Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.290269] ================================================================== [ 21.290332] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.290386] Write of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.290776] [ 21.290828] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.291109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.291164] Hardware name: linux,dummy-virt (DT) [ 21.291231] Call trace: [ 21.291480] show_stack+0x20/0x38 (C) [ 21.291553] dump_stack_lvl+0x8c/0xd0 [ 21.291779] print_report+0x118/0x608 [ 21.291950] kasan_report+0xdc/0x128 [ 21.292077] kasan_check_range+0x100/0x1a8 [ 21.292181] __kasan_check_write+0x20/0x30 [ 21.292476] copy_user_test_oob+0x434/0xec8 [ 21.292618] kunit_try_run_case+0x170/0x3f0 [ 21.292765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.292823] kthread+0x328/0x630 [ 21.293082] ret_from_fork+0x10/0x20 [ 21.293484] [ 21.293512] Allocated by task 285: [ 21.293568] kasan_save_stack+0x3c/0x68 [ 21.293629] kasan_save_track+0x20/0x40 [ 21.293670] kasan_save_alloc_info+0x40/0x58 [ 21.293711] __kasan_kmalloc+0xd4/0xd8 [ 21.293750] __kmalloc_noprof+0x198/0x4c8 [ 21.293788] kunit_kmalloc_array+0x34/0x88 [ 21.293840] copy_user_test_oob+0xac/0xec8 [ 21.293878] kunit_try_run_case+0x170/0x3f0 [ 21.293920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.293965] kthread+0x328/0x630 [ 21.294011] ret_from_fork+0x10/0x20 [ 21.294049] [ 21.294086] The buggy address belongs to the object at fff00000c78d3b00 [ 21.294086] which belongs to the cache kmalloc-128 of size 128 [ 21.294143] The buggy address is located 0 bytes inside of [ 21.294143] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.294232] [ 21.294267] The buggy address belongs to the physical page: [ 21.294321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.294384] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.294431] page_type: f5(slab) [ 21.294471] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.294522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.294565] page dumped because: kasan: bad access detected [ 21.294631] [ 21.294660] Memory state around the buggy address: [ 21.294717] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.294764] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.294811] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.294856] ^ [ 21.294900] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.294944] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.294997] ================================================================== [ 21.272452] ================================================================== [ 21.272557] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.272952] Write of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.273096] [ 21.273191] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.273334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.273362] Hardware name: linux,dummy-virt (DT) [ 21.273407] Call trace: [ 21.273436] show_stack+0x20/0x38 (C) [ 21.273504] dump_stack_lvl+0x8c/0xd0 [ 21.273639] print_report+0x118/0x608 [ 21.273724] kasan_report+0xdc/0x128 [ 21.274052] kasan_check_range+0x100/0x1a8 [ 21.274126] __kasan_check_write+0x20/0x30 [ 21.274240] copy_user_test_oob+0x35c/0xec8 [ 21.274327] kunit_try_run_case+0x170/0x3f0 [ 21.274457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.274517] kthread+0x328/0x630 [ 21.274783] ret_from_fork+0x10/0x20 [ 21.274889] [ 21.274913] Allocated by task 285: [ 21.274954] kasan_save_stack+0x3c/0x68 [ 21.275253] kasan_save_track+0x20/0x40 [ 21.275322] kasan_save_alloc_info+0x40/0x58 [ 21.275368] __kasan_kmalloc+0xd4/0xd8 [ 21.275407] __kmalloc_noprof+0x198/0x4c8 [ 21.275446] kunit_kmalloc_array+0x34/0x88 [ 21.275488] copy_user_test_oob+0xac/0xec8 [ 21.275530] kunit_try_run_case+0x170/0x3f0 [ 21.275815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.275889] kthread+0x328/0x630 [ 21.276176] ret_from_fork+0x10/0x20 [ 21.276243] [ 21.276482] The buggy address belongs to the object at fff00000c78d3b00 [ 21.276482] which belongs to the cache kmalloc-128 of size 128 [ 21.276639] The buggy address is located 0 bytes inside of [ 21.276639] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.276876] [ 21.276997] The buggy address belongs to the physical page: [ 