Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 34.267499] ================================================================== [ 34.267912] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 34.268037] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.268131] [ 34.268221] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.268312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.268357] Hardware name: linux,dummy-virt (DT) [ 34.268863] Call trace: [ 34.269014] show_stack+0x20/0x38 (C) [ 34.269408] dump_stack_lvl+0x8c/0xd0 [ 34.269537] print_report+0x118/0x608 [ 34.269593] kasan_report+0xdc/0x128 [ 34.269943] kasan_check_range+0x100/0x1a8 [ 34.270072] __kasan_check_read+0x20/0x30 [ 34.270571] copy_user_test_oob+0x3c8/0xec8 [ 34.270736] kunit_try_run_case+0x170/0x3f0 [ 34.270904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.270965] kthread+0x328/0x630 [ 34.271016] ret_from_fork+0x10/0x20 [ 34.271126] [ 34.271149] Allocated by task 317: [ 34.271197] kasan_save_stack+0x3c/0x68 [ 34.271243] kasan_save_track+0x20/0x40 [ 34.271285] kasan_save_alloc_info+0x40/0x58 [ 34.271326] __kasan_kmalloc+0xd4/0xd8 [ 34.271366] __kmalloc_noprof+0x198/0x4c8 [ 34.271408] kunit_kmalloc_array+0x34/0x88 [ 34.271456] copy_user_test_oob+0xac/0xec8 [ 34.271499] kunit_try_run_case+0x170/0x3f0 [ 34.271555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.271605] kthread+0x328/0x630 [ 34.271641] ret_from_fork+0x10/0x20 [ 34.271682] [ 34.271712] The buggy address belongs to the object at fff00000c5a89500 [ 34.271712] which belongs to the cache kmalloc-128 of size 128 [ 34.271794] The buggy address is located 0 bytes inside of [ 34.271794] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.272087] [ 34.272545] The buggy address belongs to the physical page: [ 34.272602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.272862] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.273194] page_type: f5(slab) [ 34.273262] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.273617] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.273761] page dumped because: kasan: bad access detected [ 34.273815] [ 34.273872] Memory state around the buggy address: [ 34.274346] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.274545] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275087] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.275254] ^ [ 34.275573] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275714] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.275852] ================================================================== [ 34.226210] ================================================================== [ 34.226341] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 34.226489] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.226699] [ 34.226753] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.227097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.227440] Hardware name: linux,dummy-virt (DT) [ 34.227506] Call trace: [ 34.227655] show_stack+0x20/0x38 (C) [ 34.227747] dump_stack_lvl+0x8c/0xd0 [ 34.227899] print_report+0x118/0x608 [ 34.227993] kasan_report+0xdc/0x128 [ 34.228137] kasan_check_range+0x100/0x1a8 [ 34.228190] __kasan_check_write+0x20/0x30 [ 34.228239] copy_user_test_oob+0x234/0xec8 [ 34.228432] kunit_try_run_case+0x170/0x3f0 [ 34.228769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.228976] kthread+0x328/0x630 [ 34.229136] ret_from_fork+0x10/0x20 [ 34.229258] [ 34.229280] Allocated by task 317: [ 34.229321] kasan_save_stack+0x3c/0x68 [ 34.229368] kasan_save_track+0x20/0x40 [ 34.229740] kasan_save_alloc_info+0x40/0x58 [ 34.229931] __kasan_kmalloc+0xd4/0xd8 [ 34.230139] __kmalloc_noprof+0x198/0x4c8 [ 34.230191] kunit_kmalloc_array+0x34/0x88 [ 34.230438] copy_user_test_oob+0xac/0xec8 [ 34.230901] kunit_try_run_case+0x170/0x3f0 [ 34.231071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.231377] kthread+0x328/0x630 [ 34.231458] ret_from_fork+0x10/0x20 [ 34.231604] [ 34.231704] The buggy address belongs to the object at fff00000c5a89500 [ 34.231704] which belongs to the cache kmalloc-128 of size 128 [ 34.231959] The buggy address is located 0 bytes inside of [ 34.231959] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.232302] [ 34.232462] The buggy address belongs to the physical page: [ 