Date
July 4, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.116139] ================================================================== [ 21.116199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.116294] Write of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.116398] [ 21.116475] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.116560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.116925] Hardware name: linux,dummy-virt (DT) [ 21.117021] Call trace: [ 21.117073] show_stack+0x20/0x38 (C) [ 21.117197] dump_stack_lvl+0x8c/0xd0 [ 21.117248] print_report+0x118/0x608 [ 21.117482] kasan_report+0xdc/0x128 [ 21.117550] kasan_check_range+0x100/0x1a8 [ 21.117618] __kasan_check_write+0x20/0x30 [ 21.117667] copy_user_test_oob+0x35c/0xec8 [ 21.117714] kunit_try_run_case+0x170/0x3f0 [ 21.117789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.117908] kthread+0x328/0x630 [ 21.117952] ret_from_fork+0x10/0x20 [ 21.118037] [ 21.118089] Allocated by task 285: [ 21.118373] kasan_save_stack+0x3c/0x68 [ 21.118487] kasan_save_track+0x20/0x40 [ 21.118547] kasan_save_alloc_info+0x40/0x58 [ 21.118592] __kasan_kmalloc+0xd4/0xd8 [ 21.118648] __kmalloc_noprof+0x198/0x4c8 [ 21.118714] kunit_kmalloc_array+0x34/0x88 [ 21.118781] copy_user_test_oob+0xac/0xec8 [ 21.118859] kunit_try_run_case+0x170/0x3f0 [ 21.118930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.119241] kthread+0x328/0x630 [ 21.119309] ret_from_fork+0x10/0x20 [ 21.119348] [ 21.119372] The buggy address belongs to the object at fff00000c6f35200 [ 21.119372] which belongs to the cache kmalloc-128 of size 128 [ 21.119522] The buggy address is located 0 bytes inside of [ 21.119522] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.119650] [ 21.119739] The buggy address belongs to the physical page: [ 21.120053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.120225] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.120336] page_type: f5(slab) [ 21.120424] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.120543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.120661] page dumped because: kasan: bad access detected [ 21.120837] [ 21.120917] Memory state around the buggy address: [ 21.120978] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.121023] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.121326] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.121409] ^ [ 21.121455] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.121801] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.122009] ================================================================== [ 21.128348] ================================================================== [ 21.128461] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.128515] Write of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.128660] [ 21.128693] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.128885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.128983] Hardware name: linux,dummy-virt (DT) [ 21.129042] Call trace: [ 21.129068] show_stack+0x20/0x38 (C) [ 21.129156] dump_stack_lvl+0x8c/0xd0 [ 21.129390] print_report+0x118/0x608 [ 21.129560] kasan_report+0xdc/0x128 [ 21.129611] kasan_check_range+0x100/0x1a8 [ 21.129877] __kasan_check_write+0x20/0x30 [ 21.130039] copy_user_test_oob+0x434/0xec8 [ 21.130093] kunit_try_run_case+0x170/0x3f0 [ 21.130143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.130236] kthread+0x328/0x630 [ 21.130357] ret_from_fork+0x10/0x20 [ 21.130572] [ 21.130669] Allocated by task 285: [ 21.130748] kasan_save_stack+0x3c/0x68 [ 21.130815] kasan_save_track+0x20/0x40 [ 21.130861] kasan_save_alloc_info+0x40/0x58 [ 21.130912] __kasan_kmalloc+0xd4/0xd8 [ 21.130977] __kmalloc_noprof+0x198/0x4c8 [ 21.131090] kunit_kmalloc_array+0x34/0x88 [ 21.131206] copy_user_test_oob+0xac/0xec8 [ 21.131257] kunit_try_run_case+0x170/0x3f0 [ 21.131296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.131349] kthread+0x328/0x630 [ 21.131383] ret_from_fork+0x10/0x20 [ 21.131419] [ 21.131656] The buggy address belongs to the object at fff00000c6f35200 [ 21.131656] which belongs to the cache kmalloc-128 of size 128 [ 21.131869] The buggy address is located 0 bytes inside of [ 21.131869] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.132081] [ 21.132476] The buggy address belongs to the physical page: [ 