21.277125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.277293] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.277399] page_type: f5(slab) [ 21.277610] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.277783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.277853] page dumped because: kasan: bad access detected [ 21.277952] [ 21.278063] Memory state around the buggy address: [ 21.278517] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.278626] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279075] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.279174] ^ [ 21.279297] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279345] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279444] ================================================================== [ 21.253929] ================================================================== [ 21.253989] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.254041] Read of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.254093] [ 21.254124] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.254495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.254530] Hardware name: linux,dummy-virt (DT) [ 21.254574] Call trace: [ 21.254599] show_stack+0x20/0x38 (C) [ 21.254652] dump_stack_lvl+0x8c/0xd0 [ 21.254699] print_report+0x118/0x608 [ 21.254807] kasan_report+0xdc/0x128 [ 21.254903] kasan_check_range+0x100/0x1a8 [ 21.255064] __kasan_check_read+0x20/0x30 [ 21.255215] copy_user_test_oob+0x728/0xec8 [ 21.255282] kunit_try_run_case+0x170/0x3f0 [ 21.255372] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.255459] kthread+0x328/0x630 [ 21.255502] ret_from_fork+0x10/0x20 [ 21.255625] [ 21.255651] Allocated by task 285: [ 21.255697] kasan_save_stack+0x3c/0x68 [ 21.255741] kasan_save_track+0x20/0x40 [ 21.256107] kasan_save_alloc_info+0x40/0x58 [ 21.256314] __kasan_kmalloc+0xd4/0xd8 [ 21.256628] __kmalloc_noprof+0x198/0x4c8 [ 21.256769] kunit_kmalloc_array+0x34/0x88 [ 21.256866] copy_user_test_oob+0xac/0xec8 [ 21.257005] kunit_try_run_case+0x170/0x3f0 [ 21.257233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.257300] kthread+0x328/0x630 [ 21.257337] ret_from_fork+0x10/0x20 [ 21.257381] [ 21.257405] The buggy address belongs to the object at fff00000c78d3b00 [ 21.257405] which belongs to the cache kmalloc-128 of size 128 [ 21.257576] The buggy address is located 0 bytes inside of [ 21.257576] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.257740] [ 21.257862] The buggy address belongs to the physical page: [ 21.259543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.259676] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.259731] page_type: f5(slab) [ 21.259771] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.259981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.260067] page dumped because: kasan: bad access detected [ 21.260178] [ 21.260427] Memory state around the buggy address: [ 21.260634] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.260689] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.260933] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.261065] ^ [ 21.261439] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.261608] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.261654] ================================================================== [ 21.242285] ================================================================== [ 21.242603] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.242925] Write of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.243024] [ 21.243088] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.243213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.243275] Hardware name: linux,dummy-virt (DT) [ 21.243342] Call trace: [ 21.243376] show_stack+0x20/0x38 (C) [ 21.243433] dump_stack_lvl+0x8c/0xd0 [ 21.243484] print_report+0x118/0x608 [ 21.243743] kasan_report+0xdc/0x128 [ 21.243896] kasan_check_range+0x100/0x1a8 [ 21.244006] __kasan_check_write+0x20/0x30 [ 21.244168] copy_user_test_oob+0x234/0xec8 [ 21.244293] kunit_try_run_case+0x170/0x3f0 [ 21.244413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.244601] kthread+0x328/0x630 [ 21.244658] ret_from_fork+0x10/0x20 [ 21.244707] [ 21.244769] Allocated by task 285: [ 21.244803] kasan_save_stack+0x3c/0x68 [ 21.244912] kasan_save_track+0x20/0x40 [ 21.245004] kasan_save_alloc_info+0x40/0x58 [ 21.245093] __kasan_kmalloc+0xd4/0xd8 [ 21.245370] __kmalloc_noprof+0x198/0x4c8 [ 21.245482] kunit_kmalloc_array+0x34/0x88 [ 21.245582] copy_user_test_oob+0xac/0xec8 [ 21.245740] kunit_try_run_case+0x170/0x3f0 [ 21.245894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.245999] kthread+0x328/0x630 [ 21.246117] ret_from_fork+0x10/0x20 [ 21.246196] [ 21.246219] The buggy address belongs to the object at fff00000c78d3b00 [ 21.246219] which belongs to the cache kmalloc-128 of size 128 [ 21.246307] The buggy address is located 0 bytes inside of [ 21.246307] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.246371] [ 21.246398] The buggy address belongs to the physical page: [ 21.246432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.246511] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.246562] page_type: f5(slab) [ 21.246607] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.246656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.246698] page dumped because: kasan: bad access detected [ 21.246750] [ 21.246782] Memory state around the buggy address: [ 21.246828] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.246873] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.246918] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.246959] ^ [ 21.247016] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.247071] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.247112] ================================================================== [ 21.280576] ================================================================== [ 21.280631] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.280683] Read of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.280736] [ 21.281299] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.281405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.281442] Hardware name: linux,dummy-virt (DT) [ 21.281607] Call trace: [ 21.281751] show_stack+0x20/0x38 (C) [ 21.281838] dump_stack_lvl+0x8c/0xd0 [ 21.281889] print_report+0x118/0x608 [ 21.282166] kasan_report+0xdc/0x128 [ 21.282331] kasan_check_range+0x100/0x1a8 [ 21.282462] __kasan_check_read+0x20/0x30 [ 21.282513] copy_user_test_oob+0x3c8/0xec8 [ 21.282690] kunit_try_run_case+0x170/0x3f0 [ 21.282928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.283014] kthread+0x328/0x630 [ 21.283058] ret_from_fork+0x10/0x20 [ 21.283248] [ 21.283295] Allocated by task 285: [ 21.283342] kasan_save_stack+0x3c/0x68 [ 21.283397] kasan_save_track+0x20/0x40 [ 21.283435] kasan_save_alloc_info+0x40/0x58 [ 21.283748] __kasan_kmalloc+0xd4/0xd8 [ 21.283818] __kmalloc_noprof+0x198/0x4c8 [ 21.283860] kunit_kmalloc_array+0x34/0x88 [ 21.284183] copy_user_test_oob+0xac/0xec8 [ 21.284393] kunit_try_run_case+0x170/0x3f0 [ 21.284520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.284722] kthread+0x328/0x630 [ 21.284763] ret_from_fork+0x10/0x20 [ 21.285112] [ 21.285184] The buggy address belongs to the object at fff00000c78d3b00 [ 21.285184] which belongs to the cache kmalloc-128 of size 128 [ 21.285559] The buggy address is located 0 bytes inside of [ 21.285559] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.285815] [ 21.286009] The buggy address belongs to the physical page: [ 21.286099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.286232] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.286654] page_type: f5(slab) [ 21.287162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.287235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.287491] page dumped because: kasan: bad access detected [ 21.287609] [ 21.288004] Memory state around the buggy address: [ 21.288077] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.288203] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288249] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.288295] ^ [ 21.288338] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288384] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288426] ================================================================== [ 21.295306] ================================================================== [ 21.296096] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.296190] Read of size 121 at addr fff00000c78d3b00 by task kunit_try_catch/285 [ 21.296272] [ 21.296323] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.296598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.296858] Hardware name: linux,dummy-virt (DT) [ 21.296912] Call trace: [ 21.296956] show_stack+0x20/0x38 (C) [ 21.297009] dump_stack_lvl+0x8c/0xd0 [ 21.297057] print_report+0x118/0x608 [ 21.297103] kasan_report+0xdc/0x128 [ 21.297159] kasan_check_range+0x100/0x1a8 [ 21.297208] __kasan_check_read+0x20/0x30 [ 21.297254] copy_user_test_oob+0x4a0/0xec8 [ 21.297301] kunit_try_run_case+0x170/0x3f0 [ 21.297347] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.297405] kthread+0x328/0x630 [ 21.297452] ret_from_fork+0x10/0x20 [ 21.297499] [ 21.297520] Allocated by task 285: [ 21.297551] kasan_save_stack+0x3c/0x68 [ 21.297594] kasan_save_track+0x20/0x40 [ 21.297632] kasan_save_alloc_info+0x40/0x58 [ 21.297673] __kasan_kmalloc+0xd4/0xd8 [ 21.297710] __kmalloc_noprof+0x198/0x4c8 [ 21.297749] kunit_kmalloc_array+0x34/0x88 [ 21.297787] copy_user_test_oob+0xac/0xec8 [ 21.297826] kunit_try_run_case+0x170/0x3f0 [ 21.297865] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.297908] kthread+0x328/0x630 [ 21.298085] ret_from_fork+0x10/0x20 [ 21.298177] [ 21.298643] The buggy address belongs to the object at fff00000c78d3b00 [ 21.298643] which belongs to the cache kmalloc-128 of size 128 [ 21.298781] The buggy address is located 0 bytes inside of [ 21.298781] allocated 120-byte region [fff00000c78d3b00, fff00000c78d3b78) [ 21.298944] [ 21.298997] The buggy address belongs to the physical page: [ 21.299176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d3 [ 21.299256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.299408] page_type: f5(slab) [ 21.299450] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.300205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.300261] page dumped because: kasan: bad access detected [ 21.300303] [ 21.300640] Memory state around the buggy address: [ 21.300702] fff00000c78d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.300784] fff00000c78d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.300843] >fff00000c78d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.300911] ^ [ 21.301175] fff00000c78d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.301255] fff00000c78d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.301461] ==================================================================
[ 18.204458] ================================================================== [ 18.205306] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 18.206031] Read of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.206498] [ 18.206766] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.206840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.206859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.206888] Call Trace: [ 18.207032] <TASK> [ 18.207057] dump_stack_lvl+0x73/0xb0 [ 18.207097] print_report+0xd1/0x650 [ 18.207125] ? __virt_addr_valid+0x1db/0x2d0 [ 18.207153] ? copy_user_test_oob+0x604/0x10f0 [ 18.207182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.207209] ? copy_user_test_oob+0x604/0x10f0 [ 18.207238] kasan_report+0x141/0x180 [ 18.207265] ? copy_user_test_oob+0x604/0x10f0 [ 18.207299] kasan_check_range+0x10c/0x1c0 [ 18.207328] __kasan_check_read+0x15/0x20 [ 18.207351] copy_user_test_oob+0x604/0x10f0 [ 18.207382] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.207409] ? finish_task_switch.isra.0+0x153/0x700 [ 18.207438] ? __switch_to+0x47/0xf50 [ 18.207470] ? __schedule+0x10cc/0x2b60 [ 18.207497] ? __pfx_read_tsc+0x10/0x10 [ 18.207524] ? ktime_get_ts64+0x86/0x230 [ 18.207554] kunit_try_run_case+0x1a5/0x480 [ 18.207584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.207613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.207646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.207677] ? __kthread_parkme+0x82/0x180 [ 18.207703] ? preempt_count_sub+0x50/0x80 [ 18.207731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.207759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.207800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.207828] kthread+0x337/0x6f0 [ 18.207852] ? trace_preempt_on+0x20/0xc0 [ 18.207881] ? __pfx_kthread+0x10/0x10 [ 18.207906] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.207932] ? calculate_sigpending+0x7b/0xa0 [ 18.207961] ? __pfx_kthread+0x10/0x10 [ 18.207988] ret_from_fork+0x116/0x1d0 [ 18.208012] ? __pfx_kthread+0x10/0x10 [ 18.208037] ret_from_fork_asm+0x1a/0x30 [ 18.208076] </TASK> [ 18.208103] [ 