Date
July 2, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.433807] ================================================================== [ 21.433901] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.434260] Write of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.434381] [ 21.434437] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.434861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.434912] Hardware name: linux,dummy-virt (DT) [ 21.434989] Call trace: [ 21.435046] show_stack+0x20/0x38 (C) [ 21.435107] dump_stack_lvl+0x8c/0xd0 [ 21.435249] print_report+0x118/0x608 [ 21.435304] kasan_report+0xdc/0x128 [ 21.435370] kasan_check_range+0x100/0x1a8 [ 21.436601] __kasan_check_write+0x20/0x30 [ 21.436679] copy_user_test_oob+0x35c/0xec8 [ 21.437262] kunit_try_run_case+0x170/0x3f0 [ 21.437352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.437410] kthread+0x328/0x630 [ 21.437456] ret_from_fork+0x10/0x20 [ 21.437508] [ 21.437529] Allocated by task 285: [ 21.437561] kasan_save_stack+0x3c/0x68 [ 21.440631] kasan_save_track+0x20/0x40 [ 21.440738] kasan_save_alloc_info+0x40/0x58 [ 21.440818] __kasan_kmalloc+0xd4/0xd8 [ 21.440859] __kmalloc_noprof+0x198/0x4c8 [ 21.440902] kunit_kmalloc_array+0x34/0x88 [ 21.440943] copy_user_test_oob+0xac/0xec8 [ 21.440983] kunit_try_run_case+0x170/0x3f0 [ 21.441022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.441068] kthread+0x328/0x630 [ 21.441103] ret_from_fork+0x10/0x20 [ 21.441249] [ 21.441286] The buggy address belongs to the object at fff00000c7041900 [ 21.441286] which belongs to the cache kmalloc-128 of size 128 [ 21.441455] The buggy address is located 0 bytes inside of [ 21.441455] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.441760] [ 21.441839] The buggy address belongs to the physical page: [ 21.441920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.441976] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.442049] page_type: f5(slab) [ 21.442105] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.442157] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.442206] page dumped because: kasan: bad access detected [ 21.442378] [ 21.442400] Memory state around the buggy address: [ 21.442436] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.442652] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.442880] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.442922] ^ [ 21.442980] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.443027] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.443202] ================================================================== [ 21.443902] ================================================================== [ 21.443958] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.444007] Read of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.444060] [ 21.444095] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.444184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.444212] Hardware name: linux,dummy-virt (DT) [ 21.444246] Call trace: [ 21.444290] show_stack+0x20/0x38 (C) [ 21.444355] dump_stack_lvl+0x8c/0xd0 [ 21.444411] print_report+0x118/0x608 [ 21.444540] kasan_report+0xdc/0x128 [ 21.444598] kasan_check_range+0x100/0x1a8 [ 21.444650] __kasan_check_read+0x20/0x30 [ 21.444723] copy_user_test_oob+0x3c8/0xec8 [ 21.444772] kunit_try_run_case+0x170/0x3f0 [ 21.444822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.444877] kthread+0x328/0x630 [ 21.444922] ret_from_fork+0x10/0x20 [ 21.445070] [ 21.445093] Allocated by task 285: [ 21.445187] kasan_save_stack+0x3c/0x68 [ 21.445230] kasan_save_track+0x20/0x40 [ 21.445271] kasan_save_alloc_info+0x40/0x58 [ 21.445314] __kasan_kmalloc+0xd4/0xd8 [ 21.445361] __kmalloc_noprof+0x198/0x4c8 [ 21.445402] kunit_kmalloc_array+0x34/0x88 [ 21.445441] copy_user_test_oob+0xac/0xec8 [ 21.445482] kunit_try_run_case+0x170/0x3f0 [ 21.445521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.445588] kthread+0x328/0x630 [ 21.445717] ret_from_fork+0x10/0x20 [ 21.445814] [ 21.445880] The buggy address belongs to the object at fff00000c7041900 [ 21.445880] which belongs to the cache kmalloc-128 of size 128 [ 21.445973] The buggy address is located 0 bytes inside of [ 21.445973] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.446121] [ 21.446152] The buggy address belongs to the physical