21.132590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.132855] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.133039] page_type: f5(slab) [ 21.133146] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.133199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.133457] page dumped because: kasan: bad access detected [ 21.133534] [ 21.133695] Memory state around the buggy address: [ 21.133790] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.133993] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.134364] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.134427] ^ [ 21.134472] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.134715] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.134867] ================================================================== [ 21.135692] ================================================================== [ 21.135743] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.135793] Read of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.135872] [ 21.135906] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.135986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.136013] Hardware name: linux,dummy-virt (DT) [ 21.136044] Call trace: [ 21.136068] show_stack+0x20/0x38 (C) [ 21.136117] dump_stack_lvl+0x8c/0xd0 [ 21.136165] print_report+0x118/0x608 [ 21.136329] kasan_report+0xdc/0x128 [ 21.136392] kasan_check_range+0x100/0x1a8 [ 21.136503] __kasan_check_read+0x20/0x30 [ 21.136551] copy_user_test_oob+0x4a0/0xec8 [ 21.136835] kunit_try_run_case+0x170/0x3f0 [ 21.137032] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.137101] kthread+0x328/0x630 [ 21.137205] ret_from_fork+0x10/0x20 [ 21.137254] [ 21.137304] Allocated by task 285: [ 21.137370] kasan_save_stack+0x3c/0x68 [ 21.137414] kasan_save_track+0x20/0x40 [ 21.137470] kasan_save_alloc_info+0x40/0x58 [ 21.137542] __kasan_kmalloc+0xd4/0xd8 [ 21.137642] __kmalloc_noprof+0x198/0x4c8 [ 21.137683] kunit_kmalloc_array+0x34/0x88 [ 21.137720] copy_user_test_oob+0xac/0xec8 [ 21.137777] kunit_try_run_case+0x170/0x3f0 [ 21.137978] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.138026] kthread+0x328/0x630 [ 21.138063] ret_from_fork+0x10/0x20 [ 21.138099] [ 21.138260] The buggy address belongs to the object at fff00000c6f35200 [ 21.138260] which belongs to the cache kmalloc-128 of size 128 [ 21.138400] The buggy address is located 0 bytes inside of [ 21.138400] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.138467] [ 21.138563] The buggy address belongs to the physical page: [ 21.138621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.138734] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.138800] page_type: f5(slab) [ 21.138851] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.138904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.139036] page dumped because: kasan: bad access detected [ 21.139069] [ 21.139091] Memory state around the buggy address: [ 21.139135] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.139185] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139230] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.139270] ^ [ 21.139313] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139357] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139397] ================================================================== [ 21.105473] ================================================================== [ 21.105535] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.105589] Read of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.105641] [ 21.105674] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.105931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.105970] Hardware name: linux,dummy-virt (DT) [ 21.106001] Call trace: [ 21.106053] show_stack+0x20/0x38 (C) [ 21.106127] dump_stack_lvl+0x8c/0xd0 [ 21.106205] print_report+0x118/0x608 [ 21.106260] kasan_report+0xdc/0x128 [ 21.106307] kasan_check_range+0x100/0x1a8 [ 21.106358] __kasan_check_read+0x20/0x30 [ 21.106405] copy_user_test_oob+0x728/0xec8 [ 21.106636] kunit_try_run_case+0x170/0x3f0 [ 21.106733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.106846] kthread+0x328/0x630 [ 21.106950] ret_from_fork+0x10/0x20 [ 21.107205] [ 21.107231] Allocated by task 285: [ 21.107265] kasan_save_stack+0x3c/0x68 [ 21.107309] kasan_save_track+0x20/0x40 [ 21.107350] kasan_save_alloc_info+0x40/0x58 [ 21.107751] __kasan_kmalloc+0xd4/0xd8 [ 21.107923] __kmalloc_noprof+0x198/0x4c8 [ 21.108226] kunit_kmalloc_array+0x34/0x88 [ 21.108266] copy_user_test_oob+0xac/0xec8 [ 21.108524] kunit_try_run_case+0x170/0x3f0 [ 21.108703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.108850] kthread+0x328/0x630 [ 21.108886] ret_from_fork+0x10/0x20 [ 21.108936] [ 21.108966] The buggy address belongs to the object at fff00000c6f35200 [ 21.108966] which belongs to the cache kmalloc-128 of size 128 [ 21.109026] The buggy address is located 0 bytes inside of [ 21.109026] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.109098] [ 21.109122] The buggy address belongs to the physical page: [ 21.109159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.109227] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.109275] page_type: f5(slab) [ 21.109324] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.109402] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.109445] page dumped because: kasan: bad access detected [ 21.109480] [ 21.109509] Memory state around the buggy address: [ 21.109543] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.109588] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.109633] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.109675] ^ [ 21.109716] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.109781] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.110369] ================================================================== [ 21.122912] ================================================================== [ 21.123048] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.123121] Read of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.123255] [ 21.123432] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.123518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.123545] Hardware name: linux,dummy-virt (DT) [ 21.123614] Call trace: [ 21.123637] show_stack+0x20/0x38 (C) [ 21.123687] dump_stack_lvl+0x8c/0xd0 [ 21.123945] print_report+0x118/0x608 [ 21.124065] kasan_report+0xdc/0x128 [ 21.124190] kasan_check_range+0x100/0x1a8 [ 21.124324] __kasan_check_read+0x20/0x30 [ 21.124478] copy_user_test_oob+0x3c8/0xec8 [ 21.124546] kunit_try_run_case+0x170/0x3f0 [ 21.124597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.124649] kthread+0x328/0x630 [ 21.124696] ret_from_fork+0x10/0x20 [ 21.124748] [ 21.124788] Allocated by task 285: [ 21.124828] kasan_save_stack+0x3c/0x68 [ 21.124870] kasan_save_track+0x20/0x40 [ 21.124917] kasan_save_alloc_info+0x40/0x58 [ 21.124969] __kasan_kmalloc+0xd4/0xd8 [ 21.125016] __kmalloc_noprof+0x198/0x4c8 [ 21.125056] kunit_kmalloc_array+0x34/0x88 [ 21.125100] copy_user_test_oob+0xac/0xec8 [ 21.125140] kunit_try_run_case+0x170/0x3f0 [ 21.125178] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.125225] kthread+0x328/0x630 [ 21.125270] ret_from_fork+0x10/0x20 [ 21.125321] [ 21.125352] The buggy address belongs to the object at fff00000c6f35200 [ 21.125352] which belongs to the cache kmalloc-128 of size 128 [ 21.125418] The buggy address is located 0 bytes inside of [ 21.125418] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.125487] [ 21.125522] The buggy address belongs to the physical page: [ 21.125555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.125605] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.125653] page_type: f5(slab) [ 21.125711] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.125768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.126453] page dumped because: kasan: bad access detected [ 21.126627] [ 21.126760] Memory state around the buggy address: [ 21.126838] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.127126] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.127174] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.127215] ^ [ 21.127258] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.127301] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.127341] ================================================================== [ 21.095974] ================================================================== [ 21.096098] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.096236] Write of size 121 at addr fff00000c6f35200 by task kunit_try_catch/285 [ 21.096340] [ 21.096386] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.096601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.096637] Hardware name: linux,dummy-virt (DT) [ 21.096695] Call trace: [ 21.096786] show_stack+0x20/0x38 (C) [ 21.096908] dump_stack_lvl+0x8c/0xd0 [ 21.096981] print_report+0x118/0x608 [ 21.097055] kasan_report+0xdc/0x128 [ 21.097102] kasan_check_range+0x100/0x1a8 [ 21.097153] __kasan_check_write+0x20/0x30 [ 21.097339] copy_user_test_oob+0x234/0xec8 [ 21.097426] kunit_try_run_case+0x170/0x3f0 [ 21.097519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.097601] kthread+0x328/0x630 [ 21.097676] ret_from_fork+0x10/0x20 [ 21.097747] [ 21.097779] Allocated by task 285: [ 21.097822] kasan_save_stack+0x3c/0x68 [ 21.097877] kasan_save_track+0x20/0x40 [ 21.097916] kasan_save_alloc_info+0x40/0x58 [ 21.098113] __kasan_kmalloc+0xd4/0xd8 [ 21.098166] __kmalloc_noprof+0x198/0x4c8 [ 21.098211] kunit_kmalloc_array+0x34/0x88 [ 21.098314] copy_user_test_oob+0xac/0xec8 [ 21.098381] kunit_try_run_case+0x170/0x3f0 [ 21.098426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.098489] kthread+0x328/0x630 [ 21.098524] ret_from_fork+0x10/0x20 [ 21.098560] [ 21.098584] The buggy address belongs to the object at fff00000c6f35200 [ 21.098584] which belongs to the cache kmalloc-128 of size 128 [ 21.098827] The buggy address is located 0 bytes inside of [ 21.098827] allocated 120-byte region [fff00000c6f35200, fff00000c6f35278) [ 21.098903] [ 21.098943] The buggy address belongs to the physical page: [ 21.099082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f35 [ 21.099216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.099350] page_type: f5(slab) [ 21.099395] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.099446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.099489] page dumped because: kasan: bad access detected [ 21.099636] [ 21.099662] Memory state around the buggy address: [ 21.099699] fff00000c6f35100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.099746] fff00000c6f35180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.099791] >fff00000c6f35200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.099886] ^ [ 21.099977] fff00000c6f35280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.100030] fff00000c6f35300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.100118] ==================================================================
[ 16.192580] ================================================================== [ 16.192903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.193195] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.193518] [ 16.193645] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.193692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.193706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.193729] Call Trace: [ 16.193751] <TASK> [ 16.193771] dump_stack_lvl+0x73/0xb0 [ 16.193800] print_report+0xd1/0x650 [ 16.193824] ? __virt_addr_valid+0x1db/0x2d0 [ 16.193847] ? copy_user_test_oob+0x557/0x10f0 [ 16.193870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.193892] ? copy_user_test_oob+0x557/0x10f0 [ 16.193915] kasan_report+0x141/0x180 [ 16.193937] ? copy_user_test_oob+0x557/0x10f0 [ 16.193965] kasan_check_range+0x10c/0x1c0 [ 16.193992] __kasan_check_write+0x18/0x20 [ 16.194012] copy_user_test_oob+0x557/0x10f0 [ 16.194038] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.194059] ? finish_task_switch.isra.0+0x153/0x700 [ 16.194082] ? __switch_to+0x47/0xf50 [ 16.194108] ? __schedule+0x10cc/0x2b60 [ 16.194130] ? __pfx_read_tsc+0x10/0x10 [ 16.194152] ? ktime_get_ts64+0x86/0x230 [ 16.194178] kunit_try_run_case+0x1a5/0x480 [ 16.194204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.194238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.194262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.194285] ? __kthread_parkme+0x82/0x180 [ 16.194307] ? preempt_count_sub+0x50/0x80 [ 16.194330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.194353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.194376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.194401] kthread+0x337/0x6f0 [ 16.194420] ? trace_preempt_on+0x20/0xc0 [ 16.194443] ? __pfx_kthread+0x10/0x10 [ 16.194464] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.194485] ? calculate_sigpending+0x7b/0xa0 [ 16.194510] ? __pfx_kthread+0x10/0x10 [ 16.194531] ret_from_fork+0x116/0x1d0 [ 16.194550] ? __pfx_kthread+0x10/0x10 [ 16.194571] ret_from_fork_asm+0x1a/0x30 [ 16.194602] </TASK> [ 16.194614] [ 16.201756] Allocated by task 302: [ 16.201960] kasan_save_stack+0x45/0x70 [ 