18.218736] Allocated by task 303: [ 18.219700] kasan_save_stack+0x45/0x70 [ 18.220522] kasan_save_track+0x18/0x40 [ 18.221869] kasan_save_alloc_info+0x3b/0x50 [ 18.222390] __kasan_kmalloc+0xb7/0xc0 [ 18.222921] __kmalloc_noprof+0x1c9/0x500 [ 18.223659] kunit_kmalloc_array+0x25/0x60 [ 18.223915] copy_user_test_oob+0xab/0x10f0 [ 18.224997] kunit_try_run_case+0x1a5/0x480 [ 18.225390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.225713] kthread+0x337/0x6f0 [ 18.225927] ret_from_fork+0x116/0x1d0 [ 18.226320] ret_from_fork_asm+0x1a/0x30 [ 18.226904] [ 18.227119] The buggy address belongs to the object at ffff888103929700 [ 18.227119] which belongs to the cache kmalloc-128 of size 128 [ 18.227603] The buggy address is located 0 bytes inside of [ 18.227603] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.228853] [ 18.229077] The buggy address belongs to the physical page: [ 18.229548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.229966] flags: 0x200000000000000(node=0|zone=2) [ 18.230676] page_type: f5(slab) [ 18.230994] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.231674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.232369] page dumped because: kasan: bad access detected [ 18.232665] [ 18.232775] Memory state around the buggy address: [ 18.233574] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.234262] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.234874] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.235623] ^ [ 18.236457] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.236842] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.237598] ================================================================== [ 18.124775] ================================================================== [ 18.125213] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 18.125577] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.125932] [ 18.126079] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.126135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.126153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.126180] Call Trace: [ 18.126448] <TASK> [ 18.126483] dump_stack_lvl+0x73/0xb0 [ 18.126523] print_report+0xd1/0x650 [ 18.126553] ? __virt_addr_valid+0x1db/0x2d0 [ 18.126584] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.126642] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126671] kasan_report+0x141/0x180 [ 18.126699] ? copy_user_test_oob+0x3fd/0x10f0 [ 18.126734] kasan_check_range+0x10c/0x1c0 [ 18.126763] __kasan_check_write+0x18/0x20 [ 18.126806] copy_user_test_oob+0x3fd/0x10f0 [ 18.126837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.126865] ? finish_task_switch.isra.0+0x153/0x700 [ 18.126893] ? __switch_to+0x47/0xf50 [ 18.126925] ? __schedule+0x10cc/0x2b60 [ 18.126953] ? __pfx_read_tsc+0x10/0x10 [ 18.126980] ? ktime_get_ts64+0x86/0x230 [ 18.127010] kunit_try_run_case+0x1a5/0x480 [ 18.127041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.127069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.127222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.127255] ? __kthread_parkme+0x82/0x180 [ 18.127282] ? preempt_count_sub+0x50/0x80 [ 18.127312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.127341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.127371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.127400] kthread+0x337/0x6f0 [ 18.127425] ? trace_preempt_on+0x20/0xc0 [ 18.127455] ? __pfx_kthread+0x10/0x10 [ 18.127481] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.127507] ? calculate_sigpending+0x7b/0xa0 [ 18.127537] ? __pfx_kthread+0x10/0x10 [ 18.127564] ret_from_fork+0x116/0x1d0 [ 18.127589] ? __pfx_kthread+0x10/0x10 [ 18.127615] ret_from_fork_asm+0x1a/0x30 [ 18.127653] </TASK> [ 18.127669] [ 18.138770] Allocated by task 303: [ 18.139210] kasan_save_stack+0x45/0x70 [ 18.139453] kasan_save_track+0x18/0x40 [ 18.139651] kasan_save_alloc_info+0x3b/0x50 [ 18.139894] __kasan_kmalloc+0xb7/0xc0 [ 18.140362] __kmalloc_noprof+0x1c9/0x500 [ 18.140582] kunit_kmalloc_array+0x25/0x60 [ 18.140775] copy_user_test_oob+0xab/0x10f0 [ 18.141167] kunit_try_run_case+0x1a5/0x480 [ 18.141511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.141879] kthread+0x337/0x6f0 [ 18.142154] ret_from_fork+0x116/0x1d0 [ 18.142383] ret_from_fork_asm+0x1a/0x30 [ 18.142589] [ 18.142686] The buggy address belongs to the object at