Date
July 25, 2025, 3:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.617301] ================================================================== [ 35.617534] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 35.617622] Write of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.617982] [ 35.618043] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.618382] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.618486] Hardware name: linux,dummy-virt (DT) [ 35.618566] Call trace: [ 35.618615] show_stack+0x20/0x38 (C) [ 35.618751] dump_stack_lvl+0x8c/0xd0 [ 35.618844] print_report+0x118/0x5e8 [ 35.618894] kasan_report+0xdc/0x128 [ 35.618997] kasan_check_range+0x100/0x1a8 [ 35.619098] __kasan_check_write+0x20/0x30 [ 35.619333] copy_user_test_oob+0x234/0xec8 [ 35.619576] kunit_try_run_case+0x170/0x3f0 [ 35.619761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.619860] kthread+0x328/0x630 [ 35.619945] ret_from_fork+0x10/0x20 [ 35.620042] [ 35.620087] Allocated by task 317: [ 35.620134] kasan_save_stack+0x3c/0x68 [ 35.620186] kasan_save_track+0x20/0x40 [ 35.620224] kasan_save_alloc_info+0x40/0x58 [ 35.620265] __kasan_kmalloc+0xd4/0xd8 [ 35.620301] __kmalloc_noprof+0x198/0x4c8 [ 35.620343] kunit_kmalloc_array+0x34/0x88 [ 35.620383] copy_user_test_oob+0xac/0xec8 [ 35.620424] kunit_try_run_case+0x170/0x3f0 [ 35.620472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.620517] kthread+0x328/0x630 [ 35.620553] ret_from_fork+0x10/0x20 [ 35.620601] [ 35.620624] The buggy address belongs to the object at fff00000c9a8b900 [ 35.620624] which belongs to the cache kmalloc-128 of size 128 [ 35.621206] The buggy address is located 0 bytes inside of [ 35.621206] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.621666] [ 35.621870] The buggy address belongs to the physical page: [ 35.621967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.622148] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.622265] page_type: f5(slab) [ 35.622829] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.622900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.623046] page dumped because: kasan: bad access detected [ 35.623114] [ 35.623233] Memory state around the buggy address: [ 35.623350] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.623397] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.623448] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.623878] ^ [ 35.623973] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.624145] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.624208] ================================================================== [ 35.677243] ================================================================== [ 35.677307] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 35.677368] Read of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.677436] [ 35.677472] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.677564] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.677598] Hardware name: linux,dummy-virt (DT) [ 35.677802] Call trace: [ 35.677842] show_stack+0x20/0x38 (C) [ 35.677897] dump_stack_lvl+0x8c/0xd0 [ 35.677950] print_report+0x118/0x5e8 [ 35.678000] kasan_report+0xdc/0x128 [ 35.678046] kasan_check_range+0x100/0x1a8 [ 35.678102] __kasan_check_read+0x20/0x30 [ 35.678150] copy_user_test_oob+0x4a0/0xec8 [ 35.678210] kunit_try_run_case+0x170/0x3f0 [ 35.678260] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.678323] kthread+0x328/0x630 [ 35.678369] ret_from_fork+0x10/0x20 [ 35.678418] [ 35.678440] Allocated by task 317: [ 35.678480] kasan_save_stack+0x3c/0x68 [ 35.678523] kasan_save_track+0x20/0x40 [ 35.678561] kasan_save_alloc_info+0x40/0x58 [ 35.678601] __kasan_kmalloc+0xd4/0xd8 [ 35.678926] __kmalloc_noprof+0x198/0x4c8 [ 35.679024] kunit_kmalloc_array+0x34/0x88 [ 35.679438] copy_user_test_oob+0xac/0xec8 [ 35.679918] kunit_try_run_case+0x170/0x3f0 [ 35.680003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.680086] kthread+0x328/0x630 [ 35.680164] ret_from_fork+0x10/0x20 [ 35.680612] [ 35.681030] The buggy address belongs to the object at fff00000c9a8b900 [ 35.681030] which belongs to the cache kmalloc-128 of size 128 [ 35.681323] The buggy address is located 0 bytes inside of [ 35.681323] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.681427] [ 35.681585] The buggy address belongs to the physical page: [ 