Date
July 5, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.131520] ================================================================== [ 23.131811] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 23.131942] Read of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.132146] [ 23.132227] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.132429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.132496] Hardware name: linux,dummy-virt (DT) [ 23.132573] Call trace: [ 23.132627] show_stack+0x20/0x38 (C) [ 23.132739] dump_stack_lvl+0x8c/0xd0 [ 23.132857] print_report+0x118/0x608 [ 23.132964] kasan_report+0xdc/0x128 [ 23.133072] kasan_check_range+0x100/0x1a8 [ 23.133182] __kasan_check_read+0x20/0x30 [ 23.133288] copy_user_test_oob+0x3c8/0xec8 [ 23.133413] kunit_try_run_case+0x170/0x3f0 [ 23.133530] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.133651] kthread+0x328/0x630 [ 23.133754] ret_from_fork+0x10/0x20 [ 23.133860] [ 23.133909] Allocated by task 286: [ 23.133979] kasan_save_stack+0x3c/0x68 [ 23.135120] kasan_save_track+0x20/0x40 [ 23.135323] kasan_save_alloc_info+0x40/0x58 [ 23.135519] __kasan_kmalloc+0xd4/0xd8 [ 23.135837] __kmalloc_noprof+0x198/0x4c8 [ 23.135923] kunit_kmalloc_array+0x34/0x88 [ 23.136001] copy_user_test_oob+0xac/0xec8 [ 23.136085] kunit_try_run_case+0x170/0x3f0 [ 23.136179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.136411] kthread+0x328/0x630 [ 23.136674] ret_from_fork+0x10/0x20 [ 23.136811] [ 23.136862] The buggy address belongs to the object at fff00000c56e5100 [ 23.136862] which belongs to the cache kmalloc-128 of size 128 [ 23.136993] The buggy address is located 0 bytes inside of [ 23.136993] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.137139] [ 23.137189] The buggy address belongs to the physical page: [ 23.137263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.137389] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.137493] page_type: f5(slab) [ 23.137582] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.137700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.137799] page dumped because: kasan: bad access detected [ 23.137909] [ 23.137959] Memory state around the buggy address: [ 23.138519] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.139089] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.139206] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.139286] ^ [ 23.139397] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.139493] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.139585] ================================================================== [ 23.121427] ================================================================== [ 23.121549] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 23.121671] Write of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.121789] [ 23.121859] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.122048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.122103] Hardware name: linux,dummy-virt (DT) [ 23.122168] Call trace: [ 23.122598] show_stack+0x20/0x38 (C) [ 23.122886] dump_stack_lvl+0x8c/0xd0 [ 23.123029] print_report+0x118/0x608 [ 23.123127] kasan_report+0xdc/0x128 [ 23.123377] kasan_check_range+0x100/0x1a8 [ 23.123475] __kasan_check_write+0x20/0x30 [ 23.123569] copy_user_test_oob+0x35c/0xec8 [ 23.123843] kunit_try_run_case+0x170/0x3f0 [ 23.124002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.124163] kthread+0x328/0x630 [ 23.124711] ret_from_fork+0x10/0x20 [ 23.124902] [ 23.124982] Allocated by task 286: [ 23.125050] kasan_save_stack+0x3c/0x68 [ 23.125147] kasan_save_track+0x20/0x40 [ 23.125222] kasan_save_alloc_info+0x40/0x58 [ 23.125315] __kasan_kmalloc+0xd4/0xd8 [ 23.125423] __kmalloc_noprof+0x198/0x4c8 [ 23.125512] kunit_kmalloc_array+0x34/0x88 [ 23.125601] copy_user_test_oob+0xac/0xec8 [ 23.125687] kunit_try_run_case+0x170/0x3f0 [ 23.125776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.125876] kthread+0x328/0x630 [ 23.125957] ret_from_fork+0x10/0x20 [ 23.126402] [ 23.126618] The buggy address belongs to the object at fff00000c56e5100 [ 23.126618] which belongs to the cache kmalloc-128 of size 128 [ 23.127183] The buggy address is located 0 bytes inside of [ 23.127183] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.127768] [ 23.127810] The buggy address belongs to the physical page: [ 23.127852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.127946] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.128000] page_type: f5(slab) [ 23.128041] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.128094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.128136] page dumped because: kasan: bad access detected [ 23.128171] [ 23.128192] Memory state around the buggy address: [ 23.128228] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.128272] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.128317] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.128376] ^ [ 23.128467] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.128567] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.128806] ================================================================== [ 23.082513] ================================================================== [ 23.082748] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 23.082885] Write of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.082998] [ 23.083106] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.083343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.083451] Hardware name: linux,dummy-virt (DT) [ 23.083559] Call trace: [ 23.083639] show_stack+0x20/0x38 (C) [ 23.083802] dump_stack_lvl+0x8c/0xd0 [ 23.083960] print_report+0x118/0x608 [ 23.084090] kasan_report+0xdc/0x128 [ 23.084204] kasan_check_range+0x100/0x1a8 [ 23.084371] __kasan_check_write+0x20/0x30 [ 23.084465] copy_user_test_oob+0x234/0xec8 [ 23.084564] kunit_try_run_case+0x170/0x3f0 [ 23.085068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.085447] kthread+0x328/0x630 [ 23.085617] ret_from_fork+0x10/0x20 [ 23.085732] [ 23.085778] Allocated by task 286: [ 23.085845] kasan_save_stack+0x3c/0x68 [ 23.085932] kasan_save_track+0x20/0x40 [ 23.086067] kasan_save_alloc_info+0x40/0x58 [ 23.086296] __kasan_kmalloc+0xd4/0xd8 [ 23.086649] __kmalloc_noprof+0x198/0x4c8 [ 23.086775] kunit_kmalloc_array+0x34/0x88 [ 23.086888] copy_user_test_oob+0xac/0xec8 [ 23.086993] kunit_try_run_case+0x170/0x3f0 [ 23.087105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.087219] kthread+0x328/0x630 [ 23.087327] ret_from_fork+0x10/0x20 [ 23.087438] [ 23.087500] The buggy address belongs to the object at fff00000c56e5100 [ 23.087500] which belongs to the cache kmalloc-128 of size 128 [ 23.087932] The buggy address is located 0 bytes inside of [ 23.087932] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.088078] [ 23.088132] The buggy address belongs to the physical page: [ 23.088254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.088393] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.088511] page_type: f5(slab) [ 23.088606] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.088721] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.088819] page dumped because: kasan: bad access detected [ 23.088897] [ 23.088940] Memory state around the buggy address: [ 23.089016] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.089122] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.089224] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.089315] ^ [ 23.089425] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.089611] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.089909] ================================================================== [ 23.100287] ================================================================== [ 23.100428] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 23.100551] Read of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.100671] [ 23.100743] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.100936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.101001] Hardware name: linux,dummy-virt (DT) [ 23.101073] Call trace: [ 23.101125] show_stack+0x20/0x38 (C) [ 23.101235] dump_stack_lvl+0x8c/0xd0 [ 23.101344] print_report+0x118/0x608 [ 23.101453] kasan_report+0xdc/0x128 [ 23.101562] kasan_check_range+0x100/0x1a8 [ 23.101676] __kasan_check_read+0x20/0x30 [ 23.101781] copy_user_test_oob+0x728/0xec8 [ 23.101886] kunit_try_run_case+0x170/0x3f0 [ 23.102336] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.102730] kthread+0x328/0x630 [ 23.102901] ret_from_fork+0x10/0x20 [ 23.103057] [ 23.103116] Allocated by task 286: [ 23.103410] kasan_save_stack+0x3c/0x68 [ 23.103611] kasan_save_track+0x20/0x40 [ 23.103695] kasan_save_alloc_info+0x40/0x58 [ 23.103783] __kasan_kmalloc+0xd4/0xd8 [ 23.103889] __kmalloc_noprof+0x198/0x4c8 [ 23.104020] kunit_kmalloc_array+0x34/0x88 [ 23.104127] copy_user_test_oob+0xac/0xec8 [ 