Date
July 4, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.736550] ================================================================== [ 32.736605] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 32.736661] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.736714] [ 32.736929] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.737388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.737778] Hardware name: linux,dummy-virt (DT) [ 32.737990] Call trace: [ 32.738321] show_stack+0x20/0x38 (C) [ 32.738717] dump_stack_lvl+0x8c/0xd0 [ 32.738769] print_report+0x118/0x608 [ 32.738840] kasan_report+0xdc/0x128 [ 32.738890] kasan_check_range+0x100/0x1a8 [ 32.738948] __kasan_check_read+0x20/0x30 [ 32.738995] copy_user_test_oob+0x3c8/0xec8 [ 32.739416] kunit_try_run_case+0x170/0x3f0 [ 32.739686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.739744] kthread+0x328/0x630 [ 32.739786] ret_from_fork+0x10/0x20 [ 32.739847] [ 32.739883] Allocated by task 318: [ 32.739926] kasan_save_stack+0x3c/0x68 [ 32.739970] kasan_save_track+0x20/0x40 [ 32.740012] kasan_save_alloc_info+0x40/0x58 [ 32.740050] __kasan_kmalloc+0xd4/0xd8 [ 32.740092] __kmalloc_noprof+0x198/0x4c8 [ 32.740133] kunit_kmalloc_array+0x34/0x88 [ 32.740184] copy_user_test_oob+0xac/0xec8 [ 32.740223] kunit_try_run_case+0x170/0x3f0 [ 32.740635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.741083] kthread+0x328/0x630 [ 32.741263] ret_from_fork+0x10/0x20 [ 32.741379] [ 32.741456] The buggy address belongs to the object at fff00000c5adb400 [ 32.741456] which belongs to the cache kmalloc-128 of size 128 [ 32.741531] The buggy address is located 0 bytes inside of [ 32.741531] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.741657] [ 32.741761] The buggy address belongs to the physical page: [ 32.741796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.742514] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.742678] page_type: f5(slab) [ 32.742719] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.742772] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.742815] page dumped because: kasan: bad access detected [ 32.742849] [ 32.742871] Memory state around the buggy address: [ 32.742915] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.742963] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743009] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.743047] ^ [ 32.743779] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743845] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.743888] ================================================================== [ 32.702039] ================================================================== [ 32.702131] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 32.702208] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.702430] [ 32.702524] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.702620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.703513] Hardware name: linux,dummy-virt (DT) [ 32.703569] Call trace: [ 32.703615] show_stack+0x20/0x38 (C) [ 32.703686] dump_stack_lvl+0x8c/0xd0 [ 32.703741] print_report+0x118/0x608 [ 32.703790] kasan_report+0xdc/0x128 [ 32.703847] kasan_check_range+0x100/0x1a8 [ 32.703894] __kasan_check_write+0x20/0x30 [ 32.703967] copy_user_test_oob+0x234/0xec8 [ 32.704019] kunit_try_run_case+0x170/0x3f0 [ 32.704070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.704126] kthread+0x328/0x630 [ 32.704180] ret_from_fork+0x10/0x20 [ 32.704232] [ 32.704255] Allocated by task 318: [ 32.704288] kasan_save_stack+0x3c/0x68 [ 32.704333] kasan_save_track+0x20/0x40 [ 32.704375] kasan_save_alloc_info+0x40/0x58 [ 32.704423] __kasan_kmalloc+0xd4/0xd8 [ 32.704464] __kmalloc_noprof+0x198/0x4c8 [ 32.704517] kunit_kmalloc_array+0x34/0x88 [ 32.704558] copy_user_test_oob+0xac/0xec8 [ 32.704597] kunit_try_run_case+0x170/0x3f0 [ 32.704649] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.704695] kthread+0x328/0x630 [ 32.704729] ret_from_fork+0x10/0x20 [ 32.704773] [ 32.704799] The buggy address belongs to the object at fff00000c5adb400 [ 32.704799] which belongs to the cache kmalloc-128 of size 128 [ 32.704873] The buggy address is located 0 bytes inside of [ 32.704873] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.704952] [ 32.704977] The buggy address belongs to the physical page: [ 