page: [ 21.446185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.446237] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.446286] page_type: f5(slab) [ 21.446324] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.446376] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.446418] page dumped because: kasan: bad access detected [ 21.446453] [ 21.446472] Memory state around the buggy address: [ 21.446525] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.446572] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.446628] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.446671] ^ [ 21.446781] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.446872] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.446924] ================================================================== [ 21.398276] ================================================================== [ 21.398407] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.399122] Write of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.399559] [ 21.399649] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.399813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.399846] Hardware name: linux,dummy-virt (DT) [ 21.399958] Call trace: [ 21.400005] show_stack+0x20/0x38 (C) [ 21.400065] dump_stack_lvl+0x8c/0xd0 [ 21.400374] print_report+0x118/0x608 [ 21.400471] kasan_report+0xdc/0x128 [ 21.400617] kasan_check_range+0x100/0x1a8 [ 21.400755] __kasan_check_write+0x20/0x30 [ 21.400861] copy_user_test_oob+0x234/0xec8 [ 21.400949] kunit_try_run_case+0x170/0x3f0 [ 21.401292] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.401392] kthread+0x328/0x630 [ 21.401492] ret_from_fork+0x10/0x20 [ 21.401674] [ 21.401732] Allocated by task 285: [ 21.401782] kasan_save_stack+0x3c/0x68 [ 21.402123] kasan_save_track+0x20/0x40 [ 21.402212] kasan_save_alloc_info+0x40/0x58 [ 21.402329] __kasan_kmalloc+0xd4/0xd8 [ 21.402408] __kmalloc_noprof+0x198/0x4c8 [ 21.402755] kunit_kmalloc_array+0x34/0x88 [ 21.402850] copy_user_test_oob+0xac/0xec8 [ 21.402910] kunit_try_run_case+0x170/0x3f0 [ 21.402952] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.403013] kthread+0x328/0x630 [ 21.403050] ret_from_fork+0x10/0x20 [ 21.403088] [ 21.403132] The buggy address belongs to the object at fff00000c7041900 [ 21.403132] which belongs to the cache kmalloc-128 of size 128 [ 21.403215] The buggy address is located 0 bytes inside of [ 21.403215] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.403282] [ 21.403306] The buggy address belongs to the physical page: [ 21.403345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.403412] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.403468] page_type: f5(slab) [ 21.403523] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.403599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.403904] page dumped because: kasan: bad access detected [ 21.404192] [ 21.404268] Memory state around the buggy address: [ 21.404333] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.404615] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.404821] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.404918] ^ [ 21.405000] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.405345] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.405517] ================================================================== [ 21.416155] ================================================================== [ 21.417121] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.417217] Read of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.417571] [ 21.417626] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.417999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.418117] Hardware name: linux,dummy-virt (DT) [ 21.418172] Call trace: [ 21.418207] show_stack+0x20/0x38 (C) [ 21.418303] dump_stack_lvl+0x8c/0xd0 [ 21.418358] print_report+0x118/0x608 [ 21.418419] kasan_report+0xdc/0x128 [ 21.418483] kasan_check_range+0x100/0x1a8 [ 21.418550] __kasan_check_read+0x20/0x30 [ 21.418610] copy_user_test_oob+0x728/0xec8 [ 21.418660] kunit_try_run_case+0x170/0x3f0 [ 21.418711] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.418767] kthread+0x328/0x630 [ 21.418813] ret_from_fork+0x10/0x20 [ 21.418881] [ 21.418911] Allocated by task 285: [ 21.418973] kasan_save_stack+0x3c/0x68 [ 