Date
June 18, 2025, 6:43 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.548974] ================================================================== [ 24.549038] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 24.549097] Write of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.549151] [ 24.549185] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.549375] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.549450] Hardware name: linux,dummy-virt (DT) [ 24.549518] Call trace: [ 24.549570] show_stack+0x20/0x38 (C) [ 24.549681] dump_stack_lvl+0x8c/0xd0 [ 24.549794] print_report+0x118/0x608 [ 24.549864] kasan_report+0xdc/0x128 [ 24.549913] kasan_check_range+0x100/0x1a8 [ 24.549965] __kasan_check_write+0x20/0x30 [ 24.550013] copy_user_test_oob+0x434/0xec8 [ 24.550121] kunit_try_run_case+0x170/0x3f0 [ 24.550190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.550249] kthread+0x328/0x630 [ 24.550293] ret_from_fork+0x10/0x20 [ 24.550346] [ 24.550377] Allocated by task 295: [ 24.550415] kasan_save_stack+0x3c/0x68 [ 24.550477] kasan_save_track+0x20/0x40 [ 24.550522] kasan_save_alloc_info+0x40/0x58 [ 24.550580] __kasan_kmalloc+0xd4/0xd8 [ 24.550661] __kmalloc_noprof+0x198/0x4c8 [ 24.550705] kunit_kmalloc_array+0x34/0x88 [ 24.550813] copy_user_test_oob+0xac/0xec8 [ 24.550997] kunit_try_run_case+0x170/0x3f0 [ 24.551080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.551138] kthread+0x328/0x630 [ 24.551217] ret_from_fork+0x10/0x20 [ 24.551354] [ 24.551399] The buggy address belongs to the object at fff00000c641b000 [ 24.551399] which belongs to the cache kmalloc-128 of size 128 [ 24.551650] The buggy address is located 0 bytes inside of [ 24.551650] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.551761] [ 24.551787] The buggy address belongs to the physical page: [ 24.551836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.551894] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.551948] page_type: f5(slab) [ 24.551992] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.552077] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.552186] page dumped because: kasan: bad access detected [ 24.552244] [ 24.552267] Memory state around the buggy address: [ 24.552493] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.552587] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.552843] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.552997] ^ [ 24.553293] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.553352] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.553400] ================================================================== [ 24.511252] ================================================================== [ 24.511439] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 24.511540] Write of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.511597] [ 24.511648] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.511776] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.511816] Hardware name: linux,dummy-virt (DT) [ 24.511854] Call trace: [ 24.511885] show_stack+0x20/0x38 (C) [ 24.511944] dump_stack_lvl+0x8c/0xd0 [ 24.512033] print_report+0x118/0x608 [ 24.512090] kasan_report+0xdc/0x128 [ 24.512229] kasan_check_range+0x100/0x1a8 [ 24.512371] __kasan_check_write+0x20/0x30 [ 24.512433] copy_user_test_oob+0x234/0xec8 [ 24.512488] kunit_try_run_case+0x170/0x3f0 [ 24.512561] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.512625] kthread+0x328/0x630 [ 24.512678] ret_from_fork+0x10/0x20 [ 24.512746] [ 24.512769] Allocated by task 295: [ 24.512805] kasan_save_stack+0x3c/0x68 [ 24.512855] kasan_save_track+0x20/0x40 [ 24.512898] kasan_save_alloc_info+0x40/0x58 [ 24.512941] __kasan_kmalloc+0xd4/0xd8 [ 24.512980] __kmalloc_noprof+0x198/0x4c8 [ 24.514524] kunit_kmalloc_array+0x34/0x88 [ 24.515430] copy_user_test_oob+0xac/0xec8 [ 24.515929] kunit_try_run_case+0x170/0x3f0 [ 24.515988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.516559] kthread+0x328/0x630 [ 24.516635] ret_from_fork+0x10/0x20 [ 24.516820] [ 24.516849] The buggy address belongs to the object at fff00000c641b000 [ 24.516849] which belongs to the cache kmalloc-128 of size 128 [ 24.517253] The buggy address is located 0 bytes inside of [ 24.517253] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.517328] [ 24.517358] The buggy address belongs to the physical page: [ 24.518109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.518196] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.518365] page_type: f5(slab) [ 24.518476] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.518534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.518580] page dumped because: kasan: bad access detected [ 24.518621] [ 24.518645] Memory state around the buggy address: [ 24.518683] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.518732] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.518780] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.519008] ^ [ 24.519142] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519264] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519310] ================================================================== [ 24.555964] ================================================================== [ 24.556054] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 24.556576] Read of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.556810] [ 24.556964] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.557198] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.557236] Hardware name: linux,dummy-virt (DT) [ 24.557275] Call trace: [ 24.557304] show_stack+0x20/0x38 (C) [ 24.557477] dump_stack_lvl+0x8c/0xd0 [ 24.557711] print_report+0x118/0x608 [ 24.557781] kasan_report+0xdc/0x128 [ 24.557992] kasan_check_range+0x100/0x1a8 [ 24.558234] __kasan_check_read+0x20/0x30 [ 24.558337] copy_user_test_oob+0x4a0/0xec8 [ 24.558395] kunit_try_run_case+0x170/0x3f0 [ 24.558448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.558506] kthread+0x328/0x630 [ 24.558797] ret_from_fork+0x10/0x20 [ 24.558925] [ 24.558961] Allocated by task 295: [ 24.559309] kasan_save_stack+0x3c/0x68 [ 24.559460] kasan_save_track+0x20/0x40 [ 24.559513] kasan_save_alloc_info+0x40/0x58 [ 24.559563] __kasan_kmalloc+0xd4/0xd8 [ 24.559607] __kmalloc_noprof+0x198/0x4c8 [ 24.559652] kunit_kmalloc_array+0x34/0x88 [ 24.559696] copy_user_test_oob+0xac/0xec8 [ 24.560214] kunit_try_run_case+0x170/0x3f0 [ 24.560353] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.560468] kthread+0x328/0x630 [ 24.560627] ret_from_fork+0x10/0x20 [ 24.560821] [ 24.561049] The buggy address belongs to the object at fff00000c641b000 [ 24.561049] which belongs to the cache kmalloc-128 of size 128 [ 24.561135] The buggy address is located 0 bytes inside of [ 24.561135] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.561221] [ 24.561250] The buggy address belongs to the physical page: [ 24.561288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.561349] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.561692] page_type: f5(slab) [ 24.561807] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.562138] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.562217] page dumped because: kasan: bad access detected [ 24.562349] [ 24.562379] Memory state around the buggy address: [ 24.562430] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.562485] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.562769] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.562835] ^ [ 24.562909] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563082] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563328] ================================================================== [ 24.527745] ================================================================== [ 24.527934] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 24.528030] Read of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.528178] [ 24.528281] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.528749] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.528879] Hardware name: linux,dummy-virt (DT) [ 24.528937] Call trace: [ 24.528985] show_stack+0x20/0x38 (C) [ 24.529083] dump_stack_lvl+0x8c/0xd0 [ 24.529141] print_report+0x118/0x608 [ 24.529199] kasan_report+0xdc/0x128 [ 24.529252] kasan_check_range+0x100/0x1a8 [ 24.529309] __kasan_check_read+0x20/0x30 [ 24.529363] copy_user_test_oob+0x728/0xec8 [ 24.529419] kunit_try_run_case+0x170/0x3f0 [ 24.529474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.529932] kthread+0x328/0x630 [ 24.530068] ret_from_fork+0x10/0x20 [ 24.530163] [ 24.530189] Allocated by task 295: [ 24.530346] kasan_save_stack+0x3c/0x68 [ 24.530629] kasan_save_track+0x20/0x40 [ 