Date
July 6, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.302031] ================================================================== [ 21.302165] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.302660] Write of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.303086] [ 21.303269] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.304112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.304297] Hardware name: linux,dummy-virt (DT) [ 21.304348] Call trace: [ 21.304948] show_stack+0x20/0x38 (C) [ 21.305366] dump_stack_lvl+0x8c/0xd0 [ 21.305608] print_report+0x118/0x608 [ 21.305845] kasan_report+0xdc/0x128 [ 21.305977] kasan_check_range+0x100/0x1a8 [ 21.306066] __kasan_check_write+0x20/0x30 [ 21.306384] copy_user_test_oob+0x234/0xec8 [ 21.306936] kunit_try_run_case+0x170/0x3f0 [ 21.307065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.307328] kthread+0x328/0x630 [ 21.307422] ret_from_fork+0x10/0x20 [ 21.307788] [ 21.307817] Allocated by task 285: [ 21.308484] kasan_save_stack+0x3c/0x68 [ 21.308621] kasan_save_track+0x20/0x40 [ 21.308786] kasan_save_alloc_info+0x40/0x58 [ 21.308971] __kasan_kmalloc+0xd4/0xd8 [ 21.309245] __kmalloc_noprof+0x198/0x4c8 [ 21.309623] kunit_kmalloc_array+0x34/0x88 [ 21.309883] copy_user_test_oob+0xac/0xec8 [ 21.310014] kunit_try_run_case+0x170/0x3f0 [ 21.310334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.310549] kthread+0x328/0x630 [ 21.310604] ret_from_fork+0x10/0x20 [ 21.310770] [ 21.310955] The buggy address belongs to the object at fff00000c5709400 [ 21.310955] which belongs to the cache kmalloc-128 of size 128 [ 21.311211] The buggy address is located 0 bytes inside of [ 21.311211] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.311463] [ 21.311753] The buggy address belongs to the physical page: [ 21.311817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.312255] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.313103] page_type: f5(slab) [ 21.313295] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.313393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.313502] page dumped because: kasan: bad access detected [ 21.313707] [ 21.313779] Memory state around the buggy address: [ 21.313975] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.314036] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.314091] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.314132] ^ [ 21.314608] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.314761] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.314877] ================================================================== [ 21.356453] ================================================================== [ 21.356521] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.356641] Read of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.356698] [ 21.356731] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.356819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.356847] Hardware name: linux,dummy-virt (DT) [ 21.357113] Call trace: [ 21.357153] show_stack+0x20/0x38 (C) [ 21.357216] dump_stack_lvl+0x8c/0xd0 [ 21.357265] print_report+0x118/0x608 [ 21.357314] kasan_report+0xdc/0x128 [ 21.357437] kasan_check_range+0x100/0x1a8 [ 21.358327] __kasan_check_read+0x20/0x30 [ 21.358467] copy_user_test_oob+0x3c8/0xec8 [ 21.358543] kunit_try_run_case+0x170/0x3f0 [ 21.359183] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.359389] kthread+0x328/0x630 [ 21.359508] ret_from_fork+0x10/0x20 [ 21.359681] [ 21.359780] Allocated by task 285: [ 21.359864] kasan_save_stack+0x3c/0x68 [ 21.360221] kasan_save_track+0x20/0x40 [ 21.360529] kasan_save_alloc_info+0x40/0x58 [ 21.361070] __kasan_kmalloc+0xd4/0xd8 [ 21.361248] __kmalloc_noprof+0x198/0x4c8 [ 21.361370] kunit_kmalloc_array+0x34/0x88 [ 21.361475] copy_user_test_oob+0xac/0xec8 [ 21.361689] kunit_try_run_case+0x170/0x3f0 [ 21.361765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.362069] kthread+0x328/0x630 [ 21.362446] ret_from_fork+0x10/0x20 [ 21.362570] [ 21.362598] The buggy address belongs to the object at fff00000c5709400 [ 21.362598] which belongs to the cache kmalloc-128 of size 128 [ 21.363246] The buggy address is located 0 bytes inside of [ 21.363246] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.363352] [ 21.363442] The buggy address belongs to the physical page: [ 