21.419025] kasan_save_track+0x20/0x40 [ 21.419081] kasan_save_alloc_info+0x40/0x58 [ 21.419122] __kasan_kmalloc+0xd4/0xd8 [ 21.419164] __kmalloc_noprof+0x198/0x4c8 [ 21.419214] kunit_kmalloc_array+0x34/0x88 [ 21.419269] copy_user_test_oob+0xac/0xec8 [ 21.419308] kunit_try_run_case+0x170/0x3f0 [ 21.419356] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.419402] kthread+0x328/0x630 [ 21.419436] ret_from_fork+0x10/0x20 [ 21.419491] [ 21.419513] The buggy address belongs to the object at fff00000c7041900 [ 21.419513] which belongs to the cache kmalloc-128 of size 128 [ 21.419584] The buggy address is located 0 bytes inside of [ 21.419584] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.419896] [ 21.420189] The buggy address belongs to the physical page: [ 21.420350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.420851] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.421057] page_type: f5(slab) [ 21.421455] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.422227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.422424] page dumped because: kasan: bad access detected [ 21.422543] [ 21.422893] Memory state around the buggy address: [ 21.423097] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.423180] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.423293] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.423369] ^ [ 21.423443] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.423734] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.423919] ================================================================== [ 21.452209] ================================================================== [ 21.452265] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.452313] Read of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.452366] [ 21.452398] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.452480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.452509] Hardware name: linux,dummy-virt (DT) [ 21.452541] Call trace: [ 21.452564] show_stack+0x20/0x38 (C) [ 21.452778] dump_stack_lvl+0x8c/0xd0 [ 21.452881] print_report+0x118/0x608 [ 21.452965] kasan_report+0xdc/0x128 [ 21.453012] kasan_check_range+0x100/0x1a8 [ 21.453063] __kasan_check_read+0x20/0x30 [ 21.453109] copy_user_test_oob+0x4a0/0xec8 [ 21.453159] kunit_try_run_case+0x170/0x3f0 [ 21.453217] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.453307] kthread+0x328/0x630 [ 21.453374] ret_from_fork+0x10/0x20 [ 21.453426] [ 21.453446] Allocated by task 285: [ 21.453477] kasan_save_stack+0x3c/0x68 [ 21.453519] kasan_save_track+0x20/0x40 [ 21.453559] kasan_save_alloc_info+0x40/0x58 [ 21.453611] __kasan_kmalloc+0xd4/0xd8 [ 21.453651] __kmalloc_noprof+0x198/0x4c8 [ 21.453690] kunit_kmalloc_array+0x34/0x88 [ 21.453742] copy_user_test_oob+0xac/0xec8 [ 21.453788] kunit_try_run_case+0x170/0x3f0 [ 21.453858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.453906] kthread+0x328/0x630 [ 21.453941] ret_from_fork+0x10/0x20 [ 21.454275] [ 21.454348] The buggy address belongs to the object at fff00000c7041900 [ 21.454348] which belongs to the cache kmalloc-128 of size 128 [ 21.454427] The buggy address is located 0 bytes inside of [ 21.454427] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.454491] [ 21.454539] The buggy address belongs to the physical page: [ 21.454596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.454841] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.454892] page_type: f5(slab) [ 21.454930] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.455041] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.455237] page dumped because: kasan: bad access detected [ 21.455392] [ 21.455432] Memory state around the buggy address: [ 21.455537] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.456079] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.456127] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.456211] ^ [ 21.456298] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.456388] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.456728] ================================================================== [ 21.447434] ================================================================== [ 21.447613] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.447663] Write of size 121 at addr fff00000c7041900 by task kunit_try_catch/285 [ 