35.681800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.682253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.682967] page_type: f5(slab) [ 35.683093] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.683155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.683327] page dumped because: kasan: bad access detected [ 35.683497] [ 35.683693] Memory state around the buggy address: [ 35.684147] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.684343] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.684408] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.684616] ^ [ 35.684826] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.684967] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.685082] ================================================================== [ 35.668193] ================================================================== [ 35.668397] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 35.668458] Write of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.668776] [ 35.668942] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.669308] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.669449] Hardware name: linux,dummy-virt (DT) [ 35.669517] Call trace: [ 35.669544] show_stack+0x20/0x38 (C) [ 35.669597] dump_stack_lvl+0x8c/0xd0 [ 35.669700] print_report+0x118/0x5e8 [ 35.669748] kasan_report+0xdc/0x128 [ 35.669822] kasan_check_range+0x100/0x1a8 [ 35.670061] __kasan_check_write+0x20/0x30 [ 35.670396] copy_user_test_oob+0x434/0xec8 [ 35.670489] kunit_try_run_case+0x170/0x3f0 [ 35.670541] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.670597] kthread+0x328/0x630 [ 35.670748] ret_from_fork+0x10/0x20 [ 35.670802] [ 35.670842] Allocated by task 317: [ 35.670877] kasan_save_stack+0x3c/0x68 [ 35.670927] kasan_save_track+0x20/0x40 [ 35.671004] kasan_save_alloc_info+0x40/0x58 [ 35.671052] __kasan_kmalloc+0xd4/0xd8 [ 35.671091] __kmalloc_noprof+0x198/0x4c8 [ 35.671135] kunit_kmalloc_array+0x34/0x88 [ 35.671321] copy_user_test_oob+0xac/0xec8 [ 35.671635] kunit_try_run_case+0x170/0x3f0 [ 35.671729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.671916] kthread+0x328/0x630 [ 35.671967] ret_from_fork+0x10/0x20 [ 35.672170] [ 35.672215] The buggy address belongs to the object at fff00000c9a8b900 [ 35.672215] which belongs to the cache kmalloc-128 of size 128 [ 35.672719] The buggy address is located 0 bytes inside of [ 35.672719] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.673153] [ 35.673257] The buggy address belongs to the physical page: [ 35.673337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.673424] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.674003] page_type: f5(slab) [ 35.674249] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.674418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.674462] page dumped because: kasan: bad access detected [ 35.674814] [ 35.674950] Memory state around the buggy address: [ 35.675130] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.675366] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.675467] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.675614] ^ [ 35.675859] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.676151] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.676277] ================================================================== [ 35.630017] ================================================================== [ 35.630981] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 35.631114] Read of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.631711] [ 35.631810] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.631951] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.632270] Hardware name: linux,dummy-virt (DT) [ 35.632338] Call trace: [ 35.632427] show_stack+0x20/0x38 (C) [ 35.632502] dump_stack_lvl+0x8c/0xd0 [ 35.632720] print_report+0x118/0x5e8 [ 35.632810] kasan_report+0xdc/0x128 [ 35.632857] kasan_check_range+0x100/0x1a8 [ 35.633278] __kasan_check_read+0x20/0x30 [ 35.633620] copy_user_test_oob+0x728/0xec8 [ 35.633712] kunit_try_run_case+0x170/0x3f0 [ 35.633849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.633918] kthread+0x328/0x630 [ 35.634246] ret_from_fork+0x10/0x20 [ 35.634360] [ 35.634418] Allocated by task 317: [ 35.634450] kasan_save_stack+0x3c/0x68 [ 35.634692] kasan_save_track+0x20/0x40 [ 35.634777] kasan_save_alloc_info+0x40/0x58 [ 