32.705013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.705072] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.705125] page_type: f5(slab) [ 32.705167] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.705220] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.705264] page dumped because: kasan: bad access detected [ 32.705298] [ 32.705318] Memory state around the buggy address: [ 32.705354] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.705400] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705444] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.705485] ^ [ 32.705527] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705571] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.705609] ================================================================== [ 32.713605] ================================================================== [ 32.713667] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 32.713892] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.714034] [ 32.714098] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.714210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.714415] Hardware name: linux,dummy-virt (DT) [ 32.714488] Call trace: [ 32.714516] show_stack+0x20/0x38 (C) [ 32.714569] dump_stack_lvl+0x8c/0xd0 [ 32.714617] print_report+0x118/0x608 [ 32.714689] kasan_report+0xdc/0x128 [ 32.714747] kasan_check_range+0x100/0x1a8 [ 32.714806] __kasan_check_read+0x20/0x30 [ 32.714860] copy_user_test_oob+0x728/0xec8 [ 32.714934] kunit_try_run_case+0x170/0x3f0 [ 32.714994] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.715067] kthread+0x328/0x630 [ 32.715117] ret_from_fork+0x10/0x20 [ 32.715176] [ 32.715207] Allocated by task 318: [ 32.715236] kasan_save_stack+0x3c/0x68 [ 32.715282] kasan_save_track+0x20/0x40 [ 32.715323] kasan_save_alloc_info+0x40/0x58 [ 32.715374] __kasan_kmalloc+0xd4/0xd8 [ 32.715422] __kmalloc_noprof+0x198/0x4c8 [ 32.715465] kunit_kmalloc_array+0x34/0x88 [ 32.715506] copy_user_test_oob+0xac/0xec8 [ 32.715548] kunit_try_run_case+0x170/0x3f0 [ 32.715588] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.715633] kthread+0x328/0x630 [ 32.715690] ret_from_fork+0x10/0x20 [ 32.715729] [ 32.715768] The buggy address belongs to the object at fff00000c5adb400 [ 32.715768] which belongs to the cache kmalloc-128 of size 128 [ 32.715836] The buggy address is located 0 bytes inside of [ 32.715836] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.716640] [ 32.716676] The buggy address belongs to the physical page: [ 32.716789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.716845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.716906] page_type: f5(slab) [ 32.716948] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.717002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.717358] page dumped because: kasan: bad access detected [ 32.717429] [ 32.717681] Memory state around the buggy address: [ 32.717866] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.717928] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.717973] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.718014] ^ [ 32.718057] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.718476] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.718755] ================================================================== [ 32.753030] ================================================================== [ 32.753300] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 32.753563] Read of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.753676] [ 32.753760] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.753880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.753921] Hardware name: linux,dummy-virt (DT) [ 32.754313] Call trace: [ 32.754380] show_stack+0x20/0x38 (C) [ 32.754438] dump_stack_lvl+0x8c/0xd0 [ 32.754603] print_report+0x118/0x608 [ 32.754662] kasan_report+0xdc/0x128 [ 32.755032] kasan_check_range+0x100/0x1a8 [ 32.755087] __kasan_check_read+0x20/0x30 [ 32.755135] copy_user_test_oob+0x4a0/0xec8 [ 32.755547] kunit_try_run_case+0x170/0x3f0 [ 32.755688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.755748] kthread+0x328/0x630 [ 32.755794] ret_from_fork+0x10/0x20 [ 32.755844] [ 32.755866] Allocated by task 318: [ 32.755910] kasan_save_stack+0x3c/0x68 [ 32.755967] kasan_save_track+0x20/0x40 [ 32.756012] kasan_save_alloc_info+0x40/0x58 [ 32.756529] __kasan_kmalloc+0xd4/0xd8 [ 