21.363560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.363621] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.363670] page_type: f5(slab) [ 21.363709] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.363762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.363805] page dumped because: kasan: bad access detected [ 21.363849] [ 21.363880] Memory state around the buggy address: [ 21.363915] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.363967] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.364011] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.364059] ^ [ 21.364111] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.364157] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.364218] ================================================================== [ 21.346990] ================================================================== [ 21.347061] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.347119] Write of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.347627] [ 21.347683] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.348109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.348176] Hardware name: linux,dummy-virt (DT) [ 21.348298] Call trace: [ 21.348325] show_stack+0x20/0x38 (C) [ 21.348379] dump_stack_lvl+0x8c/0xd0 [ 21.348476] print_report+0x118/0x608 [ 21.348530] kasan_report+0xdc/0x128 [ 21.348860] kasan_check_range+0x100/0x1a8 [ 21.348989] __kasan_check_write+0x20/0x30 [ 21.349042] copy_user_test_oob+0x35c/0xec8 [ 21.349089] kunit_try_run_case+0x170/0x3f0 [ 21.349181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.349251] kthread+0x328/0x630 [ 21.349305] ret_from_fork+0x10/0x20 [ 21.349355] [ 21.349378] Allocated by task 285: [ 21.349417] kasan_save_stack+0x3c/0x68 [ 21.349471] kasan_save_track+0x20/0x40 [ 21.350322] kasan_save_alloc_info+0x40/0x58 [ 21.350539] __kasan_kmalloc+0xd4/0xd8 [ 21.350597] __kmalloc_noprof+0x198/0x4c8 [ 21.350662] kunit_kmalloc_array+0x34/0x88 [ 21.351009] copy_user_test_oob+0xac/0xec8 [ 21.351127] kunit_try_run_case+0x170/0x3f0 [ 21.351280] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.351419] kthread+0x328/0x630 [ 21.351468] ret_from_fork+0x10/0x20 [ 21.351772] [ 21.351830] The buggy address belongs to the object at fff00000c5709400 [ 21.351830] which belongs to the cache kmalloc-128 of size 128 [ 21.351989] The buggy address is located 0 bytes inside of [ 21.351989] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.352150] [ 21.352308] The buggy address belongs to the physical page: [ 21.352358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.352439] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.352780] page_type: f5(slab) [ 21.352858] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.353154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.353293] page dumped because: kasan: bad access detected [ 21.353511] [ 21.353561] Memory state around the buggy address: [ 21.353618] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.353684] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.354065] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.354362] ^ [ 21.354437] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.354496] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.354537] ================================================================== [ 21.379586] ================================================================== [ 21.379653] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.379720] Read of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.380233] [ 21.380276] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.380505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.380703] Hardware name: linux,dummy-virt (DT) [ 21.380940] Call trace: [ 21.381426] show_stack+0x20/0x38 (C) [ 21.381543] dump_stack_lvl+0x8c/0xd0 [ 21.381595] print_report+0x118/0x608 [ 21.381643] kasan_report+0xdc/0x128 [ 21.381692] kasan_check_range+0x100/0x1a8 [ 21.381741] __kasan_check_read+0x20/0x30 [ 21.382214] copy_user_test_oob+0x4a0/0xec8 [ 21.382275] kunit_try_run_case+0x170/0x3f0 [ 21.382326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.382379] kthread+0x328/0x630 [ 21.382430] ret_from_fork+0x10/0x20 [ 21.382480] [ 21.382502] Allocated by task 285: [ 21.382531] kasan_save_stack+0x3c/0x68 [ 21.382574] kasan_save_track+0x20/0x40 [ 21.382612] kasan_save_alloc_info+0x40/0x58 [ 