16.202171] kasan_save_track+0x18/0x40 [ 16.202377] kasan_save_alloc_info+0x3b/0x50 [ 16.202595] __kasan_kmalloc+0xb7/0xc0 [ 16.202787] __kmalloc_noprof+0x1c9/0x500 [ 16.202988] kunit_kmalloc_array+0x25/0x60 [ 16.203158] copy_user_test_oob+0xab/0x10f0 [ 16.203357] kunit_try_run_case+0x1a5/0x480 [ 16.203567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.203741] kthread+0x337/0x6f0 [ 16.203864] ret_from_fork+0x116/0x1d0 [ 16.204056] ret_from_fork_asm+0x1a/0x30 [ 16.204274] [ 16.204379] The buggy address belongs to the object at ffff888103980f00 [ 16.204379] which belongs to the cache kmalloc-128 of size 128 [ 16.205022] The buggy address is located 0 bytes inside of [ 16.205022] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.205461] [ 16.205538] The buggy address belongs to the physical page: [ 16.205716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.205959] flags: 0x200000000000000(node=0|zone=2) [ 16.206131] page_type: f5(slab) [ 16.206285] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.206628] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.206967] page dumped because: kasan: bad access detected [ 16.207229] [ 16.207395] Memory state around the buggy address: [ 16.207562] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.207778] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.207994] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.208208] ^ [ 16.208432] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.208651] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.208995] ================================================================== [ 16.156574] ================================================================== [ 16.156986] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.157325] Write of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.157613] [ 16.157734] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.157786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.157799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.157825] Call Trace: [ 16.157842] <TASK> [ 16.157862] dump_stack_lvl+0x73/0xb0 [ 16.157893] print_report+0xd1/0x650 [ 16.157915] ? __virt_addr_valid+0x1db/0x2d0 [ 16.157939] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.157962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.157984] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.158008] kasan_report+0x141/0x180 [ 16.158029] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.158058] kasan_check_range+0x10c/0x1c0 [ 16.158082] __kasan_check_write+0x18/0x20 [ 16.158103] copy_user_test_oob+0x3fd/0x10f0 [ 16.158128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.158153] ? finish_task_switch.isra.0+0x153/0x700 [ 16.158177] ? __switch_to+0x47/0xf50 [ 16.158203] ? __schedule+0x10cc/0x2b60 [ 16.158240] ? __pfx_read_tsc+0x10/0x10 [ 16.158274] ? ktime_get_ts64+0x86/0x230 [ 16.158298] kunit_try_run_case+0x1a5/0x480 [ 16.158324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.158347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.158371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.158394] ? __kthread_parkme+0x82/0x180 [ 16.158416] ? preempt_count_sub+0x50/0x80 [ 16.158438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.158462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.158485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.158508] kthread+0x337/0x6f0 [ 16.158527] ? trace_preempt_on+0x20/0xc0 [ 16.158551] ? __pfx_kthread+0x10/0x10 [ 16.158573] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.158594] ? calculate_sigpending+0x7b/0xa0 [ 16.158618] ? __pfx_kthread+0x10/0x10 [ 16.158640] ret_from_fork+0x116/0x1d0 [ 16.158659] ? __pfx_kthread+0x10/0x10 [ 16.158680] ret_from_fork_asm+0x1a/0x30 [ 16.158711] </TASK> [ 16.158723] [ 16.165871] Allocated by task 302: [ 16.166031] kasan_save_stack+0x45/0x70 [ 16.166263] kasan_save_track+0x18/0x40 [ 16.166462] kasan_save_alloc_info+0x3b/0x50 [ 16.166679] __kasan_kmalloc+0xb7/0xc0 [ 16.166868] __kmalloc_noprof+0x1c9/0x500 [ 16.167075] kunit_kmalloc_array+0x25/0x60 [ 16.167315] copy_user_test_oob+0xab/0x10f0 [ 16.167534] kunit_try_run_case+0x1a5/0x480 [ 16.167699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.167946] kthread+0x337/0x6f0 [ 16.168118] ret_from_fork+0x116/0x1d0 [ 16.168275] ret_from_fork_asm+0x1a/0x30 [ 16.168479] [ 16.168581] The buggy address belongs to the object at ffff888103980f00 [ 