32.756839] __kmalloc_noprof+0x198/0x4c8 [ 32.756986] kunit_kmalloc_array+0x34/0x88 [ 32.757088] copy_user_test_oob+0xac/0xec8 [ 32.757139] kunit_try_run_case+0x170/0x3f0 [ 32.757184] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.757237] kthread+0x328/0x630 [ 32.757276] ret_from_fork+0x10/0x20 [ 32.757317] [ 32.757926] The buggy address belongs to the object at fff00000c5adb400 [ 32.757926] which belongs to the cache kmalloc-128 of size 128 [ 32.758159] The buggy address is located 0 bytes inside of [ 32.758159] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.758261] [ 32.758286] The buggy address belongs to the physical page: [ 32.758322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.758402] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.758778] page_type: f5(slab) [ 32.758913] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.759007] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.759052] page dumped because: kasan: bad access detected [ 32.759088] [ 32.759131] Memory state around the buggy address: [ 32.759320] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.759554] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.759706] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.759781] ^ [ 32.759829] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.760215] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.760620] ================================================================== [ 32.728433] ================================================================== [ 32.728668] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 32.728917] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.728972] [ 32.729007] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.729423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.729454] Hardware name: linux,dummy-virt (DT) [ 32.729488] Call trace: [ 32.729513] show_stack+0x20/0x38 (C) [ 32.730071] dump_stack_lvl+0x8c/0xd0 [ 32.730128] print_report+0x118/0x608 [ 32.730224] kasan_report+0xdc/0x128 [ 32.730322] kasan_check_range+0x100/0x1a8 [ 32.730370] __kasan_check_write+0x20/0x30 [ 32.730441] copy_user_test_oob+0x35c/0xec8 [ 32.730489] kunit_try_run_case+0x170/0x3f0 [ 32.730810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.730872] kthread+0x328/0x630 [ 32.730924] ret_from_fork+0x10/0x20 [ 32.730975] [ 32.731022] Allocated by task 318: [ 32.731099] kasan_save_stack+0x3c/0x68 [ 32.731145] kasan_save_track+0x20/0x40 [ 32.731242] kasan_save_alloc_info+0x40/0x58 [ 32.731344] __kasan_kmalloc+0xd4/0xd8 [ 32.731423] __kmalloc_noprof+0x198/0x4c8 [ 32.731466] kunit_kmalloc_array+0x34/0x88 [ 32.731509] copy_user_test_oob+0xac/0xec8 [ 32.731552] kunit_try_run_case+0x170/0x3f0 [ 32.731639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.731855] kthread+0x328/0x630 [ 32.731918] ret_from_fork+0x10/0x20 [ 32.731958] [ 32.732013] The buggy address belongs to the object at fff00000c5adb400 [ 32.732013] which belongs to the cache kmalloc-128 of size 128 [ 32.732145] The buggy address is located 0 bytes inside of [ 32.732145] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.732307] [ 32.732362] The buggy address belongs to the physical page: [ 32.732396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.732450] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.732501] page_type: f5(slab) [ 32.732548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.732815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.733243] page dumped because: kasan: bad access detected [ 32.733894] [ 32.734087] Memory state around the buggy address: [ 32.734130] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.734519] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.734604] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.734645] ^ [ 32.734689] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.734731] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.735181] ================================================================== [ 32.744962] ================================================================== [ 32.745108] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 32.745161] Write of size 121 at addr fff00000c5adb400 by task kunit_try_catch/318 [ 32.745321] [ 32.745462] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 32.745766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.745796] Hardware name: linux,dummy-virt (DT) [ 32.745830] Call trace: [ 32.745854] show_stack+0x20/0x38 (C) [ 32.746344] dump_stack_lvl+0x8c/0xd0 [ 32.746479] print_report+0x118/0x608 [ 32.746546] kasan_report+0xdc/0x128 [ 32.746596] kasan_check_range+0x100/0x1a8 [ 32.746643] __kasan_check_write+0x20/0x30 [ 32.746690] copy_user_test_oob+0x434/0xec8 [ 32.746740] kunit_try_run_case+0x170/0x3f0 [ 32.747356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.747766] kthread+0x328/0x630 [ 32.747814] ret_from_fork+0x10/0x20 [ 32.748282] [ 32.748357] Allocated by task 318: [ 32.748392] kasan_save_stack+0x3c/0x68 [ 32.748438] kasan_save_track+0x20/0x40 [ 32.748480] kasan_save_alloc_info+0x40/0x58 [ 32.748521] __kasan_kmalloc+0xd4/0xd8 [ 32.748608] __kmalloc_noprof+0x198/0x4c8 [ 32.748743] kunit_kmalloc_array+0x34/0x88 [ 32.748788] copy_user_test_oob+0xac/0xec8 [ 32.748913] kunit_try_run_case+0x170/0x3f0 [ 32.748956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.749004] kthread+0x328/0x630 [ 32.749177] ret_from_fork+0x10/0x20 [ 32.749740] [ 32.749770] The buggy address belongs to the object at fff00000c5adb400 [ 32.749770] which belongs to the cache kmalloc-128 of size 128 [ 32.749837] The buggy address is located 0 bytes inside of [ 32.749837] allocated 120-byte region [fff00000c5adb400, fff00000c5adb478) [ 32.749912] [ 32.750111] The buggy address belongs to the physical page: [ 32.750173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb [ 32.750246] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.750332] page_type: f5(slab) [ 32.750476] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.750530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.750574] page dumped because: kasan: bad access detected [ 32.750610] [ 32.750641] Memory state around the buggy address: [ 32.750677] fff00000c5adb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.750971] fff00000c5adb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751020] >fff00000c5adb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.751424] ^ [ 32.751569] fff00000c5adb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751728] fff00000c5adb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.751790] ==================================================================
[ 29.490353] ================================================================== [ 29.490663] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.490962] Read of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.491265] [ 29.491404] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.491466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.491483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.491511] Call Trace: [ 29.491537] <TASK> [ 29.491561] dump_stack_lvl+0x73/0xb0 [ 29.491596] print_report+0xd1/0x650 [ 29.491623] ? __virt_addr_valid+0x1db/0x2d0 [ 29.491652] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491679] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.491746] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491776] kasan_report+0x141/0x180 [ 29.491803] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491849] kasan_check_range+0x10c/0x1c0 [ 29.491899] __kasan_check_read+0x15/0x20 [ 29.491928] copy_user_test_oob+0x4aa/0x10f0 [ 29.491958] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.491985] ? finish_task_switch.isra.0+0x153/0x700 [ 29.492011] ? __switch_to+0x47/0xf50 [ 29.492043] ? __schedule+0x10cc/0x2b60 [ 29.492072] ? __pfx_read_tsc+0x10/0x10 [ 29.492125] ? ktime_get_ts64+0x86/0x230 [ 29.492162] kunit_try_run_case+0x1a5/0x480 [ 29.492192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.492221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.492254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.492283] ? __kthread_parkme+0x82/0x180 [ 29.492307] ? preempt_count_sub+0x50/0x80 [ 29.492335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.492363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.492428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.492461] kthread+0x337/0x6f0 [ 29.492498] ? trace_preempt_on+0x20/0xc0 [ 29.492528] ? __pfx_kthread+0x10/0x10 [ 29.492553] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.492580] ? calculate_sigpending+0x7b/0xa0 [ 29.492609] ? __pfx_kthread+0x10/0x10 [ 29.492634] ret_from_fork+0x116/0x1d0 [ 29.492657] ? __pfx_kthread+0x10/0x10 [ 29.492681] ret_from_fork_asm+0x1a/0x30 [ 29.492718] </TASK> [ 