21.382655] __kasan_kmalloc+0xd4/0xd8 [ 21.382692] __kmalloc_noprof+0x198/0x4c8 [ 21.382733] kunit_kmalloc_array+0x34/0x88 [ 21.382770] copy_user_test_oob+0xac/0xec8 [ 21.382810] kunit_try_run_case+0x170/0x3f0 [ 21.382850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.382895] kthread+0x328/0x630 [ 21.382928] ret_from_fork+0x10/0x20 [ 21.382964] [ 21.382986] The buggy address belongs to the object at fff00000c5709400 [ 21.382986] which belongs to the cache kmalloc-128 of size 128 [ 21.383043] The buggy address is located 0 bytes inside of [ 21.383043] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.383105] [ 21.383127] The buggy address belongs to the physical page: [ 21.383160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.383220] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.383269] page_type: f5(slab) [ 21.383306] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.383359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.383401] page dumped because: kasan: bad access detected [ 21.383434] [ 21.383455] Memory state around the buggy address: [ 21.383490] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.383539] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.383583] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.383624] ^ [ 21.383668] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.383712] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.383753] ================================================================== [ 21.321094] ================================================================== [ 21.321152] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.321969] Read of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.322048] [ 21.322633] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.322928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.323009] Hardware name: linux,dummy-virt (DT) [ 21.323360] Call trace: [ 21.323426] show_stack+0x20/0x38 (C) [ 21.323579] dump_stack_lvl+0x8c/0xd0 [ 21.323940] print_report+0x118/0x608 [ 21.324048] kasan_report+0xdc/0x128 [ 21.324226] kasan_check_range+0x100/0x1a8 [ 21.324414] __kasan_check_read+0x20/0x30 [ 21.324602] copy_user_test_oob+0x728/0xec8 [ 21.324991] kunit_try_run_case+0x170/0x3f0 [ 21.325084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.325332] kthread+0x328/0x630 [ 21.325498] ret_from_fork+0x10/0x20 [ 21.325554] [ 21.325971] Allocated by task 285: [ 21.326162] kasan_save_stack+0x3c/0x68 [ 21.326363] kasan_save_track+0x20/0x40 [ 21.326794] kasan_save_alloc_info+0x40/0x58 [ 21.326940] __kasan_kmalloc+0xd4/0xd8 [ 21.327231] __kmalloc_noprof+0x198/0x4c8 [ 21.327409] kunit_kmalloc_array+0x34/0x88 [ 21.327725] copy_user_test_oob+0xac/0xec8 [ 21.328183] kunit_try_run_case+0x170/0x3f0 [ 21.328502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.328581] kthread+0x328/0x630 [ 21.329388] ret_from_fork+0x10/0x20 [ 21.329953] [ 21.330059] The buggy address belongs to the object at fff00000c5709400 [ 21.330059] which belongs to the cache kmalloc-128 of size 128 [ 21.330310] The buggy address is located 0 bytes inside of [ 21.330310] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.330506] [ 21.330612] The buggy address belongs to the physical page: [ 21.330654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.331216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.331278] page_type: f5(slab) [ 21.331827] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.331889] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.332217] page dumped because: kasan: bad access detected [ 21.332514] [ 21.332654] Memory state around the buggy address: [ 21.332721] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.333334] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.333511] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.333745] ^ [ 21.334057] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.334227] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.334398] ================================================================== [ 21.367460] ================================================================== [ 21.367523] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.367650] Write of size 121 at addr fff00000c5709400 by task kunit_try_catch/285 [ 21.367710] [ 21.367741] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.368009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.368043] Hardware