ffff888103929700 [ 18.142686] which belongs to the cache kmalloc-128 of size 128 [ 18.143587] The buggy address is located 0 bytes inside of [ 18.143587] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.144191] [ 18.144444] The buggy address belongs to the physical page: [ 18.144680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.145236] flags: 0x200000000000000(node=0|zone=2) [ 18.145599] page_type: f5(slab) [ 18.145784] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.146279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.146689] page dumped because: kasan: bad access detected [ 18.147037] [ 18.147141] Memory state around the buggy address: [ 18.147564] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.147897] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.148441] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.148809] ^ [ 18.149230] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.149585] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.150055] ================================================================== [ 18.177815] ================================================================== [ 18.178456] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 18.178904] Write of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.179377] [ 18.179648] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.179707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.179723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.179752] Call Trace: [ 18.179774] <TASK> [ 18.179811] dump_stack_lvl+0x73/0xb0 [ 18.179850] print_report+0xd1/0x650 [ 18.179879] ? __virt_addr_valid+0x1db/0x2d0 [ 18.179908] ? copy_user_test_oob+0x557/0x10f0 [ 18.179938] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.179966] ? copy_user_test_oob+0x557/0x10f0 [ 18.179995] kasan_report+0x141/0x180 [ 18.180023] ? copy_user_test_oob+0x557/0x10f0 [ 18.180057] kasan_check_range+0x10c/0x1c0 [ 18.180215] __kasan_check_write+0x18/0x20 [ 18.180244] copy_user_test_oob+0x557/0x10f0 [ 18.180277] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.180305] ? finish_task_switch.isra.0+0x153/0x700 [ 18.180334] ? __switch_to+0x47/0xf50 [ 18.180365] ? __schedule+0x10cc/0x2b60 [ 18.180394] ? __pfx_read_tsc+0x10/0x10 [ 18.180421] ? ktime_get_ts64+0x86/0x230 [ 18.180450] kunit_try_run_case+0x1a5/0x480 [ 18.180481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.180508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.180537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.180567] ? __kthread_parkme+0x82/0x180 [ 18.180593] ? preempt_count_sub+0x50/0x80 [ 18.180621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.180651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.180678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.180707] kthread+0x337/0x6f0 [ 18.180731] ? trace_preempt_on+0x20/0xc0 [ 18.180761] ? __pfx_kthread+0x10/0x10 [ 18.180798] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.180825] ? calculate_sigpending+0x7b/0xa0 [ 18.180854] ? __pfx_kthread+0x10/0x10 [ 18.180881] ret_from_fork+0x116/0x1d0 [ 18.180905] ? __pfx_kthread+0x10/0x10 [ 18.180930] ret_from_fork_asm+0x1a/0x30 [ 18.180966] </TASK> [ 18.180983] [ 18.191929] Allocated by task 303: [ 18.192359] kasan_save_stack+0x45/0x70 [ 18.192702] kasan_save_track+0x18/0x40 [ 18.192935] kasan_save_alloc_info+0x3b/0x50 [ 18.193158] __kasan_kmalloc+0xb7/0xc0 [ 18.193364] __kmalloc_noprof+0x1c9/0x500 [ 18.193582] kunit_kmalloc_array+0x25/0x60 [ 18.193806] copy_user_test_oob+0xab/0x10f0 [ 18.194032] kunit_try_run_case+0x1a5/0x480 [ 18.194612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.195016] kthread+0x337/0x6f0 [ 18.195204] ret_from_fork+0x116/0x1d0 [ 18.195509] ret_from_fork_asm+0x1a/0x30 [ 18.195884] [ 18.195997] The buggy address belongs to the object at ffff888103929700 [ 18.195997] which belongs to the cache kmalloc-128 of size 128 [ 18.196781] The buggy address is located 0 bytes inside of [ 18.196781] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.197480] [ 18.197735] The buggy address belongs to the physical page: [ 18.198002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.198564] flags: 0x200000000000000(node=0|zone=2) [ 18.198954] page_type: f5(slab) [ 18.199131] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.199804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.200172] page dumped