16.168581] which belongs to the cache kmalloc-128 of size 128 [ 16.169054] The buggy address is located 0 bytes inside of [ 16.169054] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.169619] [ 16.169728] The buggy address belongs to the physical page: [ 16.169928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.170253] flags: 0x200000000000000(node=0|zone=2) [ 16.170498] page_type: f5(slab) [ 16.170624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.170857] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.171084] page dumped because: kasan: bad access detected [ 16.171396] [ 16.171491] Memory state around the buggy address: [ 16.171717] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.172030] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.172365] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.172582] ^ [ 16.172803] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.173020] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.173456] ================================================================== [ 16.174136] ================================================================== [ 16.174900] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.175237] Read of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.175544] [ 16.175637] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.175684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.175697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.175721] Call Trace: [ 16.175742] <TASK> [ 16.175764] dump_stack_lvl+0x73/0xb0 [ 16.175794] print_report+0xd1/0x650 [ 16.175817] ? __virt_addr_valid+0x1db/0x2d0 [ 16.175841] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175863] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.175886] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175910] kasan_report+0x141/0x180 [ 16.175932] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.175960] kasan_check_range+0x10c/0x1c0 [ 16.175983] __kasan_check_read+0x15/0x20 [ 16.176003] copy_user_test_oob+0x4aa/0x10f0 [ 16.176028] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.176053] ? finish_task_switch.isra.0+0x153/0x700 [ 16.176076] ? __switch_to+0x47/0xf50 [ 16.176101] ? __schedule+0x10cc/0x2b60 [ 16.176124] ? __pfx_read_tsc+0x10/0x10 [ 16.176146] ? ktime_get_ts64+0x86/0x230 [ 16.176171] kunit_try_run_case+0x1a5/0x480 [ 16.176196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.176230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.176255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.176277] ? __kthread_parkme+0x82/0x180 [ 16.176299] ? preempt_count_sub+0x50/0x80 [ 16.176333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.176357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.176380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.176403] kthread+0x337/0x6f0 [ 16.176423] ? trace_preempt_on+0x20/0xc0 [ 16.176447] ? __pfx_kthread+0x10/0x10 [ 16.176469] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.176490] ? calculate_sigpending+0x7b/0xa0 [ 16.176514] ? __pfx_kthread+0x10/0x10 [ 16.176536] ret_from_fork+0x116/0x1d0 [ 16.176555] ? __pfx_kthread+0x10/0x10 [ 16.176576] ret_from_fork_asm+0x1a/0x30 [ 16.176607] </TASK> [ 16.176619] [ 16.183925] Allocated by task 302: [ 16.184132] kasan_save_stack+0x45/0x70 [ 16.184370] kasan_save_track+0x18/0x40 [ 16.184506] kasan_save_alloc_info+0x3b/0x50 [ 16.184655] __kasan_kmalloc+0xb7/0xc0 [ 16.184794] __kmalloc_noprof+0x1c9/0x500 [ 16.184935] kunit_kmalloc_array+0x25/0x60 [ 16.185079] copy_user_test_oob+0xab/0x10f0 [ 16.185236] kunit_try_run_case+0x1a5/0x480 [ 16.185443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.185696] kthread+0x337/0x6f0 [ 16.185866] ret_from_fork+0x116/0x1d0 [ 16.186056] ret_from_fork_asm+0x1a/0x30 [ 16.186417] [ 16.186515] The buggy address belongs to the object at ffff888103980f00 [ 16.186515] which belongs to the cache kmalloc-128 of size 128 [ 16.187001] The buggy address is located 0 bytes inside of [ 16.187001] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.187658] [ 16.187760] The buggy address belongs to the physical page: [ 16.188017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.188431] flags: 0x200000000000000(node=0|zone=2) [ 16.188599] page_type: f5(slab) [ 16.188724] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.189076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.189643] page dumped because: kasan: bad access detected [ 16.189870] [ 16.189952] Memory state around the buggy address: [ 16.190145] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.190486] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.190788] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.191073] ^ [ 16.191389] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.191673] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.191956] ================================================================== [ 16.209685] ================================================================== [ 16.210038] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.210394] Read of size 121 at addr ffff888103980f00 by task kunit_try_catch/302 [ 16.210847] [ 16.210967] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.211014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.211027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.211051] Call Trace: [ 16.211072] <TASK> [ 16.211092] dump_stack_lvl+0x73/0xb0 [ 16.211123] print_report+0xd1/0x650 [ 16.211146] ? __virt_addr_valid+0x1db/0x2d0 [ 16.211170] ? copy_user_test_oob+0x604/0x10f0 [ 16.211193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.211214] ? copy_user_test_oob+0x604/0x10f0 [ 16.211251] kasan_report+0x141/0x180 [ 16.211274] ? copy_user_test_oob+0x604/0x10f0 [ 16.211301] kasan_check_range+0x10c/0x1c0 [ 16.211325] __kasan_check_read+0x15/0x20 [ 16.211343] copy_user_test_oob+0x604/0x10f0 [ 16.211369] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.211391] ? finish_task_switch.isra.0+0x153/0x700 [ 16.211414] ? __switch_to+0x47/0xf50 [ 16.211441] ? __schedule+0x10cc/0x2b60 [ 16.211463] ? __pfx_read_tsc+0x10/0x10 [ 16.211484] ? ktime_get_ts64+0x86/0x230 [ 16.211508] kunit_try_run_case+0x1a5/0x480 [ 16.211534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.211556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.211580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.211603] ? __kthread_parkme+0x82/0x180 [ 16.211624] ? preempt_count_sub+0x50/0x80 [ 16.211647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.211671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.211694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.211717] kthread+0x337/0x6f0 [ 16.211745] ? trace_preempt_on+0x20/0xc0 [ 16.211768] ? __pfx_kthread+0x10/0x10 [ 16.211789] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.211810] ? calculate_sigpending+0x7b/0xa0 [ 16.211835] ? __pfx_kthread+0x10/0x10 [ 16.211856] ret_from_fork+0x116/0x1d0 [ 16.211875] ? __pfx_kthread+0x10/0x10 [ 16.211895] ret_from_fork_asm+0x1a/0x30 [ 16.211927] </TASK> [ 16.211940] [ 16.223337] Allocated by task 302: [ 16.223516] kasan_save_stack+0x45/0x70 [ 16.223682] kasan_save_track+0x18/0x40 [ 16.223828] kasan_save_alloc_info+0x3b/0x50 [ 16.223977] __kasan_kmalloc+0xb7/0xc0 [ 16.224110] __kmalloc_noprof+0x1c9/0x500 [ 16.224426] kunit_kmalloc_array+0x25/0x60 [ 16.227238] copy_user_test_oob+0xab/0x10f0 [ 16.227496] kunit_try_run_case+0x1a5/0x480 [ 16.227699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.227920] kthread+0x337/0x6f0 [ 16.228077] ret_from_fork+0x116/0x1d0 [ 16.228275] ret_from_fork_asm+0x1a/0x30 [ 16.228425] [ 16.228502] The buggy address belongs to the object at ffff888103980f00 [ 16.228502] which belongs to the cache kmalloc-128 of size 128 [ 16.228969] The buggy address is located 0 bytes inside of [ 16.228969] allocated 120-byte region [ffff888103980f00, ffff888103980f78) [ 16.229768] [ 16.229850] The buggy address belongs to the physical page: [ 16.230091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 16.230478] flags: 0x200000000000000(node=0|zone=2) [ 16.230696] page_type: f5(slab) [ 16.230821] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.231123] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.231624] page dumped because: kasan: bad access detected [ 16.231859] [ 16.231932] Memory state around the buggy address: [ 16.232117] ffff888103980e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.232504] ffff888103980e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.232805] >ffff888103980f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.233097] ^ [ 16.233402] ffff888103980f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.233705] ffff888103981000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.233954] ==================================================================