name: linux,dummy-virt (DT) [ 21.368273] Call trace: [ 21.368458] show_stack+0x20/0x38 (C) [ 21.368574] dump_stack_lvl+0x8c/0xd0 [ 21.369083] print_report+0x118/0x608 [ 21.369273] kasan_report+0xdc/0x128 [ 21.369612] kasan_check_range+0x100/0x1a8 [ 21.369699] __kasan_check_write+0x20/0x30 [ 21.369874] copy_user_test_oob+0x434/0xec8 [ 21.370058] kunit_try_run_case+0x170/0x3f0 [ 21.370115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.370345] kthread+0x328/0x630 [ 21.370508] ret_from_fork+0x10/0x20 [ 21.370956] [ 21.371153] Allocated by task 285: [ 21.371245] kasan_save_stack+0x3c/0x68 [ 21.371296] kasan_save_track+0x20/0x40 [ 21.371881] kasan_save_alloc_info+0x40/0x58 [ 21.372129] __kasan_kmalloc+0xd4/0xd8 [ 21.372217] __kmalloc_noprof+0x198/0x4c8 [ 21.372443] kunit_kmalloc_array+0x34/0x88 [ 21.372502] copy_user_test_oob+0xac/0xec8 [ 21.372543] kunit_try_run_case+0x170/0x3f0 [ 21.372905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.373113] kthread+0x328/0x630 [ 21.373234] ret_from_fork+0x10/0x20 [ 21.373384] [ 21.373411] The buggy address belongs to the object at fff00000c5709400 [ 21.373411] which belongs to the cache kmalloc-128 of size 128 [ 21.373869] The buggy address is located 0 bytes inside of [ 21.373869] allocated 120-byte region [fff00000c5709400, fff00000c5709478) [ 21.373948] [ 21.374078] The buggy address belongs to the physical page: [ 21.374114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105709 [ 21.374792] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.374862] page_type: f5(slab) [ 21.375384] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.375530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.375789] page dumped because: kasan: bad access detected [ 21.375862] [ 21.375918] Memory state around the buggy address: [ 21.375980] fff00000c5709300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.376291] fff00000c5709380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.376366] >fff00000c5709400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.376409] ^ [ 21.376453] fff00000c5709480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.376497] fff00000c5709500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.376707] ==================================================================
[ 15.682684] ================================================================== [ 15.683080] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.683361] Read of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.683746] [ 15.683867] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.683919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.683932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.683971] Call Trace: [ 15.683986] <TASK> [ 15.684002] dump_stack_lvl+0x73/0xb0 [ 15.684033] print_report+0xd1/0x650 [ 15.684056] ? __virt_addr_valid+0x1db/0x2d0 [ 15.684091] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.684149] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684174] kasan_report+0x141/0x180 [ 15.684209] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.684238] kasan_check_range+0x10c/0x1c0 [ 15.684264] __kasan_check_read+0x15/0x20 [ 15.684284] copy_user_test_oob+0x4aa/0x10f0 [ 15.684311] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.684335] ? finish_task_switch.isra.0+0x153/0x700 [ 15.684357] ? __switch_to+0x47/0xf50 [ 15.684393] ? __schedule+0x10cc/0x2b60 [ 15.684417] ? __pfx_read_tsc+0x10/0x10 [ 15.684438] ? ktime_get_ts64+0x86/0x230 [ 15.684474] kunit_try_run_case+0x1a5/0x480 [ 15.684500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.684523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.684548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.684572] ? __kthread_parkme+0x82/0x180 [ 15.684593] ? preempt_count_sub+0x50/0x80 [ 15.684617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.684641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.684666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.684690] kthread+0x337/0x6f0 [ 15.684711] ? trace_preempt_on+0x20/0xc0 [ 15.684736] ? __pfx_kthread+0x10/0x10 [ 15.684757] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.684779] ? calculate_sigpending+0x7b/0xa0 [ 15.684804] ? __pfx_kthread+0x10/0x10 [ 15.684827] ret_from_fork+0x116/0x1d0 [ 15.684846] ? __pfx_kthread+0x10/0x10 [ 15.684868] ret_from_fork_asm+0x1a/0x30 [ 15.684900] </TASK> [ 15.684913] [ 15.692379] Allocated by task 302: [ 15.692512] kasan_save_stack+0x45/0x70 [ 15.692661] kasan_save_track+0x18/0x40 [ 15.692802] kasan_save_alloc_info+0x3b/0x50 [ 15.693261] __kasan_kmalloc+0xb7/0xc0 [ 15.693457] __kmalloc_noprof+0x1c9/0x500 [ 15.693683] kunit_kmalloc_array+0x25/0x60 [ 15.693897] copy_user_test_oob+0xab/0x10f0 [ 15.694097] kunit_try_run_case+0x1a5/0x480 [ 15.694330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.694520] kthread+0x337/0x6f0 [ 15.694645] ret_from_fork+0x116/0x1d0 [ 15.694821] ret_from_fork_asm+0x1a/0x30 [ 15.694991] [ 15.695157] The buggy address belongs to the object at ffff888103a21000 [ 15.695157] which belongs to the cache kmalloc-128 of size 128 [ 15.695637] The buggy address is located 0 bytes inside of [ 15.695637] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.696189] [ 15.696287] The buggy address belongs to the physical page: [ 15.696537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.696884] flags: 0x200000000000000(node=0|zone=2) [ 15.697151] page_type: f5(slab) [ 15.697316] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.697622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.697952] page dumped because: kasan: bad access detected [ 15.698229] [ 15.698316] Memory state around the buggy address: [ 15.698537] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.698794] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.699020] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.699242] ^ [ 15.699566] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.699922] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.700443] ================================================================== [ 15.657756] ================================================================== [ 15.658125] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.658754] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.659254] [ 15.659418] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.659478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.659492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.659517] Call Trace: [ 15.659531] <TASK> [ 15.659550] dump_stack_lvl+0x73/0xb0 [ 15.659579] print_report+0xd1/0x650 [ 15.659603] ? __virt_addr_valid+0x1db/0x2d0 [ 15.659636] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.659685] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659721] kasan_report+0x141/0x180 [ 15.659745] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.659774] kasan_check_range+0x10c/0x1c0 [ 15.659810] __kasan_check_write+0x18/0x20 [ 15.659830] copy_user_test_oob+0x3fd/0x10f0 [ 15.659857] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.659881] ? finish_task_switch.isra.0+0x153/0x700 [ 15.659905] ? __switch_to+0x47/0xf50 [ 15.659931] ? __schedule+0x10cc/0x2b60 [ 15.659964] ? __pfx_read_tsc+0x10/0x10 [ 15.659986] ? ktime_get_ts64+0x86/0x230 [ 15.660012] kunit_try_run_case+0x1a5/0x480 [ 15.660039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.660107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.660131] ? __kthread_parkme+0x82/0x180 [ 15.660152] ? preempt_count_sub+0x50/0x80 [ 15.660176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.660225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.660250] kthread+0x337/0x6f0 [ 15.660271] ? trace_preempt_on+0x20/0xc0 [ 15.660295] ? __pfx_kthread+0x10/0x10 [ 15.660318] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.660340] ? calculate_sigpending+0x7b/0xa0 [ 15.660365] ? __pfx_kthread+0x10/0x10 [ 15.660388] ret_from_fork+0x116/0x1d0 [ 15.660408] ? __pfx_kthread+0x10/0x10 [ 15.660430] ret_from_fork_asm+0x1a/0x30 [ 15.660461] </TASK> [ 15.660474] [ 15.673430] Allocated by task 302: [ 15.673642] kasan_save_stack+0x45/0x70 [ 15.674024] kasan_save_track+0x18/0x40 [ 15.674275] kasan_save_alloc_info+0x3b/0x50 [ 15.674676] __kasan_kmalloc+0xb7/0xc0 [ 15.674897] __kmalloc_noprof+0x1c9/0x500 [ 15.675271] kunit_kmalloc_array+0x25/0x60 [ 15.675554] copy_user_test_oob+0xab/0x10f0 [ 15.675706] kunit_try_run_case+0x1a5/0x480 [ 15.675854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.676041] kthread+0x337/0x6f0 [ 15.676181] ret_from_fork+0x116/0x1d0 [ 15.676351] ret_from_fork_asm+0x1a/0x30 [ 15.676577] [ 15.676677] The buggy address belongs to the object at ffff888103a21000 [ 15.676677] which belongs to the cache