23.104219] kunit_try_run_case+0x170/0x3f0 [ 23.104303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.104421] kthread+0x328/0x630 [ 23.104502] ret_from_fork+0x10/0x20 [ 23.104588] [ 23.104646] The buggy address belongs to the object at fff00000c56e5100 [ 23.104646] which belongs to the cache kmalloc-128 of size 128 [ 23.104766] The buggy address is located 0 bytes inside of [ 23.104766] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.105298] [ 23.105501] The buggy address belongs to the physical page: [ 23.105582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.105707] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.105813] page_type: f5(slab) [ 23.105904] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.106060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.106453] page dumped because: kasan: bad access detected [ 23.106567] [ 23.106736] Memory state around the buggy address: [ 23.106816] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.107018] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.107153] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.107293] ^ [ 23.107457] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.107610] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.107752] ================================================================== [ 23.140500] ================================================================== [ 23.140633] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 23.140756] Write of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.140872] [ 23.140944] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.141136] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.141204] Hardware name: linux,dummy-virt (DT) [ 23.141276] Call trace: [ 23.141329] show_stack+0x20/0x38 (C) [ 23.141461] dump_stack_lvl+0x8c/0xd0 [ 23.141577] print_report+0x118/0x608 [ 23.141687] kasan_report+0xdc/0x128 [ 23.141790] kasan_check_range+0x100/0x1a8 [ 23.141902] __kasan_check_write+0x20/0x30 [ 23.142017] copy_user_test_oob+0x434/0xec8 [ 23.142133] kunit_try_run_case+0x170/0x3f0 [ 23.142246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.144073] kthread+0x328/0x630 [ 23.144228] ret_from_fork+0x10/0x20 [ 23.144514] [ 23.144629] Allocated by task 286: [ 23.144859] kasan_save_stack+0x3c/0x68 [ 23.145210] kasan_save_track+0x20/0x40 [ 23.145304] kasan_save_alloc_info+0x40/0x58 [ 23.145670] __kasan_kmalloc+0xd4/0xd8 [ 23.145923] __kmalloc_noprof+0x198/0x4c8 [ 23.146027] kunit_kmalloc_array+0x34/0x88 [ 23.146123] copy_user_test_oob+0xac/0xec8 [ 23.146408] kunit_try_run_case+0x170/0x3f0 [ 23.146639] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.146766] kthread+0x328/0x630 [ 23.146873] ret_from_fork+0x10/0x20 [ 23.146976] [ 23.147020] The buggy address belongs to the object at fff00000c56e5100 [ 23.147020] which belongs to the cache kmalloc-128 of size 128 [ 23.147158] The buggy address is located 0 bytes inside of [ 23.147158] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.147298] [ 23.147349] The buggy address belongs to the physical page: [ 23.147490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.147668] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.147782] page_type: f5(slab) [ 23.147878] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.148049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.148192] page dumped because: kasan: bad access detected [ 23.148304] [ 23.148394] Memory state around the buggy address: [ 23.148475] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.148577] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.148682] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.148785] ^ [ 23.148931] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.149080] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.149214] ================================================================== [ 23.150524] ================================================================== [ 23.150665] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 23.150799] Read of size 121 at addr fff00000c56e5100 by task kunit_try_catch/286 [ 23.150911] [ 23.150983] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 23.151218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.151278] Hardware name: linux,dummy-virt (DT) [ 23.151347] Call trace: [ 23.151424] show_stack+0x20/0x38 (C) [ 23.151543] dump_stack_lvl+0x8c/0xd0 [ 23.151707] print_report+0x118/0x608 [ 23.151831] kasan_report+0xdc/0x128 [ 