35.634959] __kasan_kmalloc+0xd4/0xd8 [ 35.635221] __kmalloc_noprof+0x198/0x4c8 [ 35.635376] kunit_kmalloc_array+0x34/0x88 [ 35.635494] copy_user_test_oob+0xac/0xec8 [ 35.635595] kunit_try_run_case+0x170/0x3f0 [ 35.635917] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.636080] kthread+0x328/0x630 [ 35.636167] ret_from_fork+0x10/0x20 [ 35.636626] [ 35.636796] The buggy address belongs to the object at fff00000c9a8b900 [ 35.636796] which belongs to the cache kmalloc-128 of size 128 [ 35.636901] The buggy address is located 0 bytes inside of [ 35.636901] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.637304] [ 35.637584] The buggy address belongs to the physical page: [ 35.638036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.638115] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.638427] page_type: f5(slab) [ 35.638537] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.638841] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.638986] page dumped because: kasan: bad access detected [ 35.639024] [ 35.639045] Memory state around the buggy address: [ 35.639095] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.639355] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.639674] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.639766] ^ [ 35.640176] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.640612] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.640742] ================================================================== [ 35.650656] ================================================================== [ 35.650987] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 35.651419] Write of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.651490] [ 35.651843] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.652309] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.652426] Hardware name: linux,dummy-virt (DT) [ 35.652471] Call trace: [ 35.652533] show_stack+0x20/0x38 (C) [ 35.652656] dump_stack_lvl+0x8c/0xd0 [ 35.652723] print_report+0x118/0x5e8 [ 35.652769] kasan_report+0xdc/0x128 [ 35.652815] kasan_check_range+0x100/0x1a8 [ 35.652862] __kasan_check_write+0x20/0x30 [ 35.652911] copy_user_test_oob+0x35c/0xec8 [ 35.652961] kunit_try_run_case+0x170/0x3f0 [ 35.653025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.653085] kthread+0x328/0x630 [ 35.653138] ret_from_fork+0x10/0x20 [ 35.653214] [ 35.653251] Allocated by task 317: [ 35.653283] kasan_save_stack+0x3c/0x68 [ 35.653324] kasan_save_track+0x20/0x40 [ 35.653372] kasan_save_alloc_info+0x40/0x58 [ 35.653413] __kasan_kmalloc+0xd4/0xd8 [ 35.653451] __kmalloc_noprof+0x198/0x4c8 [ 35.653494] kunit_kmalloc_array+0x34/0x88 [ 35.653533] copy_user_test_oob+0xac/0xec8 [ 35.653574] kunit_try_run_case+0x170/0x3f0 [ 35.653613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.653668] kthread+0x328/0x630 [ 35.653713] ret_from_fork+0x10/0x20 [ 35.653761] [ 35.653783] The buggy address belongs to the object at fff00000c9a8b900 [ 35.653783] which belongs to the cache kmalloc-128 of size 128 [ 35.653861] The buggy address is located 0 bytes inside of [ 35.653861] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.653946] [ 35.653970] The buggy address belongs to the physical page: [ 35.654010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.654074] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.654125] page_type: f5(slab) [ 35.654167] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.654231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.654282] page dumped because: kasan: bad access detected [ 35.654314] [ 35.654344] Memory state around the buggy address: [ 35.654385] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.654453] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.654507] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.654562] ^ [ 35.654605] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.654661] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.655006] ================================================================== [ 35.656292] ================================================================== [ 35.656724] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 35.657032] Read of size 121 at addr fff00000c9a8b900 by task kunit_try_catch/317 [ 35.657095] [ 35.657129] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 35.657220] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.657254] Hardware