34.232614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.232747] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.232860] page_type: f5(slab) [ 34.232908] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.233239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.233440] page dumped because: kasan: bad access detected [ 34.233599] [ 34.233775] Memory state around the buggy address: [ 34.233892] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.233942] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234005] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.234324] ^ [ 34.234430] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234532] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.234574] ================================================================== [ 34.243371] ================================================================== [ 34.243472] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 34.243763] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.243860] [ 34.243896] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.244070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.244104] Hardware name: linux,dummy-virt (DT) [ 34.244196] Call trace: [ 34.244529] show_stack+0x20/0x38 (C) [ 34.244603] dump_stack_lvl+0x8c/0xd0 [ 34.244657] print_report+0x118/0x608 [ 34.244708] kasan_report+0xdc/0x128 [ 34.244780] kasan_check_range+0x100/0x1a8 [ 34.245116] __kasan_check_read+0x20/0x30 [ 34.245197] copy_user_test_oob+0x728/0xec8 [ 34.245279] kunit_try_run_case+0x170/0x3f0 [ 34.245599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.245696] kthread+0x328/0x630 [ 34.245741] ret_from_fork+0x10/0x20 [ 34.245817] [ 34.245852] Allocated by task 317: [ 34.245919] kasan_save_stack+0x3c/0x68 [ 34.245992] kasan_save_track+0x20/0x40 [ 34.246033] kasan_save_alloc_info+0x40/0x58 [ 34.246074] __kasan_kmalloc+0xd4/0xd8 [ 34.246130] __kmalloc_noprof+0x198/0x4c8 [ 34.246171] kunit_kmalloc_array+0x34/0x88 [ 34.246213] copy_user_test_oob+0xac/0xec8 [ 34.246256] kunit_try_run_case+0x170/0x3f0 [ 34.246296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.246343] kthread+0x328/0x630 [ 34.246379] ret_from_fork+0x10/0x20 [ 34.246426] [ 34.246457] The buggy address belongs to the object at fff00000c5a89500 [ 34.246457] which belongs to the cache kmalloc-128 of size 128 [ 34.246525] The buggy address is located 0 bytes inside of [ 34.246525] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.246605] [ 34.246628] The buggy address belongs to the physical page: [ 34.246671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.246728] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.246794] page_type: f5(slab) [ 34.247069] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.247156] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.247568] page dumped because: kasan: bad access detected [ 34.247692] [ 34.248113] Memory state around the buggy address: [ 34.248168] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.248498] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.248666] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.248730] ^ [ 34.248786] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.249055] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.249107] ================================================================== [ 34.278026] ================================================================== [ 34.278107] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 34.278192] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.278337] [ 34.278388] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.278483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.278850] Hardware name: linux,dummy-virt (DT) [ 34.278903] Call trace: [ 34.278929] show_stack+0x20/0x38 (C) [ 34.279283] dump_stack_lvl+0x8c/0xd0 [ 34.279438] print_report+0x118/0x608 [ 34.279565] kasan_report+0xdc/0x128 [ 34.279851] kasan_check_range+0x100/0x1a8 [ 34.279923] __kasan_check_write+0x20/0x30 [ 34.279978] copy_user_test_oob+0x434/0xec8 [ 34.280338] kunit_try_run_case+0x170/0x3f0 [ 34.280460] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.280539] kthread+0x328/0x630 [ 34.280744] ret_from_fork+0x10/0x20 [ 34.280940] [ 34.280963] Allocated by task 317: [ 34.281002] kasan_save_stack+0x3c/0x68 [ 34.281357] kasan_save_track+0x20/0x40 [ 34.281438] kasan_save_alloc_info+0x40/0x58 [ 