29.492733] [ 29.502835] Allocated by task 334: [ 29.503026] kasan_save_stack+0x45/0x70 [ 29.503233] kasan_save_track+0x18/0x40 [ 29.503892] kasan_save_alloc_info+0x3b/0x50 [ 29.504189] __kasan_kmalloc+0xb7/0xc0 [ 29.504715] __kmalloc_noprof+0x1c9/0x500 [ 29.504977] kunit_kmalloc_array+0x25/0x60 [ 29.505198] copy_user_test_oob+0xab/0x10f0 [ 29.505438] kunit_try_run_case+0x1a5/0x480 [ 29.505644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.505862] kthread+0x337/0x6f0 [ 29.506024] ret_from_fork+0x116/0x1d0 [ 29.506165] ret_from_fork_asm+0x1a/0x30 [ 29.506371] [ 29.506486] The buggy address belongs to the object at ffff888106258900 [ 29.506486] which belongs to the cache kmalloc-128 of size 128 [ 29.507056] The buggy address is located 0 bytes inside of [ 29.507056] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.507653] [ 29.507746] The buggy address belongs to the physical page: [ 29.508071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.508387] flags: 0x200000000000000(node=0|zone=2) [ 29.508659] page_type: f5(slab) [ 29.508828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.509262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.509562] page dumped because: kasan: bad access detected [ 29.509824] [ 29.509945] Memory state around the buggy address: [ 29.510412] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.510706] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.511509] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.512046] ^ [ 29.512585] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.512876] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.513201] ================================================================== [ 29.540217] ================================================================== [ 29.540623] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.540901] Read of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.541264] [ 29.541411] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.541487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.541503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.541529] Call Trace: [ 29.541552] <TASK> [ 29.541575] dump_stack_lvl+0x73/0xb0 [ 29.541606] print_report+0xd1/0x650 [ 29.541649] ? __virt_addr_valid+0x1db/0x2d0 [ 29.541675] ? copy_user_test_oob+0x604/0x10f0 [ 29.541700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.541729] ? copy_user_test_oob+0x604/0x10f0 [ 29.541756] kasan_report+0x141/0x180 [ 29.541781] ? copy_user_test_oob+0x604/0x10f0 [ 29.541811] kasan_check_range+0x10c/0x1c0 [ 29.541837] __kasan_check_read+0x15/0x20 [ 29.541863] copy_user_test_oob+0x604/0x10f0 [ 29.541890] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.541915] ? finish_task_switch.isra.0+0x153/0x700 [ 29.541939] ? __switch_to+0x47/0xf50 [ 29.541968] ? __schedule+0x10cc/0x2b60 [ 29.541994] ? __pfx_read_tsc+0x10/0x10 [ 29.542018] ? ktime_get_ts64+0x86/0x230 [ 29.542063] kunit_try_run_case+0x1a5/0x480 [ 29.542105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.542131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.542171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.542211] ? __kthread_parkme+0x82/0x180 [ 29.542235] ? preempt_count_sub+0x50/0x80 [ 29.542260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.542301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.542342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.542369] kthread+0x337/0x6f0 [ 29.542401] ? trace_preempt_on+0x20/0xc0 [ 29.542428] ? __pfx_kthread+0x10/0x10 [ 29.542450] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.542475] ? calculate_sigpending+0x7b/0xa0 [ 29.542502] ? __pfx_kthread+0x10/0x10 [ 29.542526] ret_from_fork+0x116/0x1d0 [ 29.542547] ? __pfx_kthread+0x10/0x10 [ 29.542571] ret_from_fork_asm+0x1a/0x30 [ 29.542604] </TASK> [ 29.542618] [ 29.550728] Allocated by task 334: [ 29.550948] kasan_save_stack+0x45/0x70 [ 29.551199] kasan_save_track+0x18/0x40 [ 29.551371] kasan_save_alloc_info+0x3b/0x50 [ 29.551610] __kasan_kmalloc+0xb7/0xc0 [ 29.551804] __kmalloc_noprof+0x1c9/0x500 [ 29.552016] kunit_kmalloc_array+0x25/0x60 [ 29.552275] copy_user_test_oob+0xab/0x10f0 [ 29.552532] kunit_try_run_case+0x1a5/0x480 [ 29.552758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.553009] kthread+0x337/0x6f0 [ 29.553192] ret_from_fork+0x116/0x1d0 [ 29.553402] ret_from_fork_asm+0x1a/0x30 [ 29.553640] [ 