23.151993] kasan_check_range+0x100/0x1a8 [ 23.152149] __kasan_check_read+0x20/0x30 [ 23.152303] copy_user_test_oob+0x4a0/0xec8 [ 23.152469] kunit_try_run_case+0x170/0x3f0 [ 23.152630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.152752] kthread+0x328/0x630 [ 23.152855] ret_from_fork+0x10/0x20 [ 23.152965] [ 23.153014] Allocated by task 286: [ 23.153080] kasan_save_stack+0x3c/0x68 [ 23.153179] kasan_save_track+0x20/0x40 [ 23.153268] kasan_save_alloc_info+0x40/0x58 [ 23.153383] __kasan_kmalloc+0xd4/0xd8 [ 23.153514] __kmalloc_noprof+0x198/0x4c8 [ 23.153642] kunit_kmalloc_array+0x34/0x88 [ 23.153765] copy_user_test_oob+0xac/0xec8 [ 23.153895] kunit_try_run_case+0x170/0x3f0 [ 23.154053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.154151] kthread+0x328/0x630 [ 23.154255] ret_from_fork+0x10/0x20 [ 23.154368] [ 23.154450] The buggy address belongs to the object at fff00000c56e5100 [ 23.154450] which belongs to the cache kmalloc-128 of size 128 [ 23.154600] The buggy address is located 0 bytes inside of [ 23.154600] allocated 120-byte region [fff00000c56e5100, fff00000c56e5178) [ 23.154783] [ 23.154830] The buggy address belongs to the physical page: [ 23.154926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e5 [ 23.155077] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.155227] page_type: f5(slab) [ 23.155319] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.155447] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.155534] page dumped because: kasan: bad access detected [ 23.155606] [ 23.155655] Memory state around the buggy address: [ 23.155778] fff00000c56e5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.155884] fff00000c56e5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.155969] >fff00000c56e5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.156074] ^ [ 23.156178] fff00000c56e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.156281] fff00000c56e5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.156436] ==================================================================
[ 18.479016] ================================================================== [ 18.479435] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 18.479918] Write of size 121 at addr ffff888103332c00 by task kunit_try_catch/303 [ 18.480326] [ 18.480475] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.480532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.480550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.480579] Call Trace: [ 18.480603] <TASK> [ 18.480626] dump_stack_lvl+0x73/0xb0 [ 18.480674] print_report+0xd1/0x650 [ 18.480702] ? __virt_addr_valid+0x1db/0x2d0 [ 18.480731] ? copy_user_test_oob+0x557/0x10f0 [ 18.480785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.480816] ? copy_user_test_oob+0x557/0x10f0 [ 18.480846] kasan_report+0x141/0x180 [ 18.480874] ? copy_user_test_oob+0x557/0x10f0 [ 18.480910] kasan_check_range+0x10c/0x1c0 [ 18.480940] __kasan_check_write+0x18/0x20 [ 18.480965] copy_user_test_oob+0x557/0x10f0 [ 18.480998] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.481026] ? finish_task_switch.isra.0+0x153/0x700 [ 18.481054] ? __switch_to+0x47/0xf50 [ 18.481086] ? __schedule+0x10cc/0x2b60 [ 18.481114] ? __pfx_read_tsc+0x10/0x10 [ 18.481141] ? ktime_get_ts64+0x86/0x230 [ 18.481172] kunit_try_run_case+0x1a5/0x480 [ 18.481202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.481230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.481259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.481289] ? __kthread_parkme+0x82/0x180 [ 18.481315] ? preempt_count_sub+0x50/0x80 [ 18.481344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.481376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.481404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.481434] kthread+0x337/0x6f0 [ 18.481459] ? trace_preempt_on+0x20/0xc0 [ 18.481489] ? __pfx_kthread+0x10/0x10 [ 18.481520] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.481549] ? calculate_sigpending+0x7b/0xa0 [ 18.481581] ? __pfx_kthread+0x10/0x10 [ 18.481608] ret_from_fork+0x116/0x1d0 [ 18.481634] ? __pfx_kthread+0x10/0x10 [ 18.481672] ret_from_fork_asm+0x1a/0x30 [ 18.481713] </TASK> [ 18.481728] [ 18.494446] Allocated by task 303: [ 18.494704] kasan_save_stack+0x45/0x70 [ 18.495330] kasan_save_track+0x18/0x40 [ 18.495545] kasan_save_alloc_info+0x3b/0x50 [ 18.495952] __kasan_kmalloc+0xb7/0xc0 [ 18.496178] __kmalloc_noprof+0x1c9/0x500 [ 18.496418] kunit_kmalloc_array+0x25/0x60 [ 18.496898] copy_user_test_oob+0xab/0x10f0 [ 18.497382] kunit_try_run_case+0x1a5/0x480 [ 18.498019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.498451] kthread+0x337/0x6f0 [ 18.498608] ret_from_fork+0x116/0x1d0 [ 18.498796] ret_from_fork_asm+0x1a/0x30 [ 18.499401] [ 18.499602] The buggy address belongs to the object at ffff888103332c00 [ 18.499602] which belongs to the cache kmalloc-128 of size 128 [ 18.501235] The buggy address is located 0 bytes inside of [ 18.501235] allocated 120-byte region [ffff888103332c00, ffff888103332c78) [ 18.502327] [ 18.502539] The buggy address belongs to the physical page: [ 18.503124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103332 [ 18.503453] flags: 0x200000000000000(node=0|zone=2) [ 18.503675] page_type: f5(slab) [ 18.503849] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.504404] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.504779] page dumped because: kasan: bad access detected [ 18.505069] [ 18.505187] Memory state around the buggy address: [ 18.505444] ffff888103332b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.505871] ffff888103332b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.506189] >ffff888103332c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.506565] ^ [ 18.506841] ffff888103332c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.507326] ffff888103332d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.507702] ================================================================== [ 18.457669] ================================================================== [ 18.458178] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 18.458469] Read of size 121 at addr ffff888103332c00 by task kunit_try_catch/303 [ 18.458896] [ 18.459421] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.459487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.459505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.459545] Call Trace: [ 18.459569] <TASK> [ 18.459593] dump_stack_lvl+0x73/0xb0 [ 18.459630] print_report+0xd1/0x650 [ 18.459672] ? __virt_addr_valid+0x1db/0x2d0 [ 18.459702] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.459731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.459788] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.459819] kasan_report+0x141/0x180 [ 18.459848] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.459883] kasan_check_range+0x10c/0x1c0 [ 18.459913] __kasan_check_read+0x15/0x20 [ 18.459937] copy_user_test_oob+0x4aa/0x10f0 [ 18.459970] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.459998] ? finish_task_switch.isra.0+0x153/0x700 [ 18.460026] ? __switch_to+0x47/0xf50 [ 18.460057] ? __schedule+0x10cc/0x2b60 [ 18.460086] ? __pfx_read_tsc+0x10/0x10 [ 18.460112] ? ktime_get_ts64+0x86/0x230 [ 18.460144] kunit_try_run_case+0x1a5/0x480 [ 18.460175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.460203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.460232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.460261] ? __kthread_parkme+0x82/0x180 [ 18.460287] ? preempt_count_sub+0x50/0x80 [ 18.460316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.460348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.460380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.460408] kthread+0x337/0x6f0 [ 18.460433] ? trace_preempt_on+0x20/0xc0 [ 18.460464] ? __pfx_kthread+0x10/0x10 [ 18.460492] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.460518] ? calculate_sigpending+0x7b/0xa0 [ 18.460548] ? __pfx_kthread+0x10/0x10 [ 18.460575] ret_from_fork+0x116/0x1d0 [ 18.460599] ? __pfx_kthread+0x10/0x10 [ 18.460625] ret_from_fork_asm+0x1a/0x30 [ 18.460677] </TASK> [ 18.460692] [ 18.469127] Allocated by task 303: [ 18.469367] kasan_save_stack+0x45/0x70 [ 18.469621] kasan_save_track+0x18/0x40 [ 18.469888] kasan_save_alloc_info+0x3b/0x50 [ 18.470112] __kasan_kmalloc+0xb7/0xc0 [ 18.470336] __kmalloc_noprof+0x1c9/0x500 [ 18.470528] kunit_kmalloc_array+0x25/0x60 [ 18.470835] copy_user_test_oob+0xab/0x10f0 [ 18.471045] kunit_try_run_case+0x1a5/0x480 [ 18.471225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.471514] kthread+0x337/0x6f0 [ 18.471737] ret_from_fork+0x116/0x1d0 [ 18.472002] ret_from_fork_asm+0x1a/0x30 [ 18.472257] [ 18.472375] The buggy address belongs to the object at ffff888103332c00 [ 18.472375] which belongs to the cache kmalloc-128 of size 128 [ 18.472982] The buggy address is located 0 bytes inside of [ 