34.281759] __kasan_kmalloc+0xd4/0xd8 [ 34.282150] __kmalloc_noprof+0x198/0x4c8 [ 34.282230] kunit_kmalloc_array+0x34/0x88 [ 34.282412] copy_user_test_oob+0xac/0xec8 [ 34.282473] kunit_try_run_case+0x170/0x3f0 [ 34.282518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.282583] kthread+0x328/0x630 [ 34.282631] ret_from_fork+0x10/0x20 [ 34.282685] [ 34.282720] The buggy address belongs to the object at fff00000c5a89500 [ 34.282720] which belongs to the cache kmalloc-128 of size 128 [ 34.282802] The buggy address is located 0 bytes inside of [ 34.282802] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.282883] [ 34.282916] The buggy address belongs to the physical page: [ 34.282957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.283021] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.283072] page_type: f5(slab) [ 34.283120] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.283184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.283237] page dumped because: kasan: bad access detected [ 34.283274] [ 34.283318] Memory state around the buggy address: [ 34.283375] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.283420] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283465] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.283514] ^ [ 34.283566] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283610] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283660] ================================================================== [ 34.258504] ================================================================== [ 34.258569] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 34.259035] Write of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.259264] [ 34.259305] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.259396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.259425] Hardware name: linux,dummy-virt (DT) [ 34.259460] Call trace: [ 34.259484] show_stack+0x20/0x38 (C) [ 34.259539] dump_stack_lvl+0x8c/0xd0 [ 34.259589] print_report+0x118/0x608 [ 34.259648] kasan_report+0xdc/0x128 [ 34.259696] kasan_check_range+0x100/0x1a8 [ 34.259747] __kasan_check_write+0x20/0x30 [ 34.259794] copy_user_test_oob+0x35c/0xec8 [ 34.259854] kunit_try_run_case+0x170/0x3f0 [ 34.259905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.259962] kthread+0x328/0x630 [ 34.260004] ret_from_fork+0x10/0x20 [ 34.260055] [ 34.260086] Allocated by task 317: [ 34.260123] kasan_save_stack+0x3c/0x68 [ 34.260168] kasan_save_track+0x20/0x40 [ 34.260208] kasan_save_alloc_info+0x40/0x58 [ 34.260248] __kasan_kmalloc+0xd4/0xd8 [ 34.260289] __kmalloc_noprof+0x198/0x4c8 [ 34.260663] kunit_kmalloc_array+0x34/0x88 [ 34.260964] copy_user_test_oob+0xac/0xec8 [ 34.261264] kunit_try_run_case+0x170/0x3f0 [ 34.261430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.261515] kthread+0x328/0x630 [ 34.261551] ret_from_fork+0x10/0x20 [ 34.261598] [ 34.261872] The buggy address belongs to the object at fff00000c5a89500 [ 34.261872] which belongs to the cache kmalloc-128 of size 128 [ 34.262109] The buggy address is located 0 bytes inside of [ 34.262109] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.262523] [ 34.262686] The buggy address belongs to the physical page: [ 34.263072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.263253] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.263384] page_type: f5(slab) [ 34.263429] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.263768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.263860] page dumped because: kasan: bad access detected [ 34.264170] [ 34.264229] Memory state around the buggy address: [ 34.264325] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.264379] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.264613] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.264790] ^ [ 34.265144] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.265372] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.265431] ================================================================== [ 34.284608] ================================================================== [ 34.284677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 34.285244] Read of size 121 at addr fff00000c5a89500 by task kunit_try_catch/317 [ 34.285298] [ 34.285363] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 34.285680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.285749] Hardware