29.553745] The buggy address belongs to the object at ffff888106258900 [ 29.553745] which belongs to the cache kmalloc-128 of size 128 [ 29.554411] The buggy address is located 0 bytes inside of [ 29.554411] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.554986] [ 29.555109] The buggy address belongs to the physical page: [ 29.555381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.555744] flags: 0x200000000000000(node=0|zone=2) [ 29.556014] page_type: f5(slab) [ 29.556219] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.556601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.556986] page dumped because: kasan: bad access detected [ 29.557238] [ 29.557363] Memory state around the buggy address: [ 29.557571] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.557785] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.558178] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.558576] ^ [ 29.558782] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.559242] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.559549] ================================================================== [ 29.513998] ================================================================== [ 29.514290] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.515445] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.515781] [ 29.515905] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.515962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.515978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.516005] Call Trace: [ 29.516028] <TASK> [ 29.516051] dump_stack_lvl+0x73/0xb0 [ 29.516085] print_report+0xd1/0x650 [ 29.516111] ? __virt_addr_valid+0x1db/0x2d0 [ 29.516139] ? copy_user_test_oob+0x557/0x10f0 [ 29.516166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.516196] ? copy_user_test_oob+0x557/0x10f0 [ 29.516241] kasan_report+0x141/0x180 [ 29.516266] ? copy_user_test_oob+0x557/0x10f0 [ 29.516297] kasan_check_range+0x10c/0x1c0 [ 29.516324] __kasan_check_write+0x18/0x20 [ 29.516350] copy_user_test_oob+0x557/0x10f0 [ 29.516378] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.516416] ? finish_task_switch.isra.0+0x153/0x700 [ 29.516441] ? __switch_to+0x47/0xf50 [ 29.516470] ? __schedule+0x10cc/0x2b60 [ 29.516498] ? __pfx_read_tsc+0x10/0x10 [ 29.516522] ? ktime_get_ts64+0x86/0x230 [ 29.516550] kunit_try_run_case+0x1a5/0x480 [ 29.516582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.516609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.516635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.516663] ? __kthread_parkme+0x82/0x180 [ 29.516687] ? preempt_count_sub+0x50/0x80 [ 29.516713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.516741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.516768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.516796] kthread+0x337/0x6f0 [ 29.516821] ? trace_preempt_on+0x20/0xc0 [ 29.516849] ? __pfx_kthread+0x10/0x10 [ 29.516873] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.516898] ? calculate_sigpending+0x7b/0xa0 [ 29.516925] ? __pfx_kthread+0x10/0x10 [ 29.516950] ret_from_fork+0x116/0x1d0 [ 29.516972] ? __pfx_kthread+0x10/0x10 [ 29.516996] ret_from_fork_asm+0x1a/0x30 [ 29.517030] </TASK> [ 29.517045] [ 29.527158] Allocated by task 334: [ 29.527347] kasan_save_stack+0x45/0x70 [ 29.527557] kasan_save_track+0x18/0x40 [ 29.527744] kasan_save_alloc_info+0x3b/0x50 [ 29.528353] __kasan_kmalloc+0xb7/0xc0 [ 29.528611] __kmalloc_noprof+0x1c9/0x500 [ 29.528948] kunit_kmalloc_array+0x25/0x60 [ 29.529331] copy_user_test_oob+0xab/0x10f0 [ 29.529651] kunit_try_run_case+0x1a5/0x480 [ 29.530052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.530309] kthread+0x337/0x6f0 [ 29.530488] ret_from_fork+0x116/0x1d0 [ 29.530673] ret_from_fork_asm+0x1a/0x30 [ 29.530866] [ 29.530959] The buggy address belongs to the object at ffff888106258900 [ 29.530959] which belongs to the cache kmalloc-128 of size 128 [ 29.531802] The buggy address is located 0 bytes inside of [ 29.531802] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.532758] [ 29.533011] The buggy address belongs to the physical page: [ 29.533447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.534140] flags: 0x200000000000000(node=0|zone=2) [ 29.534549] page_type: f5(slab) [ 29.534719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.535345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.535844] page