kmalloc-128 of size 128 [ 15.677213] The buggy address is located 0 bytes inside of [ 15.677213] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.677692] [ 15.677795] The buggy address belongs to the physical page: [ 15.678023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.678429] flags: 0x200000000000000(node=0|zone=2) [ 15.678619] page_type: f5(slab) [ 15.678744] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.679158] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.679484] page dumped because: kasan: bad access detected [ 15.679659] [ 15.679732] Memory state around the buggy address: [ 15.679970] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.680403] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.680675] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.680980] ^ [ 15.681268] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.681684] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.681986] ================================================================== [ 15.701028] ================================================================== [ 15.701262] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.701836] Write of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.702251] [ 15.702357] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.702399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.702425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.702446] Call Trace: [ 15.702464] <TASK> [ 15.702482] dump_stack_lvl+0x73/0xb0 [ 15.702515] print_report+0xd1/0x650 [ 15.702539] ? __virt_addr_valid+0x1db/0x2d0 [ 15.702562] ? copy_user_test_oob+0x557/0x10f0 [ 15.702586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.702610] ? copy_user_test_oob+0x557/0x10f0 [ 15.702635] kasan_report+0x141/0x180 [ 15.702658] ? copy_user_test_oob+0x557/0x10f0 [ 15.702687] kasan_check_range+0x10c/0x1c0 [ 15.702711] __kasan_check_write+0x18/0x20 [ 15.702732] copy_user_test_oob+0x557/0x10f0 [ 15.702758] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.702783] ? finish_task_switch.isra.0+0x153/0x700 [ 15.702805] ? __switch_to+0x47/0xf50 [ 15.702831] ? __schedule+0x10cc/0x2b60 [ 15.702854] ? __pfx_read_tsc+0x10/0x10 [ 15.702875] ? ktime_get_ts64+0x86/0x230 [ 15.702899] kunit_try_run_case+0x1a5/0x480 [ 15.702926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.702960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.702984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.703008] ? __kthread_parkme+0x82/0x180 [ 15.703030] ? preempt_count_sub+0x50/0x80 [ 15.703053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.703079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.703103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.703133] kthread+0x337/0x6f0 [ 15.703154] ? trace_preempt_on+0x20/0xc0 [ 15.703179] ? __pfx_kthread+0x10/0x10 [ 15.703201] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.703223] ? calculate_sigpending+0x7b/0xa0 [ 15.703248] ? __pfx_kthread+0x10/0x10 [ 15.703271] ret_from_fork+0x116/0x1d0 [ 15.703291] ? __pfx_kthread+0x10/0x10 [ 15.703313] ret_from_fork_asm+0x1a/0x30 [ 15.703344] </TASK> [ 15.703357] [ 15.711048] Allocated by task 302: [ 15.711247] kasan_save_stack+0x45/0x70 [ 15.711434] kasan_save_track+0x18/0x40 [ 15.711574] kasan_save_alloc_info+0x3b/0x50 [ 15.711762] __kasan_kmalloc+0xb7/0xc0 [ 15.711982] __kmalloc_noprof+0x1c9/0x500 [ 15.712245] kunit_kmalloc_array+0x25/0x60 [ 15.712482] copy_user_test_oob+0xab/0x10f0 [ 15.712719] kunit_try_run_case+0x1a5/0x480 [ 15.712922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.713224] kthread+0x337/0x6f0 [ 15.713368] ret_from_fork+0x116/0x1d0 [ 15.713561] ret_from_fork_asm+0x1a/0x30 [ 15.713795] [ 15.713873] The buggy address belongs to the object at ffff888103a21000 [ 15.713873] which belongs to the cache kmalloc-128 of size 128 [ 15.714345] The buggy address is located 0 bytes inside of [ 15.714345] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.714872] [ 15.714956] The buggy address belongs to the physical page: [ 15.715341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.715688] flags: 0x200000000000000(node=0|zone=2) [ 15.715879] page_type: f5(slab) [ 15.716012] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.716460] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.716687] page dumped because: kasan: bad access detected [ 15.717018] [ 