because: kasan: bad access detected [ 18.200586] [ 18.200707] Memory state around the buggy address: [ 18.201084] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.201532] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.201955] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.202402] ^ [ 18.202722] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.203314] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.203668] ================================================================== [ 18.150902] ================================================================== [ 18.151485] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 18.151872] Read of size 121 at addr ffff888103929700 by task kunit_try_catch/303 [ 18.152473] [ 18.152589] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.152838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.152916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.152947] Call Trace: [ 18.152972] <TASK> [ 18.152994] dump_stack_lvl+0x73/0xb0 [ 18.153033] print_report+0xd1/0x650 [ 18.153062] ? __virt_addr_valid+0x1db/0x2d0 [ 18.153101] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.153157] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153186] kasan_report+0x141/0x180 [ 18.153214] ? copy_user_test_oob+0x4aa/0x10f0 [ 18.153248] kasan_check_range+0x10c/0x1c0 [ 18.153276] __kasan_check_read+0x15/0x20 [ 18.153300] copy_user_test_oob+0x4aa/0x10f0 [ 18.153331] ? __pfx_copy_user_test_oob+0x10/0x10 [ 18.153365] ? finish_task_switch.isra.0+0x153/0x700 [ 18.153391] ? __switch_to+0x47/0xf50 [ 18.153423] ? __schedule+0x10cc/0x2b60 [ 18.153450] ? __pfx_read_tsc+0x10/0x10 [ 18.153477] ? ktime_get_ts64+0x86/0x230 [ 18.153507] kunit_try_run_case+0x1a5/0x480 [ 18.153537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.153565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.153594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.153622] ? __kthread_parkme+0x82/0x180 [ 18.153648] ? preempt_count_sub+0x50/0x80 [ 18.153677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.153705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.153733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.153763] kthread+0x337/0x6f0 [ 18.153798] ? trace_preempt_on+0x20/0xc0 [ 18.153827] ? __pfx_kthread+0x10/0x10 [ 18.153853] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.153879] ? calculate_sigpending+0x7b/0xa0 [ 18.153908] ? __pfx_kthread+0x10/0x10 [ 18.153934] ret_from_fork+0x116/0x1d0 [ 18.153959] ? __pfx_kthread+0x10/0x10 [ 18.153983] ret_from_fork_asm+0x1a/0x30 [ 18.154020] </TASK> [ 18.154035] [ 18.165174] Allocated by task 303: [ 18.165571] kasan_save_stack+0x45/0x70 [ 18.165772] kasan_save_track+0x18/0x40 [ 18.166022] kasan_save_alloc_info+0x3b/0x50 [ 18.166432] __kasan_kmalloc+0xb7/0xc0 [ 18.166726] __kmalloc_noprof+0x1c9/0x500 [ 18.166947] kunit_kmalloc_array+0x25/0x60 [ 18.167342] copy_user_test_oob+0xab/0x10f0 [ 18.167566] kunit_try_run_case+0x1a5/0x480 [ 18.167926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.168381] kthread+0x337/0x6f0 [ 18.168568] ret_from_fork+0x116/0x1d0 [ 18.168906] ret_from_fork_asm+0x1a/0x30 [ 18.169138] [ 18.169346] The buggy address belongs to the object at ffff888103929700 [ 18.169346] which belongs to the cache kmalloc-128 of size 128 [ 18.169909] The buggy address is located 0 bytes inside of [ 18.169909] allocated 120-byte region [ffff888103929700, ffff888103929778) [ 18.170680] [ 18.170929] The buggy address belongs to the physical page: [ 18.171252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 18.171803] flags: 0x200000000000000(node=0|zone=2) [ 18.172159] page_type: f5(slab) [ 18.172318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.172865] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.173297] page dumped because: kasan: bad access detected [ 18.173691] [ 18.173832] Memory state around the buggy address: [ 18.174088] ffff888103929600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.174618] ffff888103929680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.175103] >ffff888103929700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.175469] ^ [ 18.175840] ffff888103929780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.176383] ffff888103929800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.176802] ==================================================================