dumped because: kasan: bad access detected [ 29.536319] [ 29.536427] Memory state around the buggy address: [ 29.536787] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.537540] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.538029] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.538474] ^ [ 29.538910] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539205] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539499] ================================================================== [ 29.463405] ================================================================== [ 29.463762] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.464192] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.464502] [ 29.464632] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.464706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.464723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.464763] Call Trace: [ 29.464781] <TASK> [ 29.464805] dump_stack_lvl+0x73/0xb0 [ 29.464837] print_report+0xd1/0x650 [ 29.464865] ? __virt_addr_valid+0x1db/0x2d0 [ 29.464896] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.464924] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.464956] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.464983] kasan_report+0x141/0x180 [ 29.465021] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.465054] kasan_check_range+0x10c/0x1c0 [ 29.465095] __kasan_check_write+0x18/0x20 [ 29.465122] copy_user_test_oob+0x3fd/0x10f0 [ 29.465163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.465190] ? finish_task_switch.isra.0+0x153/0x700 [ 29.465217] ? __switch_to+0x47/0xf50 [ 29.465247] ? __schedule+0x10cc/0x2b60 [ 29.465275] ? __pfx_read_tsc+0x10/0x10 [ 29.465302] ? ktime_get_ts64+0x86/0x230 [ 29.465331] kunit_try_run_case+0x1a5/0x480 [ 29.465360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.465398] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.465428] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.465456] ? __kthread_parkme+0x82/0x180 [ 29.465481] ? preempt_count_sub+0x50/0x80 [ 29.465508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.465538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.465567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.465597] kthread+0x337/0x6f0 [ 29.465620] ? trace_preempt_on+0x20/0xc0 [ 29.465649] ? __pfx_kthread+0x10/0x10 [ 29.465674] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.465701] ? calculate_sigpending+0x7b/0xa0 [ 29.465730] ? __pfx_kthread+0x10/0x10 [ 29.465755] ret_from_fork+0x116/0x1d0 [ 29.465779] ? __pfx_kthread+0x10/0x10 [ 29.465803] ret_from_fork_asm+0x1a/0x30 [ 29.465840] </TASK> [ 29.465855] [ 29.475033] Allocated by task 334: [ 29.475237] kasan_save_stack+0x45/0x70 [ 29.475715] kasan_save_track+0x18/0x40 [ 29.476432] kasan_save_alloc_info+0x3b/0x50 [ 29.476823] __kasan_kmalloc+0xb7/0xc0 [ 29.477187] __kmalloc_noprof+0x1c9/0x500 [ 29.477630] kunit_kmalloc_array+0x25/0x60 [ 29.478053] copy_user_test_oob+0xab/0x10f0 [ 29.478276] kunit_try_run_case+0x1a5/0x480 [ 29.478500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.478758] kthread+0x337/0x6f0 [ 29.479000] ret_from_fork+0x116/0x1d0 [ 29.479190] ret_from_fork_asm+0x1a/0x30 [ 29.479399] [ 29.479481] The buggy address belongs to the object at ffff888106258900 [ 29.479481] which belongs to the cache kmalloc-128 of size 128 [ 29.480045] The buggy address is located 0 bytes inside of [ 29.480045] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.480483] [ 29.480564] The buggy address belongs to the physical page: [ 29.480755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.482515] flags: 0x200000000000000(node=0|zone=2) [ 29.483591] page_type: f5(slab) [ 29.483749] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.484594] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.484988] page dumped because: kasan: bad access detected [ 29.485270] [ 29.485349] Memory state around the buggy address: [ 29.485541] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.485835] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.486073] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.486383] ^ [ 29.487130] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.487384] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.487695] ==================================================================