name: linux,dummy-virt (DT) [ 35.657557] Call trace: [ 35.657666] show_stack+0x20/0x38 (C) [ 35.657752] dump_stack_lvl+0x8c/0xd0 [ 35.657968] print_report+0x118/0x5e8 [ 35.658236] kasan_report+0xdc/0x128 [ 35.658306] kasan_check_range+0x100/0x1a8 [ 35.658392] __kasan_check_read+0x20/0x30 [ 35.658564] copy_user_test_oob+0x3c8/0xec8 [ 35.658670] kunit_try_run_case+0x170/0x3f0 [ 35.658925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.659088] kthread+0x328/0x630 [ 35.659141] ret_from_fork+0x10/0x20 [ 35.659206] [ 35.659227] Allocated by task 317: [ 35.659267] kasan_save_stack+0x3c/0x68 [ 35.659878] kasan_save_track+0x20/0x40 [ 35.660180] kasan_save_alloc_info+0x40/0x58 [ 35.660442] __kasan_kmalloc+0xd4/0xd8 [ 35.660942] __kmalloc_noprof+0x198/0x4c8 [ 35.661027] kunit_kmalloc_array+0x34/0x88 [ 35.661350] copy_user_test_oob+0xac/0xec8 [ 35.661931] kunit_try_run_case+0x170/0x3f0 [ 35.662075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.662142] kthread+0x328/0x630 [ 35.662745] ret_from_fork+0x10/0x20 [ 35.662865] [ 35.662939] The buggy address belongs to the object at fff00000c9a8b900 [ 35.662939] which belongs to the cache kmalloc-128 of size 128 [ 35.663215] The buggy address is located 0 bytes inside of [ 35.663215] allocated 120-byte region [fff00000c9a8b900, fff00000c9a8b978) [ 35.663377] [ 35.663472] The buggy address belongs to the physical page: [ 35.663769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b [ 35.664051] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 35.664473] page_type: f5(slab) [ 35.664624] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 35.664851] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.665074] page dumped because: kasan: bad access detected [ 35.665151] [ 35.665516] Memory state around the buggy address: [ 35.665714] fff00000c9a8b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.665859] fff00000c9a8b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.666027] >fff00000c9a8b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.666096] ^ [ 35.666521] fff00000c9a8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.666596] fff00000c9a8ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.666688] ==================================================================
[ 30.152686] ================================================================== [ 30.153542] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.154134] Read of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.154729] [ 30.155033] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.155232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.155247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.155270] Call Trace: [ 30.155287] <TASK> [ 30.155304] dump_stack_lvl+0x73/0xb0 [ 30.155377] print_report+0xd1/0x640 [ 30.155402] ? __virt_addr_valid+0x1db/0x2d0 [ 30.155427] ? copy_user_test_oob+0x604/0x10f0 [ 30.155452] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.155481] ? copy_user_test_oob+0x604/0x10f0 [ 30.155506] kasan_report+0x141/0x180 [ 30.155530] ? copy_user_test_oob+0x604/0x10f0 [ 30.155560] kasan_check_range+0x10c/0x1c0 [ 30.155585] __kasan_check_read+0x15/0x20 [ 30.155611] copy_user_test_oob+0x604/0x10f0 [ 30.155639] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.155665] ? finish_task_switch.isra.0+0x153/0x700 [ 30.155689] ? __switch_to+0x47/0xf80 [ 30.155716] ? __schedule+0x10da/0x2b60 [ 30.155739] ? __pfx_read_tsc+0x10/0x10 [ 30.155762] ? ktime_get_ts64+0x86/0x230 [ 30.155809] kunit_try_run_case+0x1a5/0x480 [ 30.155836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.155861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.155883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.155911] ? __kthread_parkme+0x82/0x180 [ 30.155933] ? preempt_count_sub+0x50/0x80 [ 30.155968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.155993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.156019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.156062] kthread+0x337/0x6f0 [ 30.156084] ? trace_preempt_on+0x20/0xc0 [ 30.156110] ? __pfx_kthread+0x10/0x10 [ 30.156133] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.156158] ? calculate_sigpending+0x7b/0xa0 [ 30.156184] ? __pfx_kthread+0x10/0x10 [ 30.156207] ret_from_fork+0x116/0x1d0 [ 30.156228] ? __pfx_kthread+0x10/0x10 [ 30.156250] ret_from_fork_asm+0x1a/0x30 [ 30.156282] </TASK> [ 30.156295] [ 30.166631] Allocated by task 334: [ 30.166803] kasan_save_stack+0x45/0x70 [ 30.167077] kasan_save_track+0x18/0x40 [ 30.167303] kasan_save_alloc_info+0x3b/0x50 [ 30.167545] __kasan_kmalloc+0xb7/0xc0 [ 30.167730] __kmalloc_noprof+0x1ca/0x510 [ 30.167927] kunit_kmalloc_array+0x25/0x60 [ 30.168153] copy_user_test_oob+0xab/0x10f0 [ 30.168395] kunit_try_run_case+0x1a5/0x480 [ 30.168651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.168999] kthread+0x337/0x6f0 [ 30.169154] ret_from_fork+0x116/0x1d0 [ 30.169465] ret_from_fork_asm+0x1a/0x30 [ 30.169692] [ 30.169793] The buggy address belongs to the object at ffff888106253800 [ 30.169793] which belongs to the cache kmalloc-128 of size 128 [ 30.170522] The buggy address is located 0 bytes inside of [ 30.170522] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.171124] [ 30.171286] The buggy address belongs to the physical page: [ 30.171510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.171883] flags: 0x200000000000000(node=0|zone=2) [ 30.172233] page_type: f5(slab) [ 30.172396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.172750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.173105] page dumped because: kasan: bad access detected [ 30.173363] [ 30.173454] Memory state around the buggy address: [ 30.173675] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.173977] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.174317] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.174735] ^ [ 30.175079] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.175395] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.175755] ================================================================== [ 30.068477] ================================================================== [ 30.068821] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.069305] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.069542] [ 30.069621] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.069670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.069684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.069705] Call Trace: [ 30.069719] <TASK> [ 30.069735] dump_stack_lvl+0x73/0xb0 [ 30.069765] print_report+0xd1/0x640 [ 30.069820] ? __virt_addr_valid+0x1db/0x2d0 [ 30.069847] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.069872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.069923] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.069973] kasan_report+0x141/0x180 [ 30.070012] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.070062] kasan_check_range+0x10c/0x1c0 [ 30.070088] __kasan_check_write+0x18/0x20 [ 30.070114] copy_user_test_oob+0x3fd/0x10f0 [ 30.070142] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.070168] ? finish_task_switch.isra.0+0x153/0x700 [ 30.070192] ? __switch_to+0x47/0xf80 [ 30.070219] ? __schedule+0x10da/0x2b60 [ 30.070241] ? __pfx_read_tsc+0x10/0x10 [ 30.070264] ? ktime_get_ts64+0x86/0x230 [ 30.070291] kunit_try_run_case+0x1a5/0x480 [ 30.070317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.070342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.070366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.070394] ? __kthread_parkme+0x82/0x180 [ 30.070415] ? preempt_count_sub+0x50/0x80 [ 30.070440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.070487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.070512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.070539] kthread+0x337/0x6f0 [ 30.070561] ? trace_preempt_on+0x20/0xc0 [ 30.070585] ? __pfx_kthread+0x10/0x10 [ 30.070608] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.070635] ? calculate_sigpending+0x7b/0xa0 [ 30.070676] ? __pfx_kthread+0x10/0x10 [ 30.070700] ret_from_fork+0x116/0x1d0 [ 30.070721] ? __pfx_kthread+0x10/0x10 [ 30.070744] ret_from_fork_asm+0x1a/0x30 [ 30.070793] </TASK> [ 30.070813] [ 30.084954] Allocated by task 334: [ 30.085357] kasan_save_stack+0x45/0x70 [ 30.085766] kasan_save_track+0x18/0x40 [ 30.086205] kasan_save_alloc_info+0x3b/0x50 [ 30.086610] __kasan_kmalloc+0xb7/0xc0 [ 30.087024] __kmalloc_noprof+0x1ca/0x510 [ 30.087451] kunit_kmalloc_array+0x25/0x60 [ 30.087910] copy_user_test_oob+0xab/0x10f0 [ 30.088322] kunit_try_run_case+0x1a5/0x480 [ 30.088738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.089292] kthread+0x337/0x6f0 [ 30.089623] ret_from_fork+0x116/0x1d0 [ 30.089977] ret_from_fork_asm+0x1a/0x30 [ 30.090386] [ 30.090557] The buggy address belongs to the object at ffff888106253800 [ 30.090557] which belongs to the cache kmalloc-128 of size 128 [ 30.091158] The buggy address is located 0 bytes inside of [ 30.091158] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.092482] [ 30.092639] The buggy address belongs to the physical page: [ 30.093235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.093657] flags: 0x200000000000000(node=0|zone=2) [ 30.093929] page_type: f5(slab) [ 30.094280] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.095047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.095801] page dumped because: kasan: bad access detected [ 30.096054] [ 30.096244] Memory state around the buggy address: [ 30.096689] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.097214] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.097578] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.097811] ^ [ 30.098114] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.098871] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.099603] ================================================================== [ 30.100105] ================================================================== [ 30.100817] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.101512] Read of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.101772] [ 30.102025] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.102077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.102109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.102132] Call Trace: [ 30.102148] <TASK> [ 30.102165] dump_stack_lvl+0x73/0xb0 [ 30.102208] print_report+0xd1/0x640 [ 30.102247] ? __virt_addr_valid+0x1db/0x2d0 [ 30.102272] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.102325] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102351] kasan_report+0x141/0x180 [ 30.102375] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102405] kasan_check_range+0x10c/0x1c0 [ 30.102431] __kasan_check_read+0x15/0x20 [ 30.102455] copy_user_test_oob+0x4aa/0x10f0 [ 30.102483] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.102508] ? finish_task_switch.isra.0+0x153/0x700 [ 30.102532] ? __switch_to+0x47/0xf80 [ 30.102559] ? __schedule+0x10da/0x2b60 [ 30.102581] ? __pfx_read_tsc+0x10/0x10 [ 30.102604] ? ktime_get_ts64+0x86/0x230 [ 30.102630] kunit_try_run_case+0x1a5/0x480 [ 30.102656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.102681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.102705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.102733] ? __kthread_parkme+0x82/0x180 [ 30.102754] ? preempt_count_sub+0x50/0x80 [ 30.102779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.102806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.102831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.102857] kthread+0x337/0x6f0 [ 30.102879] ? trace_preempt_on+0x20/0xc0 [ 30.102904] ? __pfx_kthread+0x10/0x10 [ 30.102927] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.102976] ? calculate_sigpending+0x7b/0xa0 [ 30.103002] ? __pfx_kthread+0x10/0x10 [ 30.103026] ret_from_fork+0x116/0x1d0 [ 30.103047] ? __pfx_kthread+0x10/0x10 [ 30.103076] ret_from_fork_asm+0x1a/0x30 [ 30.103109] </TASK> [ 30.103122] [ 30.117739] Allocated by task 334: [ 30.117868] kasan_save_stack+0x45/0x70 [ 30.118049] kasan_save_track+0x18/0x40 [ 30.118434] kasan_save_alloc_info+0x3b/0x50 [ 30.118694] __kasan_kmalloc+0xb7/0xc0 [ 30.119059] __kmalloc_noprof+0x1ca/0x510 [ 30.119505] kunit_kmalloc_array+0x25/0x60 [ 30.119925] copy_user_test_oob+0xab/0x10f0 [ 30.120374] kunit_try_run_case+0x1a5/0x480 [ 30.120613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.120801] kthread+0x337/0x6f0 [ 30.121051] ret_from_fork+0x116/0x1d0 [ 30.121416] ret_from_fork_asm+0x1a/0x30 [ 30.121754] [ 30.121823] The buggy address belongs to the object at ffff888106253800 [ 30.121823] which belongs to the cache kmalloc-128 of size 128 [ 30.122743] The buggy address is located 0 bytes inside of [ 30.122743] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.123581] [ 30.123651] The buggy address belongs to the physical page: [ 30.123822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.124076] flags: 0x200000000000000(node=0|zone=2) [ 30.124416] page_type: f5(slab) [ 