18.472982] allocated 120-byte region [ffff888103332c00, ffff888103332c78) [ 18.473484] [ 18.473609] The buggy address belongs to the physical page: [ 18.473958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103332 [ 18.474332] flags: 0x200000000000000(node=0|zone=2) [ 18.474607] page_type: f5(slab) [ 18.474848] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.475217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.475575] page dumped because: kasan: bad access detected [ 18.475859] [ 18.475948] Memory state around the buggy address: [ 18.476141] ffff888103332b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.476406] ffff888103332b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.476830] >ffff888103332c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.477213] ^ [ 18.477677] ffff888103332c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.478063] ffff888103332d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.478352] ================================================================== [ 18.425955] ================================================================== [ 18.426380] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 18.426816] Write of size 121 at addr ffff888103332c00 by task kunit_try_catch/303 [ 18.427208] [ 18.427351] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.427413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.427430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.427460] Call Trace: [ 18.427480] <TASK> [ 18.427505] dump_stack_lvl+0x73/0xb0 [ 18.427543] print_report+0xd1/0x650 [ 18.427573] ? __virt_addr_valid+0x1db/0x2d0 [ 18.427603] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.427633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.427674] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.427705] kasan_report+0x141/0x180 [ 18.427733] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.427793] kasan_check_range+0x10c/0x1c0 [ 18.427823] __kasan_check_write+0x18/0x20 [ 18.427849] copy_user_test_oob+0x3fd/0x10f0 [ 18.427881] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.427910] ? finish_task_switch.isra.0+0x153/0x700 [ 18.427939] ? __switch_to+0x47/0xf50 [ 18.427972] ? __schedule+0x10cc/0x2b60 [ 18.428001] ? __pfx_read_tsc+0x10/0x10 [ 18.428027] ? ktime_get_ts64+0x86/0x230 [ 18.428058] kunit_try_run_case+0x1a5/0x480 [ 18.428091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.428118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.428148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.428178] ? __kthread_parkme+0x82/0x180 [ 18.428204] ? preempt_count_sub+0x50/0x80 [ 18.428233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.428262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.428292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.428321] kthread+0x337/0x6f0 [ 18.428347] ? trace_preempt_on+0x20/0xc0 [ 18.428378] ? __pfx_kthread+0x10/0x10 [ 18.428404] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.428430] ? calculate_sigpending+0x7b/0xa0 [ 18.428460] ? __pfx_kthread+0x10/0x10 [ 18.428487] ret_from_fork+0x116/0x1d0 [ 18.428510] ? __pfx_kthread+0x10/0x10 [ 18.428535] ret_from_fork_asm+0x1a/0x30 [ 18.428575] </TASK> [ 18.428591] [ 18.442622] Allocated by task 303: [ 18.442914] kasan_save_stack+0x45/0x70 [ 18.443357] kasan_save_track+0x18/0x40 [ 18.443818] kasan_save_alloc_info+0x3b/0x50 [ 18.444270] __kasan_kmalloc+0xb7/0xc0 [ 18.444682] __kmalloc_noprof+0x1c9/0x500 [ 18.445022] kunit_kmalloc_array+0x25/0x60 [ 18.445205] copy_user_test_oob+0xab/0x10f0 [ 18.445384] kunit_try_run_case+0x1a5/0x480 [ 18.445561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.446066] kthread+0x337/0x6f0 [ 18.446429] ret_from_fork+0x116/0x1d0 [ 18.446870] ret_from_fork_asm+0x1a/0x30 [ 18.447302] [ 18.447493] The buggy address belongs to the object at ffff888103332c00 [ 18.447493] which belongs to the cache kmalloc-128 of size 128 [ 18.448747] The buggy address is located 0 bytes inside of [ 18.448747] allocated 120-byte region [ffff888103332c00, ffff888103332c78) [ 18.449875] [ 18.449968] The buggy address belongs to the physical page: [ 18.450183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103332 [ 18.450479] flags: 0x200000000000000(node=0|zone=2) [ 18.450737] page_type: f5(slab) [ 18.451110] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.451910] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.452678] page dumped because: kasan: bad access detected [ 