24.530723] kasan_save_alloc_info+0x40/0x58 [ 24.530946] __kasan_kmalloc+0xd4/0xd8 [ 24.531006] __kmalloc_noprof+0x198/0x4c8 [ 24.531065] kunit_kmalloc_array+0x34/0x88 [ 24.531110] copy_user_test_oob+0xac/0xec8 [ 24.531153] kunit_try_run_case+0x170/0x3f0 [ 24.531195] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.531242] kthread+0x328/0x630 [ 24.531278] ret_from_fork+0x10/0x20 [ 24.531316] [ 24.531345] The buggy address belongs to the object at fff00000c641b000 [ 24.531345] which belongs to the cache kmalloc-128 of size 128 [ 24.531940] The buggy address is located 0 bytes inside of [ 24.531940] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.532066] [ 24.532328] The buggy address belongs to the physical page: [ 24.532423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.532755] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.532930] page_type: f5(slab) [ 24.533036] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.533138] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.533200] page dumped because: kasan: bad access detected [ 24.533363] [ 24.533472] Memory state around the buggy address: [ 24.533616] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.533708] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.533855] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.534171] ^ [ 24.534254] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.534308] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.534361] ================================================================== [ 24.545473] ================================================================== [ 24.545543] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 24.545606] Read of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.545666] [ 24.545704] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.545892] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.545926] Hardware name: linux,dummy-virt (DT) [ 24.545992] Call trace: [ 24.546092] show_stack+0x20/0x38 (C) [ 24.546215] dump_stack_lvl+0x8c/0xd0 [ 24.546275] print_report+0x118/0x608 [ 24.546328] kasan_report+0xdc/0x128 [ 24.546377] kasan_check_range+0x100/0x1a8 [ 24.546456] __kasan_check_read+0x20/0x30 [ 24.546504] copy_user_test_oob+0x3c8/0xec8 [ 24.546569] kunit_try_run_case+0x170/0x3f0 [ 24.546636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.546694] kthread+0x328/0x630 [ 24.546738] ret_from_fork+0x10/0x20 [ 24.546804] [ 24.546859] Allocated by task 295: [ 24.546894] kasan_save_stack+0x3c/0x68 [ 24.546943] kasan_save_track+0x20/0x40 [ 24.546985] kasan_save_alloc_info+0x40/0x58 [ 24.547048] __kasan_kmalloc+0xd4/0xd8 [ 24.547133] __kmalloc_noprof+0x198/0x4c8 [ 24.547202] kunit_kmalloc_array+0x34/0x88 [ 24.547258] copy_user_test_oob+0xac/0xec8 [ 24.547345] kunit_try_run_case+0x170/0x3f0 [ 24.547477] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.547532] kthread+0x328/0x630 [ 24.547569] ret_from_fork+0x10/0x20 [ 24.547607] [ 24.547633] The buggy address belongs to the object at fff00000c641b000 [ 24.547633] which belongs to the cache kmalloc-128 of size 128 [ 24.547695] The buggy address is located 0 bytes inside of [ 24.547695] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.547760] [ 24.547801] The buggy address belongs to the physical page: [ 24.547836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.547903] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.547970] page_type: f5(slab) [ 24.548030] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.548153] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.548203] page dumped because: kasan: bad access detected [ 24.548242] [ 24.548265] Memory state around the buggy address: [ 24.548302] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.548352] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.548400] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.548444] ^ [ 24.548490] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.548553] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.548601] ================================================================== [ 24.540303] ================================================================== [ 24.540466] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 24.540750] Write of size 121 at addr fff00000c641b000 by task kunit_try_catch/295 [ 24.540884] [ 24.541087] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc2-next-20250618 #1 PREEMPT [ 24.541361] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.541430] Hardware name: linux,dummy-virt (DT) [ 24.541598] Call trace: [ 24.541671] show_stack+0x20/0x38 (C) [ 24.541935] dump_stack_lvl+0x8c/0xd0 [ 24.542169] print_report+0x118/0x608 [ 24.542270] kasan_report+0xdc/0x128 [ 24.542361] kasan_check_range+0x100/0x1a8 [ 24.542444] __kasan_check_write+0x20/0x30 [ 24.542497] copy_user_test_oob+0x35c/0xec8 [ 24.542548] kunit_try_run_case+0x170/0x3f0 [ 24.542633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.542714] kthread+0x328/0x630 [ 24.542761] ret_from_fork+0x10/0x20 [ 24.542815] [ 24.542840] Allocated by task 295: [ 24.542872] kasan_save_stack+0x3c/0x68 [ 24.542945] kasan_save_track+0x20/0x40 [ 24.542993] kasan_save_alloc_info+0x40/0x58 [ 24.543048] __kasan_kmalloc+0xd4/0xd8 [ 24.543090] __kmalloc_noprof+0x198/0x4c8 [ 24.543133] kunit_kmalloc_array+0x34/0x88 [ 24.543188] copy_user_test_oob+0xac/0xec8 [ 24.543240] kunit_try_run_case+0x170/0x3f0 [ 24.543307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.543400] kthread+0x328/0x630 [ 24.543490] ret_from_fork+0x10/0x20 [ 24.543535] [ 24.543559] The buggy address belongs to the object at fff00000c641b000 [ 24.543559] which belongs to the cache kmalloc-128 of size 128 [ 24.543624] The buggy address is located 0 bytes inside of [ 24.543624] allocated 120-byte region [fff00000c641b000, fff00000c641b078) [ 24.543692] [ 24.543717] The buggy address belongs to the physical page: [ 24.543768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641b [ 24.543901] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.543968] page_type: f5(slab) [ 24.544064] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.544164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.544218] page dumped because: kasan: bad access detected [ 24.544299] [ 24.544325] Memory state around the buggy address: [ 24.544363] fff00000c641af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.544412] fff00000c641af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.544461] >fff00000c641b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.544505] ^ [ 24.544564] fff00000c641b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.544617] fff00000c641b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.544663] ==================================================================
[ 15.085963] ================================================================== [ 15.086530] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.086892] Read of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.087289] [ 15.087378] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.087424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.087437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.087458] Call Trace: [ 15.087474] <TASK> [ 15.087489] dump_stack_lvl+0x73/0xb0 [ 15.087516] print_report+0xd1/0x650 [ 15.087537] ? __virt_addr_valid+0x1db/0x2d0 [ 15.087559] ? copy_user_test_oob+0x604/0x10f0 [ 15.087582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.087607] ? copy_user_test_oob+0x604/0x10f0 [ 15.087631] kasan_report+0x141/0x180 [ 15.087652] ? copy_user_test_oob+0x604/0x10f0 [ 15.087679] kasan_check_range+0x10c/0x1c0 [ 15.087703] __kasan_check_read+0x15/0x20 [ 15.087726] copy_user_test_oob+0x604/0x10f0 [ 15.087750] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.087773] ? finish_task_switch.isra.0+0x153/0x700 [ 15.087796] ? __switch_to+0x47/0xf50 [ 15.087820] ? __schedule+0x10cc/0x2b60 [ 15.087842] ? __pfx_read_tsc+0x10/0x10 [ 15.087862] ? ktime_get_ts64+0x86/0x230 [ 15.087887] kunit_try_run_case+0x1a5/0x480 [ 15.087911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.087933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.087956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.088002] ? __kthread_parkme+0x82/0x180 [ 15.088023] ? preempt_count_sub+0x50/0x80 [ 15.088047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.088069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.088092] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.088115] kthread+0x337/0x6f0 [ 15.088135] ? trace_preempt_on+0x20/0xc0 [ 15.088158] ? __pfx_kthread+0x10/0x10 [ 15.088179] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.088199] ? calculate_sigpending+0x7b/0xa0 [ 15.088233] ? __pfx_kthread+0x10/0x10 [ 15.088254] ret_from_fork+0x116/0x1d0 [ 15.088273] ? __pfx_kthread+0x10/0x10 [ 15.088293] ret_from_fork_asm+0x1a/0x30 [ 15.088323] </TASK> [ 15.088336] [ 15.095482] Allocated by task 311: [ 15.095606] kasan_save_stack+0x45/0x70 [ 15.095742] kasan_save_track+0x18/0x40 [ 15.095869] kasan_save_alloc_info+0x3b/0x50 [ 15.096014] __kasan_kmalloc+0xb7/0xc0 [ 15.096173] __kmalloc_noprof+0x1c9/0x500 [ 15.096349] kunit_kmalloc_array+0x25/0x60 [ 15.096527] copy_user_test_oob+0xab/0x10f0 [ 15.096713] kunit_try_run_case+0x1a5/0x480 [ 15.096906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.097124] kthread+0x337/0x6f0 [ 15.098183] ret_from_fork+0x116/0x1d0 [ 15.098552] ret_from_fork_asm+0x1a/0x30 [ 15.098694] [ 15.098760] The buggy address belongs to the object at ffff888101addf00 [ 15.098760] which belongs to the cache kmalloc-128 of size 128 [ 15.099116] The buggy address is located 0 bytes inside of [ 15.099116] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.099982] [ 15.100194] The buggy address belongs to the physical page: [ 15.100611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.101117] flags: 0x200000000000000(node=0|zone=2) [ 15.101478] page_type: f5(slab) [ 15.101636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.101940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.102456] page dumped because: kasan: bad access detected [ 15.102928] [ 15.103028] Memory state around the buggy address: [ 15.103487] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.103902] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104379] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.104823] ^ [ 15.105265] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.105561] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.105846] ================================================================== [ 15.033505] ================================================================== [ 15.033805] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.034105] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.034527] [ 15.034625] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.034692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.034706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.034729] Call Trace: [ 15.034742] <TASK> [ 15.034758] dump_stack_lvl+0x73/0xb0 [ 15.034786] print_report+0xd1/0x650 [ 15.034808] ? __virt_addr_valid+0x1db/0x2d0 [ 15.034830] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.034899] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034922] kasan_report+0x141/0x180 [ 15.034944] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034971] kasan_check_range+0x10c/0x1c0 [ 15.035012] __kasan_check_write+0x18/0x20 [ 15.035034] copy_user_test_oob+0x3fd/0x10f0 [ 15.035059] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.035082] ? finish_task_switch.isra.0+0x153/0x700 [ 15.035104] ? __switch_to+0x47/0xf50 [ 15.035130] ? __schedule+0x10cc/0x2b60 [ 15.035151] ? __pfx_read_tsc+0x10/0x10 [ 15.035171] ? ktime_get_ts64+0x86/0x230 [ 15.035196] kunit_try_run_case+0x1a5/0x480 [ 15.035248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.035293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.035317] ? __kthread_parkme+0x82/0x180 [ 15.035337] ? preempt_count_sub+0x50/0x80 [ 15.035361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.035407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.035430] kthread+0x337/0x6f0 [ 15.035449] ? trace_preempt_on+0x20/0xc0 [ 15.035473] ? __pfx_kthread+0x10/0x10 [ 15.035494] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.035514] ? calculate_sigpending+0x7b/0xa0 [ 15.035538] ? __pfx_kthread+0x10/0x10 [ 15.035561] ret_from_fork+0x116/0x1d0 [ 15.035579] ? __pfx_kthread+0x10/0x10 [ 15.035600] ret_from_fork_asm+0x1a/0x30 [ 15.035629] </TASK> [ 15.035640] [ 15.042959] Allocated by task 311: [ 15.043081] kasan_save_stack+0x45/0x70 [ 15.043236] kasan_save_track+0x18/0x40 [ 15.043468] kasan_save_alloc_info+0x3b/0x50 [ 15.043696] __kasan_kmalloc+0xb7/0xc0 [ 15.043899] __kmalloc_noprof+0x1c9/0x500 [ 15.044086] kunit_kmalloc_array+0x25/0x60 [ 15.044289] copy_user_test_oob+0xab/0x10f0 [ 15.044496] kunit_try_run_case+0x1a5/0x480 [ 15.044707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.045017] kthread+0x337/0x6f0 [ 15.045179] ret_from_fork+0x116/0x1d0 [ 15.045373] ret_from_fork_asm+0x1a/0x30 [ 15.045555] [ 15.045631] The buggy address belongs to the object at ffff888101addf00 [ 15.045631] which belongs to the cache kmalloc-128 of size 128 [ 15.046116] The buggy address is located 0 bytes inside of [ 15.046116] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.046540] [ 15.046608] The buggy address belongs to the physical page: [ 15.046777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.047110] flags: 0x200000000000000(node=0|zone=2) [ 15.047347] page_type: f5(slab) [ 15.047515] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.047788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.048009] page dumped because: kasan: bad access detected [ 15.048238] [ 15.048326] Memory state around the buggy address: [ 15.048541] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.048896] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.049245] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.049544] ^ [ 15.049787] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.050090] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.050423] ================================================================== [ 15.050888] ================================================================== [ 15.051236] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.051829] Read of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.052144] [ 15.052231] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.052277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.052290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.052312] Call Trace: [ 15.052327] <TASK> [ 15.052341] dump_stack_lvl+0x73/0xb0 [ 15.052368] print_report+0xd1/0x650 [ 15.052390] ? __virt_addr_valid+0x1db/0x2d0 [ 15.052413] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.052461] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052485] kasan_report+0x141/0x180 [ 15.052506] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052534] kasan_check_range+0x10c/0x1c0 [ 15.052557] __kasan_check_read+0x15/0x20 [ 15.052581] copy_user_test_oob+0x4aa/0x10f0 [ 15.052606] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.052656] ? finish_task_switch.isra.0+0x153/0x700 [ 15.052679] ? __switch_to+0x47/0xf50 [ 15.052703] ? __schedule+0x10cc/0x2b60 [ 15.052724] ? __pfx_read_tsc+0x10/0x10 [ 15.052745] ? ktime_get_ts64+0x86/0x230 [ 15.052769] kunit_try_run_case+0x1a5/0x480 [ 15.052792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.052815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.052837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.052859] ? __kthread_parkme+0x82/0x180 [ 15.052880] ? preempt_count_sub+0x50/0x80 [ 15.052902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.052926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.052948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.052971] kthread+0x337/0x6f0 [ 15.052990] ? trace_preempt_on+0x20/0xc0 [ 15.053013] ? __pfx_kthread+0x10/0x10 [ 15.053034] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.053055] ? calculate_sigpending+0x7b/0xa0 [ 15.053078] ? __pfx_kthread+0x10/0x10 [ 15.053099] ret_from_fork+0x116/0x1d0 [ 15.053118] ? __pfx_kthread+0x10/0x10 [ 15.053138] ret_from_fork_asm+0x1a/0x30 [ 15.053167] </TASK> [ 15.053179] [ 15.060116] Allocated by task 311: [ 15.060404] kasan_save_stack+0x45/0x70 [ 15.060596] kasan_save_track+0x18/0x40 [ 15.060803] kasan_save_alloc_info+0x3b/0x50 [ 15.061005] __kasan_kmalloc+0xb7/0xc0 [ 15.061145] __kmalloc_noprof+0x1c9/0x500 [ 15.061340] kunit_kmalloc_array+0x25/0x60 [ 15.061478] copy_user_test_oob+0xab/0x10f0 [ 15.061832] kunit_try_run_case+0x1a5/0x480 [ 15.061999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.062165] kthread+0x337/0x6f0 [ 15.062415] ret_from_fork+0x116/0x1d0 [ 15.062600] ret_from_fork_asm+0x1a/0x30 [ 15.062783] [ 15.062847] The buggy address belongs to the object at ffff888101addf00 [ 15.062847] which belongs to the cache kmalloc-128 of size 128 [ 15.063414] The buggy address is located 0 bytes inside of [ 15.063414] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.063894] [ 15.063959] The buggy address belongs to the physical page: [ 15.064128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.064372] flags: 0x200000000000000(node=0|zone=2) [ 15.064563] page_type: f5(slab) [ 15.064725] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.065110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.065452] page