15.717168] Memory state around the buggy address: [ 15.717425] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.717731] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.717959] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.718174] ^ [ 15.718389] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.718740] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.719066] ================================================================== [ 15.719605] ================================================================== [ 15.720204] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.720491] Read of size 121 at addr ffff888103a21000 by task kunit_try_catch/302 [ 15.720828] [ 15.720916] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.720983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.720996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.721019] Call Trace: [ 15.721046] <TASK> [ 15.721062] dump_stack_lvl+0x73/0xb0 [ 15.721101] print_report+0xd1/0x650 [ 15.721125] ? __virt_addr_valid+0x1db/0x2d0 [ 15.721147] ? copy_user_test_oob+0x604/0x10f0 [ 15.721172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.721196] ? copy_user_test_oob+0x604/0x10f0 [ 15.721220] kasan_report+0x141/0x180 [ 15.721244] ? copy_user_test_oob+0x604/0x10f0 [ 15.721273] kasan_check_range+0x10c/0x1c0 [ 15.721298] __kasan_check_read+0x15/0x20 [ 15.721319] copy_user_test_oob+0x604/0x10f0 [ 15.721345] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.721369] ? finish_task_switch.isra.0+0x153/0x700 [ 15.721391] ? __switch_to+0x47/0xf50 [ 15.721417] ? __schedule+0x10cc/0x2b60 [ 15.721440] ? __pfx_read_tsc+0x10/0x10 [ 15.721462] ? ktime_get_ts64+0x86/0x230 [ 15.721487] kunit_try_run_case+0x1a5/0x480 [ 15.721512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.721536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.721560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.721584] ? __kthread_parkme+0x82/0x180 [ 15.721605] ? preempt_count_sub+0x50/0x80 [ 15.721630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.721654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.721678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.721703] kthread+0x337/0x6f0 [ 15.721724] ? trace_preempt_on+0x20/0xc0 [ 15.721748] ? __pfx_kthread+0x10/0x10 [ 15.721770] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.721791] ? calculate_sigpending+0x7b/0xa0 [ 15.721817] ? __pfx_kthread+0x10/0x10 [ 15.721840] ret_from_fork+0x116/0x1d0 [ 15.721860] ? __pfx_kthread+0x10/0x10 [ 15.721882] ret_from_fork_asm+0x1a/0x30 [ 15.721921] </TASK> [ 15.721934] [ 15.729272] Allocated by task 302: [ 15.729463] kasan_save_stack+0x45/0x70 [ 15.729670] kasan_save_track+0x18/0x40 [ 15.729881] kasan_save_alloc_info+0x3b/0x50 [ 15.730220] __kasan_kmalloc+0xb7/0xc0 [ 15.730417] __kmalloc_noprof+0x1c9/0x500 [ 15.730625] kunit_kmalloc_array+0x25/0x60 [ 15.730819] copy_user_test_oob+0xab/0x10f0 [ 15.731048] kunit_try_run_case+0x1a5/0x480 [ 15.731229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.731407] kthread+0x337/0x6f0 [ 15.731529] ret_from_fork+0x116/0x1d0 [ 15.731691] ret_from_fork_asm+0x1a/0x30 [ 15.731889] [ 15.731995] The buggy address belongs to the object at ffff888103a21000 [ 15.731995] which belongs to the cache kmalloc-128 of size 128 [ 15.732989] The buggy address is located 0 bytes inside of [ 15.732989] allocated 120-byte region [ffff888103a21000, ffff888103a21078) [ 15.733531] [ 15.733654] The buggy address belongs to the physical page: [ 15.733896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a21 [ 15.734247] flags: 0x200000000000000(node=0|zone=2) [ 15.734487] page_type: f5(slab) [ 15.734656] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.734909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.735737] page dumped because: kasan: bad access detected [ 15.736367] [ 15.736537] Memory state around the buggy address: [ 15.737015] ffff888103a20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.737760] ffff888103a20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.738236] >ffff888103a21000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.738779] ^ [ 15.739350] ffff888103a21080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.739816] ffff888103a21100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.740329] ==================================================================