name: linux,dummy-virt (DT) [ 34.285892] Call trace: [ 34.285944] show_stack+0x20/0x38 (C) [ 34.286333] dump_stack_lvl+0x8c/0xd0 [ 34.286422] print_report+0x118/0x608 [ 34.286554] kasan_report+0xdc/0x128 [ 34.286682] kasan_check_range+0x100/0x1a8 [ 34.286769] __kasan_check_read+0x20/0x30 [ 34.287141] copy_user_test_oob+0x4a0/0xec8 [ 34.287630] kunit_try_run_case+0x170/0x3f0 [ 34.287770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.287961] kthread+0x328/0x630 [ 34.288049] ret_from_fork+0x10/0x20 [ 34.288854] [ 34.288895] Allocated by task 317: [ 34.288931] kasan_save_stack+0x3c/0x68 [ 34.289309] kasan_save_track+0x20/0x40 [ 34.289397] kasan_save_alloc_info+0x40/0x58 [ 34.289529] __kasan_kmalloc+0xd4/0xd8 [ 34.289686] __kmalloc_noprof+0x198/0x4c8 [ 34.289849] kunit_kmalloc_array+0x34/0x88 [ 34.289981] copy_user_test_oob+0xac/0xec8 [ 34.290099] kunit_try_run_case+0x170/0x3f0 [ 34.290219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 34.290272] kthread+0x328/0x630 [ 34.290308] ret_from_fork+0x10/0x20 [ 34.290613] [ 34.290698] The buggy address belongs to the object at fff00000c5a89500 [ 34.290698] which belongs to the cache kmalloc-128 of size 128 [ 34.291035] The buggy address is located 0 bytes inside of [ 34.291035] allocated 120-byte region [fff00000c5a89500, fff00000c5a89578) [ 34.291195] [ 34.291221] The buggy address belongs to the physical page: [ 34.291255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a89 [ 34.291622] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 34.291702] page_type: f5(slab) [ 34.292043] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 34.292168] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 34.292214] page dumped because: kasan: bad access detected [ 34.292358] [ 34.292545] Memory state around the buggy address: [ 34.292925] fff00000c5a89400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.293031] fff00000c5a89480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293110] >fff00000c5a89500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 34.293160] ^ [ 34.293206] fff00000c5a89580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293380] fff00000c5a89600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.293577] ==================================================================
[ 27.113168] ================================================================== [ 27.113823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.114229] Read of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.114517] [ 27.114812] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.114861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.114876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.114986] Call Trace: [ 27.115002] <TASK> [ 27.115018] dump_stack_lvl+0x73/0xb0 [ 27.115048] print_report+0xd1/0x650 [ 27.115072] ? __virt_addr_valid+0x1db/0x2d0 [ 27.115098] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.115323] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115349] kasan_report+0x141/0x180 [ 27.115373] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115402] kasan_check_range+0x10c/0x1c0 [ 27.115427] __kasan_check_read+0x15/0x20 [ 27.115451] copy_user_test_oob+0x4aa/0x10f0 [ 27.115489] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.115514] ? finish_task_switch.isra.0+0x153/0x700 [ 27.115538] ? __switch_to+0x47/0xf50 [ 27.115564] ? __schedule+0x10cc/0x2b60 [ 27.115591] ? __pfx_read_tsc+0x10/0x10 [ 27.115614] ? ktime_get_ts64+0x86/0x230 [ 27.115639] kunit_try_run_case+0x1a5/0x480 [ 27.115665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.115690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.115712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.115739] ? __kthread_parkme+0x82/0x180 [ 27.115760] ? preempt_count_sub+0x50/0x80 [ 27.115785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.115811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.115836] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.115862] kthread+0x337/0x6f0 [ 27.115883] ? trace_preempt_on+0x20/0xc0 [ 27.115907] ? __pfx_kthread+0x10/0x10 [ 27.115930] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.115955] ? calculate_sigpending+0x7b/0xa0 [ 27.115980] ? __pfx_kthread+0x10/0x10 [ 27.116003] ret_from_fork+0x116/0x1d0 [ 27.116024] ? __pfx_kthread+0x10/0x10 [ 