31.177620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.177644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.177667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.177692] kthread+0x337/0x6f0 [ 31.177723] ? trace_preempt_on+0x20/0xc0 [ 31.177747] ? __pfx_kthread+0x10/0x10 [ 31.177768] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.177804] ? calculate_sigpending+0x7b/0xa0 [ 31.177828] ? __pfx_kthread+0x10/0x10 [ 31.177850] ret_from_fork+0x116/0x1d0 [ 31.177870] ? __pfx_kthread+0x10/0x10 [ 31.177900] ret_from_fork_asm+0x1a/0x30 [ 31.177943] </TASK> [ 31.177954] [ 31.185282] Allocated by task 333: [ 31.185452] kasan_save_stack+0x45/0x70 [ 31.185606] kasan_save_track+0x18/0x40 [ 31.185737] kasan_save_alloc_info+0x3b/0x50 [ 31.186025] __kasan_kmalloc+0xb7/0xc0 [ 31.186210] __kmalloc_noprof+0x1ca/0x510 [ 31.186431] kunit_kmalloc_array+0x25/0x60 [ 31.186656] copy_user_test_oob+0xab/0x10f0 [ 31.186870] kunit_try_run_case+0x1a5/0x480 [ 31.187069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.187312] kthread+0x337/0x6f0 [ 31.187485] ret_from_fork+0x116/0x1d0 [ 31.187652] ret_from_fork_asm+0x1a/0x30 [ 31.187863] [ 31.187958] The buggy address belongs to the object at ffff888105635400 [ 31.187958] which belongs to the cache kmalloc-128 of size 128 [ 31.188438] The buggy address is located 0 bytes inside of [ 31.188438] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.188934] [ 31.189048] The buggy address belongs to the physical page: [ 31.189264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.189547] flags: 0x200000000000000(node=0|zone=2) [ 31.189717] page_type: f5(slab) [ 31.189833] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.190309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.190719] page dumped because: kasan: bad access detected [ 31.190893] [ 31.191061] Memory state around the buggy address: [ 31.191282] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.191598] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.191874] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.192204] ^ [ 31.192512] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.192809] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.193114] ==================================================================