dumped because: kasan: bad access detected [ 15.065755] [ 15.065843] Memory state around the buggy address: [ 15.066078] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.066418] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.066676] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.066885] ^ [ 15.067136] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067690] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.067979] ================================================================== [ 15.068539] ================================================================== [ 15.068869] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.069145] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.069501] [ 15.069586] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.069633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.069646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.069669] Call Trace: [ 15.069682] <TASK> [ 15.069696] dump_stack_lvl+0x73/0xb0 [ 15.069762] print_report+0xd1/0x650 [ 15.069785] ? __virt_addr_valid+0x1db/0x2d0 [ 15.069807] ? copy_user_test_oob+0x557/0x10f0 [ 15.069831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.069857] ? copy_user_test_oob+0x557/0x10f0 [ 15.069881] kasan_report+0x141/0x180 [ 15.069903] ? copy_user_test_oob+0x557/0x10f0 [ 15.069930] kasan_check_range+0x10c/0x1c0 [ 15.069954] __kasan_check_write+0x18/0x20 [ 15.069977] copy_user_test_oob+0x557/0x10f0 [ 15.070002] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.070025] ? finish_task_switch.isra.0+0x153/0x700 [ 15.070047] ? __switch_to+0x47/0xf50 [ 15.070071] ? __schedule+0x10cc/0x2b60 [ 15.070092] ? __pfx_read_tsc+0x10/0x10 [ 15.070113] ? ktime_get_ts64+0x86/0x230 [ 15.070138] kunit_try_run_case+0x1a5/0x480 [ 15.070160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.070183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.070217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.070240] ? __kthread_parkme+0x82/0x180 [ 15.070261] ? preempt_count_sub+0x50/0x80 [ 15.070284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.070307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.070329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.070372] kthread+0x337/0x6f0 [ 15.070391] ? trace_preempt_on+0x20/0xc0 [ 15.070415] ? __pfx_kthread+0x10/0x10 [ 15.070436] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.070456] ? calculate_sigpending+0x7b/0xa0 [ 15.070480] ? __pfx_kthread+0x10/0x10 [ 15.070501] ret_from_fork+0x116/0x1d0 [ 15.070538] ? __pfx_kthread+0x10/0x10 [ 15.070559] ret_from_fork_asm+0x1a/0x30 [ 15.070589] </TASK> [ 15.070599] [ 15.077779] Allocated by task 311: [ 15.077949] kasan_save_stack+0x45/0x70 [ 15.078132] kasan_save_track+0x18/0x40 [ 15.078269] kasan_save_alloc_info+0x3b/0x50 [ 15.078410] __kasan_kmalloc+0xb7/0xc0 [ 15.078535] __kmalloc_noprof+0x1c9/0x500 [ 15.078930] kunit_kmalloc_array+0x25/0x60 [ 15.079124] copy_user_test_oob+0xab/0x10f0 [ 15.079556] kunit_try_run_case+0x1a5/0x480 [ 15.079738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079963] kthread+0x337/0x6f0 [ 15.080115] ret_from_fork+0x116/0x1d0 [ 15.080263] ret_from_fork_asm+0x1a/0x30 [ 15.080466] [ 15.080544] The buggy address belongs to the object at ffff888101addf00 [ 15.080544] which belongs to the cache kmalloc-128 of size 128 [ 15.081016] The buggy address is located 0 bytes inside of [ 15.081016] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.081547] [ 15.081640] The buggy address belongs to the physical page: [ 15.081867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.082192] flags: 0x200000000000000(node=0|zone=2) [ 15.082389] page_type: f5(slab) [ 15.082504] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.082729] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.082948] page dumped because: kasan: bad access detected [ 15.083200] [ 15.083295] Memory state around the buggy address: [ 15.083510] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.083814] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084329] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.084533] ^ [ 15.084739] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084945] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.085343] ==================================================================