27.116046] ret_from_fork_asm+0x1a/0x30 [ 27.116079] </TASK> [ 27.116091] [ 27.125354] Allocated by task 334: [ 27.125668] kasan_save_stack+0x45/0x70 [ 27.125844] kasan_save_track+0x18/0x40 [ 27.126093] kasan_save_alloc_info+0x3b/0x50 [ 27.126272] __kasan_kmalloc+0xb7/0xc0 [ 27.126616] __kmalloc_noprof+0x1c9/0x500 [ 27.126807] kunit_kmalloc_array+0x25/0x60 [ 27.127115] copy_user_test_oob+0xab/0x10f0 [ 27.127342] kunit_try_run_case+0x1a5/0x480 [ 27.127542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.127769] kthread+0x337/0x6f0 [ 27.127926] ret_from_fork+0x116/0x1d0 [ 27.128087] ret_from_fork_asm+0x1a/0x30 [ 27.128555] [ 27.128650] The buggy address belongs to the object at ffff888105ab1d00 [ 27.128650] which belongs to the cache kmalloc-128 of size 128 [ 27.129230] The buggy address is located 0 bytes inside of [ 27.129230] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.129903] [ 27.130061] The buggy address belongs to the physical page: [ 27.130294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.130735] flags: 0x200000000000000(node=0|zone=2) [ 27.130972] page_type: f5(slab) [ 27.131279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.131650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.132044] page dumped because: kasan: bad access detected [ 27.132294] [ 27.132389] Memory state around the buggy address: [ 27.132594] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.132881] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.133170] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.133451] ^ [ 27.133741] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.134028] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.134313] ================================================================== [ 27.157040] ================================================================== [ 27.157552] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.158013] Read of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.158375] [ 27.158489] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.158688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.158704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.158728] Call Trace: [ 27.158747] <TASK> [ 27.158765] dump_stack_lvl+0x73/0xb0 [ 27.158798] print_report+0xd1/0x650 [ 27.158823] ? __virt_addr_valid+0x1db/0x2d0 [ 27.158848] ? copy_user_test_oob+0x604/0x10f0 [ 27.158872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.158899] ? copy_user_test_oob+0x604/0x10f0 [ 27.158924] kasan_report+0x141/0x180 [ 27.158947] ? copy_user_test_oob+0x604/0x10f0 [ 27.158976] kasan_check_range+0x10c/0x1c0 [ 27.159002] __kasan_check_read+0x15/0x20 [ 27.159026] copy_user_test_oob+0x604/0x10f0 [ 27.159053] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.159076] ? finish_task_switch.isra.0+0x153/0x700 [ 27.159099] ? __switch_to+0x47/0xf50 [ 27.159126] ? __schedule+0x10cc/0x2b60 [ 27.159153] ? __pfx_read_tsc+0x10/0x10 [ 27.159176] ? ktime_get_ts64+0x86/0x230 [ 27.159289] kunit_try_run_case+0x1a5/0x480 [ 27.159320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.159345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.159368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.159396] ? __kthread_parkme+0x82/0x180 [ 27.159418] ? preempt_count_sub+0x50/0x80 [ 27.159442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.159485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.159510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.159537] kthread+0x337/0x6f0 [ 27.159560] ? trace_preempt_on+0x20/0xc0 [ 27.159585] ? __pfx_kthread+0x10/0x10 [ 27.159607] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.159633] ? calculate_sigpending+0x7b/0xa0 [ 27.159657] ? __pfx_kthread+0x10/0x10 [ 27.159681] ret_from_fork+0x116/0x1d0 [ 27.159701] ? __pfx_kthread+0x10/0x10 [ 27.159724] ret_from_fork_asm+0x1a/0x30 [ 27.159757] </TASK> [ 27.159769] [ 27.168971] Allocated by task 334: [ 27.169145] kasan_save_stack+0x45/0x70 [ 27.169474] kasan_save_track+0x18/0x40 [ 27.169625] kasan_save_alloc_info+0x3b/0x50 [ 27.169990] __kasan_kmalloc+0xb7/0xc0 [ 27.170284] __kmalloc_noprof+0x1c9/0x500 [ 27.170450] kunit_kmalloc_array+0x25/0x60 [ 27.170780] copy_user_test_oob+0xab/0x10f0 [ 27.171045] kunit_try_run_case+0x1a5/0x480 [ 27.171299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.171550] kthread+0x337/0x6f0 [ 