30.124573] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.124984] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.125250] page dumped because: kasan: bad access detected [ 30.125570] [ 30.125647] Memory state around the buggy address: [ 30.125875] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.126243] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.126580] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.126807] ^ [ 30.127207] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127542] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127840] ================================================================== [ 30.128352] ================================================================== [ 30.128677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.129289] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.129524] [ 30.129607] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.129656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.129670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.129692] Call Trace: [ 30.129709] <TASK> [ 30.129725] dump_stack_lvl+0x73/0xb0 [ 30.129755] print_report+0xd1/0x640 [ 30.129780] ? __virt_addr_valid+0x1db/0x2d0 [ 30.129806] ? copy_user_test_oob+0x557/0x10f0 [ 30.129831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.129859] ? copy_user_test_oob+0x557/0x10f0 [ 30.129885] kasan_report+0x141/0x180 [ 30.130531] ? copy_user_test_oob+0x557/0x10f0 [ 30.130563] kasan_check_range+0x10c/0x1c0 [ 30.130590] __kasan_check_write+0x18/0x20 [ 30.130615] copy_user_test_oob+0x557/0x10f0 [ 30.130643] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.130669] ? finish_task_switch.isra.0+0x153/0x700 [ 30.130695] ? __switch_to+0x47/0xf80 [ 30.130723] ? __schedule+0x10da/0x2b60 [ 30.130747] ? __pfx_read_tsc+0x10/0x10 [ 30.130770] ? ktime_get_ts64+0x86/0x230 [ 30.130796] kunit_try_run_case+0x1a5/0x480 [ 30.130823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.130866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.130890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.130918] ? __kthread_parkme+0x82/0x180 [ 30.130940] ? preempt_count_sub+0x50/0x80 [ 30.130977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.131003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.131029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.131079] kthread+0x337/0x6f0 [ 30.131101] ? trace_preempt_on+0x20/0xc0 [ 30.131128] ? __pfx_kthread+0x10/0x10 [ 30.131151] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.131176] ? calculate_sigpending+0x7b/0xa0 [ 30.131203] ? __pfx_kthread+0x10/0x10 [ 30.131226] ret_from_fork+0x116/0x1d0 [ 30.131248] ? __pfx_kthread+0x10/0x10 [ 30.131270] ret_from_fork_asm+0x1a/0x30 [ 30.131304] </TASK> [ 30.131316] [ 30.138622] Allocated by task 334: [ 30.138788] kasan_save_stack+0x45/0x70 [ 30.138977] kasan_save_track+0x18/0x40 [ 30.139148] kasan_save_alloc_info+0x3b/0x50 [ 30.139339] __kasan_kmalloc+0xb7/0xc0 [ 30.139495] __kmalloc_noprof+0x1ca/0x510 [ 30.139663] kunit_kmalloc_array+0x25/0x60 [ 30.139833] copy_user_test_oob+0xab/0x10f0 [ 30.140431] kunit_try_run_case+0x1a5/0x480 [ 30.141354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.141584] kthread+0x337/0x6f0 [ 30.141729] ret_from_fork+0x116/0x1d0 [ 30.142666] ret_from_fork_asm+0x1a/0x30 [ 30.143143] [ 30.143397] The buggy address belongs to the object at ffff888106253800 [ 30.143397] which belongs to the cache kmalloc-128 of size 128 [ 30.144268] The buggy address is located 0 bytes inside of [ 30.144268] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.145393] [ 30.145660] The buggy address belongs to the physical page: [ 30.146405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.147031] flags: 0x200000000000000(node=0|zone=2) [ 30.147507] page_type: f5(slab) [ 30.147675] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.147995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.148293] page dumped because: kasan: bad access detected [ 30.148517] [ 30.148598] Memory state around the buggy address: [ 30.148796] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.149090] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.149366] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.149632] ^ [ 30.149899] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.150913] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.151553] ==================================================================