18.453267] [ 18.453458] Memory state around the buggy address: [ 18.453988] ffff888103332b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.454737] ffff888103332b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.455484] >ffff888103332c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.456125] ^ [ 18.456388] ffff888103332c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.456663] ffff888103332d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.457004] ================================================================== [ 18.509716] ================================================================== [ 18.510699] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 18.511258] Read of size 121 at addr ffff888103332c00 by task kunit_try_catch/303 [ 18.511957] [ 18.512216] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.512280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.512298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.512328] Call Trace: [ 18.512454] <TASK> [ 18.512483] dump_stack_lvl+0x73/0xb0 [ 18.512523] print_report+0xd1/0x650 [ 18.512552] ? __virt_addr_valid+0x1db/0x2d0 [ 18.512583] ? copy_user_test_oob+0x604/0x10f0 [ 18.512614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.512642] ? copy_user_test_oob+0x604/0x10f0 [ 18.512688] kasan_report+0x141/0x180 [ 18.512717] ? copy_user_test_oob+0x604/0x10f0 [ 18.512752] kasan_check_range+0x10c/0x1c0 [ 18.512782] __kasan_check_read+0x15/0x20 [ 18.512807] copy_user_test_oob+0x604/0x10f0 [ 18.512839] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.512867] ? finish_task_switch.isra.0+0x153/0x700 [ 18.512894] ? __switch_to+0x47/0xf50 [ 18.512926] ? __schedule+0x10cc/0x2b60 [ 18.512955] ? __pfx_read_tsc+0x10/0x10 [ 18.512982] ? ktime_get_ts64+0x86/0x230 [ 18.513012] kunit_try_run_case+0x1a5/0x480 [ 18.513043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.513071] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.513101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.513131] ? __kthread_parkme+0x82/0x180 [ 18.513157] ? preempt_count_sub+0x50/0x80 [ 18.513186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.513216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.513245] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.513274] kthread+0x337/0x6f0 [ 18.513299] ? trace_preempt_on+0x20/0xc0 [ 18.513329] ? __pfx_kthread+0x10/0x10 [ 18.513355] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.513382] ? calculate_sigpending+0x7b/0xa0 [ 18.513412] ? __pfx_kthread+0x10/0x10 [ 18.513439] ret_from_fork+0x116/0x1d0 [ 18.513463] ? __pfx_kthread+0x10/0x10 [ 18.513489] ret_from_fork_asm+0x1a/0x30 [ 18.513528] </TASK> [ 18.513543] [ 18.524794] Allocated by task 303: [ 18.524963] kasan_save_stack+0x45/0x70 [ 18.525259] kasan_save_track+0x18/0x40 [ 18.525494] kasan_save_alloc_info+0x3b/0x50 [ 18.525790] __kasan_kmalloc+0xb7/0xc0 [ 18.525967] __kmalloc_noprof+0x1c9/0x500 [ 18.526181] kunit_kmalloc_array+0x25/0x60 [ 18.526441] copy_user_test_oob+0xab/0x10f0 [ 18.526689] kunit_try_run_case+0x1a5/0x480 [ 18.527109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.527414] kthread+0x337/0x6f0 [ 18.527617] ret_from_fork+0x116/0x1d0 [ 18.527880] ret_from_fork_asm+0x1a/0x30 [ 18.528091] [ 18.528178] The buggy address belongs to the object at ffff888103332c00 [ 18.528178] which belongs to the cache kmalloc-128 of size 128 [ 18.528623] The buggy address is located 0 bytes inside of [ 18.528623] allocated 120-byte region [ffff888103332c00, ffff888103332c78) [ 18.529539] [ 18.529699] The buggy address belongs to the physical page: [ 18.530318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103332 [ 18.531494] flags: 0x200000000000000(node=0|zone=2) [ 18.531762] page_type: f5(slab) [ 18.532108] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.532629] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.533069] page dumped because: kasan: bad access detected [ 18.533336] [ 18.533425] Memory state around the buggy address: [ 18.533735] ffff888103332b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.534130] ffff888103332b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.534450] >ffff888103332c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.534844] ^ [ 18.535401] ffff888103332c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.535664] ffff888103332d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.536283] ==================================================================