27.171703] ret_from_fork+0x116/0x1d0 [ 27.171866] ret_from_fork_asm+0x1a/0x30 [ 27.172040] [ 27.172115] The buggy address belongs to the object at ffff888105ab1d00 [ 27.172115] which belongs to the cache kmalloc-128 of size 128 [ 27.172947] The buggy address is located 0 bytes inside of [ 27.172947] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.173639] [ 27.173730] The buggy address belongs to the physical page: [ 27.173951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.174530] flags: 0x200000000000000(node=0|zone=2) [ 27.174813] page_type: f5(slab) [ 27.174941] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.175475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.175848] page dumped because: kasan: bad access detected [ 27.176081] [ 27.176162] Memory state around the buggy address: [ 27.176558] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.176854] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.177140] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.177699] ^ [ 27.178058] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178401] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178809] ================================================================== [ 27.091359] ================================================================== [ 27.091705] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.092120] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.092574] [ 27.092671] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.092725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.092741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.092765] Call Trace: [ 27.092781] <TASK> [ 27.092799] dump_stack_lvl+0x73/0xb0 [ 27.092829] print_report+0xd1/0x650 [ 27.092853] ? __virt_addr_valid+0x1db/0x2d0 [ 27.092878] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.092902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.092929] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.092954] kasan_report+0x141/0x180 [ 27.092976] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.093006] kasan_check_range+0x10c/0x1c0 [ 27.093031] __kasan_check_write+0x18/0x20 [ 27.093055] copy_user_test_oob+0x3fd/0x10f0 [ 27.093082] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.093105] ? finish_task_switch.isra.0+0x153/0x700 [ 27.093130] ? __switch_to+0x47/0xf50 [ 27.093156] ? __schedule+0x10cc/0x2b60 [ 27.093183] ? __pfx_read_tsc+0x10/0x10 [ 27.093526] ? ktime_get_ts64+0x86/0x230 [ 27.093555] kunit_try_run_case+0x1a5/0x480 [ 27.093583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.093633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.093659] ? __kthread_parkme+0x82/0x180 [ 27.093682] ? preempt_count_sub+0x50/0x80 [ 27.093707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.093761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.093786] kthread+0x337/0x6f0 [ 27.093808] ? trace_preempt_on+0x20/0xc0 [ 27.093833] ? __pfx_kthread+0x10/0x10 [ 27.093868] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.093893] ? calculate_sigpending+0x7b/0xa0 [ 27.093918] ? __pfx_kthread+0x10/0x10 [ 27.093942] ret_from_fork+0x116/0x1d0 [ 27.093962] ? __pfx_kthread+0x10/0x10 [ 27.093985] ret_from_fork_asm+0x1a/0x30 [ 27.094017] </TASK> [ 27.094030] [ 27.103025] Allocated by task 334: [ 27.103273] kasan_save_stack+0x45/0x70 [ 27.103672] kasan_save_track+0x18/0x40 [ 27.103908] kasan_save_alloc_info+0x3b/0x50 [ 27.104104] __kasan_kmalloc+0xb7/0xc0 [ 27.104405] __kmalloc_noprof+0x1c9/0x500 [ 27.104619] kunit_kmalloc_array+0x25/0x60 [ 27.104911] copy_user_test_oob+0xab/0x10f0 [ 27.105184] kunit_try_run_case+0x1a5/0x480 [ 27.105435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.105740] kthread+0x337/0x6f0 [ 27.105877] ret_from_fork+0x116/0x1d0 [ 27.106063] ret_from_fork_asm+0x1a/0x30 [ 27.106415] [ 27.106520] The buggy address belongs to the object at ffff888105ab1d00 [ 27.106520] which belongs to the cache kmalloc-128 of size 128 [ 27.107120] The buggy address is located 0 bytes inside of [ 27.107120] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.107749] [ 27.107842] The buggy address belongs to the physical page: [ 27.108067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.108586] flags: 0x200000000000000(node=0|zone=2) [ 27.108873] page_type: f5(slab) [ 27.109007] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.109450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.109856] page dumped because: kasan: bad access detected [ 27.110084] [ 27.110154] Memory state around the buggy address: [ 27.110359] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.110665] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.110956] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.111240] ^ [ 27.111832] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.112195] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.112442] ================================================================== [ 27.135229] ================================================================== [ 27.135651] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.136029] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.136325] [ 27.136405] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.136695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.136712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.136736] Call Trace: [ 27.136751] <TASK> [ 27.136768] dump_stack_lvl+0x73/0xb0 [ 27.136799] print_report+0xd1/0x650 [ 27.136823] ? __virt_addr_valid+0x1db/0x2d0 [ 27.136847] ? copy_user_test_oob+0x557/0x10f0 [ 27.136871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.136900] ? copy_user_test_oob+0x557/0x10f0 [ 27.136926] kasan_report+0x141/0x180 [ 27.136949] ? copy_user_test_oob+0x557/0x10f0 [ 27.136978] kasan_check_range+0x10c/0x1c0 [ 27.137003] __kasan_check_write+0x18/0x20 [ 27.137028] copy_user_test_oob+0x557/0x10f0 [ 27.137055] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.137079] ? finish_task_switch.isra.0+0x153/0x700 [ 27.137102] ? __switch_to+0x47/0xf50 [ 27.137129] ? __schedule+0x10cc/0x2b60 [ 27.137155] ? __pfx_read_tsc+0x10/0x10 [ 27.137177] ? ktime_get_ts64+0x86/0x230 [ 27.137217] kunit_try_run_case+0x1a5/0x480 [ 27.137244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.137270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.137291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.137318] ? __kthread_parkme+0x82/0x180 [ 27.137340] ? preempt_count_sub+0x50/0x80 [ 27.137364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.137390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.137415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.137441] kthread+0x337/0x6f0 [ 27.137474] ? trace_preempt_on+0x20/0xc0 [ 27.137498] ? __pfx_kthread+0x10/0x10 [ 27.137521] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.137545] ? calculate_sigpending+0x7b/0xa0 [ 27.137571] ? __pfx_kthread+0x10/0x10 [ 27.137595] ret_from_fork+0x116/0x1d0 [ 27.137615] ? __pfx_kthread+0x10/0x10 [ 27.137638] ret_from_fork_asm+0x1a/0x30 [ 27.137670] </TASK> [ 27.137683] [ 27.146845] Allocated by task 334: [ 27.147135] kasan_save_stack+0x45/0x70 [ 27.147401] kasan_save_track+0x18/0x40 [ 27.147589] kasan_save_alloc_info+0x3b/0x50 [ 27.147785] __kasan_kmalloc+0xb7/0xc0 [ 27.147967] __kmalloc_noprof+0x1c9/0x500 [ 27.148138] kunit_kmalloc_array+0x25/0x60 [ 27.148634] copy_user_test_oob+0xab/0x10f0 [ 27.148811] kunit_try_run_case+0x1a5/0x480 [ 27.149017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.149377] kthread+0x337/0x6f0 [ 27.149669] ret_from_fork+0x116/0x1d0 [ 27.149814] ret_from_fork_asm+0x1a/0x30 [ 27.150083] [ 27.150247] The buggy address belongs to the object at ffff888105ab1d00 [ 27.150247] which belongs to the cache kmalloc-128 of size 128 [ 27.150874] The buggy address is located 0 bytes inside of [ 27.150874] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.151427] [ 27.151605] The buggy address belongs to the physical page: [ 27.151855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.152179] flags: 0x200000000000000(node=0|zone=2) [ 27.152592] page_type: f5(slab) [ 27.152749] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.153164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.153545] page dumped because: kasan: bad access detected [ 27.153772] [ 27.153876] Memory state around the buggy address: [ 27.154244] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.154647] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.154908] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.155316] ^ [ 27.155637] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.155936] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.156226] ==================================================================