21.447804] [ 21.447836] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.447924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.447951] Hardware name: linux,dummy-virt (DT) [ 21.447985] Call trace: [ 21.448009] show_stack+0x20/0x38 (C) [ 21.448058] dump_stack_lvl+0x8c/0xd0 [ 21.448109] print_report+0x118/0x608 [ 21.448166] kasan_report+0xdc/0x128 [ 21.448387] kasan_check_range+0x100/0x1a8 [ 21.448635] __kasan_check_write+0x20/0x30 [ 21.448767] copy_user_test_oob+0x434/0xec8 [ 21.448817] kunit_try_run_case+0x170/0x3f0 [ 21.448868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.448922] kthread+0x328/0x630 [ 21.448966] ret_from_fork+0x10/0x20 [ 21.449015] [ 21.449035] Allocated by task 285: [ 21.449066] kasan_save_stack+0x3c/0x68 [ 21.449109] kasan_save_track+0x20/0x40 [ 21.449149] kasan_save_alloc_info+0x40/0x58 [ 21.449192] __kasan_kmalloc+0xd4/0xd8 [ 21.449230] __kmalloc_noprof+0x198/0x4c8 [ 21.449325] kunit_kmalloc_array+0x34/0x88 [ 21.449464] copy_user_test_oob+0xac/0xec8 [ 21.449505] kunit_try_run_case+0x170/0x3f0 [ 21.449565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.449649] kthread+0x328/0x630 [ 21.449685] ret_from_fork+0x10/0x20 [ 21.449746] [ 21.449769] The buggy address belongs to the object at fff00000c7041900 [ 21.449769] which belongs to the cache kmalloc-128 of size 128 [ 21.449829] The buggy address is located 0 bytes inside of [ 21.449829] allocated 120-byte region [fff00000c7041900, fff00000c7041978) [ 21.449893] [ 21.449915] The buggy address belongs to the physical page: [ 21.449948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107041 [ 21.450001] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.450050] page_type: f5(slab) [ 21.450088] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.450140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.450247] page dumped because: kasan: bad access detected [ 21.450310] [ 21.450330] Memory state around the buggy address: [ 21.450462] fff00000c7041800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.450815] fff00000c7041880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.450902] >fff00000c7041900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.450945] ^ [ 21.450990] fff00000c7041980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.451037] fff00000c7041a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.451079] ==================================================================
[ 15.468450] ================================================================== [ 15.468749] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.469366] Write of size 121 at addr ffff888102c8ba00 by task kunit_try_catch/304 [ 15.469709] [ 15.470332] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.470390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.470403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.470425] Call Trace: [ 15.470441] <TASK> [ 15.470457] dump_stack_lvl+0x73/0xb0 [ 15.470486] print_report+0xd1/0x650 [ 15.470509] ? __virt_addr_valid+0x1db/0x2d0 [ 15.470533] ? copy_user_test_oob+0x557/0x10f0 [ 15.470557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.470580] ? copy_user_test_oob+0x557/0x10f0 [ 15.470604] kasan_report+0x141/0x180 [ 15.470627] ? copy_user_test_oob+0x557/0x10f0 [ 15.470772] kasan_check_range+0x10c/0x1c0 [ 15.470799] __kasan_check_write+0x18/0x20 [ 15.470820] copy_user_test_oob+0x557/0x10f0 [ 15.470846] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.470879] ? finish_task_switch.isra.0+0x153/0x700 [ 15.470905] ? __switch_to+0x47/0xf50 [ 15.470942] ? __schedule+0x10cc/0x2b60 [ 15.470966] ? __pfx_read_tsc+0x10/0x10 [ 15.470987] ? ktime_get_ts64+0x86/0x230 [ 15.471011] kunit_try_run_case+0x1a5/0x480 [ 15.471036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.471061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.471085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.471109] ? __kthread_parkme+0x82/0x180 [ 15.471131] ? preempt_count_sub+0x50/0x80 [ 15.471155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.471179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.471203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.471236] kthread+0x337/0x6f0 [ 15.471257] ? trace_preempt_on+0x20/0xc0 [ 15.471281] ? __pfx_kthread+0x10/0x10 [ 15.471313] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.471335] ? calculate_sigpending+0x7b/0xa0 [ 15.471368] ? __pfx_kthread+0x10/0x10 [ 15.471391] ret_from_fork+0x116/0x1d0 [ 15.471418] ? __pfx_kthread+0x10/0x10 [ 15.471439] ret_from_fork_asm+0x1a/0x30 [ 15.471470] </TASK> [ 15.471493] [ 15.479163] Allocated by task 304: [ 15.479378] kasan_save_stack+0x45/0x70 [ 15.479573] kasan_save_track+0x18/0x40 [ 15.479819] kasan_save_alloc_info+0x3b/0x50 [ 15.479993] __kasan_kmalloc+0xb7/0xc0 [ 15.480173] __kmalloc_noprof+0x1c9/0x500 [ 15.480315] kunit_kmalloc_array+0x25/0x60 [ 15.480472] copy_user_test_oob+0xab/0x10f0 [ 15.480667] kunit_try_run_case+0x1a5/0x480 [ 15.480879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.481131] kthread+0x337/0x6f0 [ 15.481297] ret_from_fork+0x116/0x1d0 [ 15.481551] ret_from_fork_asm+0x1a/0x30 [ 15.481692] [ 15.481828] The buggy address belongs to the object at ffff888102c8ba00 [ 15.481828] which belongs to the cache kmalloc-128 of size 128 [ 15.482364] The buggy address is located 0 bytes inside of [ 15.482364] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.482966] [ 15.483058] The buggy address belongs to the physical page: [ 15.483304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.483644] flags: 0x200000000000000(node=0|zone=2) [ 15.483940] page_type: f5(slab) [ 15.484111] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.484372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.484603] page dumped because: kasan: bad access detected [ 15.484776] [ 15.484847] Memory state around the buggy address: [ 15.485015] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.485430] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.485746] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.486043] ^ [ 15.486253] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.486822] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.487124] ================================================================== [ 15.450067] ================================================================== [ 15.450437] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.450762] Read of size 121 at addr ffff888102c8ba00 by task kunit_try_catch/304 [ 15.451042] [ 15.451126] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.451182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.451194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.451216] Call Trace: [ 15.451230] <TASK> [ 15.451247] dump_stack_lvl+0x73/0xb0 [ 15.451272] print_report+0xd1/0x650 [ 15.451296] ? __virt_addr_valid+0x1db/0x2d0 [ 15.451330] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.451372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.451395] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.451419] kasan_report+0x141/0x180 [ 15.451442] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.451471] kasan_check_range+0x10c/0x1c0 [ 15.451505] __kasan_check_read+0x15/0x20 [ 15.451524] copy_user_test_oob+0x4aa/0x10f0 [ 15.451550] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.451584] ? finish_task_switch.isra.0+0x153/0x700 [ 15.451607] ? __switch_to+0x47/0xf50 [ 15.451633] ? __schedule+0x10cc/0x2b60 [ 15.451659] ? __pfx_read_tsc+0x10/0x10 [ 15.451691] ? ktime_get_ts64+0x86/0x230 [ 15.451715] kunit_try_run_case+0x1a5/0x480 [ 15.451753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.451784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.451808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.451832] ? __kthread_parkme+0x82/0x180 [ 15.451854] ? preempt_count_sub+0x50/0x80 [ 15.451878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.451913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.451936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.451970] kthread+0x337/0x6f0 [ 15.451990] ? trace_preempt_on+0x20/0xc0 [ 15.452015] ? __pfx_kthread+0x10/0x10 [ 15.452036] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.452066] ? calculate_sigpending+0x7b/0xa0 [ 15.452091] ? __pfx_kthread+0x10/0x10 [ 15.452114] ret_from_fork+0x116/0x1d0 [ 15.452144] ? __pfx_kthread+0x10/0x10 [ 15.452165] ret_from_fork_asm+0x1a/0x30 [ 15.452195] </TASK> [ 15.452216] [ 15.460092] Allocated by task 304: [ 15.460255] kasan_save_stack+0x45/0x70 [ 15.460408] kasan_save_track+0x18/0x40 [ 15.460547] kasan_save_alloc_info+0x3b/0x50 [ 15.460697] __kasan_kmalloc+0xb7/0xc0 [ 15.460831] __kmalloc_noprof+0x1c9/0x500 [ 15.460985] kunit_kmalloc_array+0x25/0x60 [ 15.461230] copy_user_test_oob+0xab/0x10f0 [ 15.461478] kunit_try_run_case+0x1a5/0x480 [ 15.461722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.461993] kthread+0x337/0x6f0 [ 15.462227] ret_from_fork+0x116/0x1d0 [ 15.462376] ret_from_fork_asm+0x1a/0x30 [ 15.462573] [ 15.462671] The buggy address belongs to the object at ffff888102c8ba00 [ 15.462671] which belongs to the cache kmalloc-128 of size 128 [ 15.463127] The buggy address is located 0 bytes inside of [ 15.463127] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.463659] [ 15.463806] The buggy address belongs to the physical page: [ 15.464035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.464388] flags: 0x200000000000000(node=0|zone=2) [ 15.464587] page_type: f5(slab) [ 15.464781] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.465096] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.465441] page dumped because: kasan: bad access detected [ 15.465683] [ 15.465818] Memory state around the buggy address: [ 15.466036] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.466307] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.466532] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.466934] ^ [ 15.467271] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.467577] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.467949] ================================================================== [ 15.431712] ================================================================== [ 15.432042] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.432376] Write of size 121 at addr ffff888102c8ba00 by task kunit_try_catch/304 [ 15.432778] [ 15.432914] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.432960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.432994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.433016] Call Trace: [ 15.433031] <TASK> [ 15.433059] dump_stack_lvl+0x73/0xb0 [ 15.433089] print_report+0xd1/0x650 [ 15.433113] ? __virt_addr_valid+0x1db/0x2d0 [ 15.433138] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.433171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.433194] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.433219] kasan_report+0x141/0x180 [ 15.433257] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.433287] kasan_check_range+0x10c/0x1c0 [ 15.433312] __kasan_check_write+0x18/0x20 [ 15.433350] copy_user_test_oob+0x3fd/0x10f0 [ 15.433378] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.433412] ? finish_task_switch.isra.0+0x153/0x700 [ 15.433435] ? __switch_to+0x47/0xf50 [ 15.433464] ? __schedule+0x10cc/0x2b60 [ 15.433489] ? __pfx_read_tsc+0x10/0x10 [ 15.433520] ? ktime_get_ts64+0x86/0x230 [ 15.433545] kunit_try_run_case+0x1a5/0x480 [ 15.433571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.433605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.433629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.433653] ? __kthread_parkme+0x82/0x180 [ 15.433675] ? preempt_count_sub+0x50/0x80 [ 15.433700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.433724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.433748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.433772] kthread+0x337/0x6f0 [ 15.433793] ? trace_preempt_on+0x20/0xc0 [ 15.433818] ? __pfx_kthread+0x10/0x10 [ 15.433839] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.433862] ? calculate_sigpending+0x7b/0xa0 [ 15.433886] ? __pfx_kthread+0x10/0x10 [ 15.433909] ret_from_fork+0x116/0x1d0 [ 15.433929] ? __pfx_kthread+0x10/0x10 [ 15.433950] ret_from_fork_asm+0x1a/0x30 [ 15.433982] </TASK> [ 15.433993] [ 15.441314] Allocated by task 304: [ 15.441540] kasan_save_stack+0x45/0x70 [ 15.441706] kasan_save_track+0x18/0x40 [ 15.441911] kasan_save_alloc_info+0x3b/0x50 [ 15.442071] __kasan_kmalloc+0xb7/0xc0 [ 15.442237] __kmalloc_noprof+0x1c9/0x500 [ 15.442474] kunit_kmalloc_array+0x25/0x60 [ 15.442673] copy_user_test_oob+0xab/0x10f0 [ 15.442920] kunit_try_run_case+0x1a5/0x480 [ 15.443141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.443396] kthread+0x337/0x6f0 [ 15.443583] ret_from_fork+0x116/0x1d0 [ 15.443762] ret_from_fork_asm+0x1a/0x30 [ 15.443968] [ 15.444077] The buggy address belongs to the object at ffff888102c8ba00 [ 15.444077] which belongs to the cache kmalloc-128 of size 128 [ 15.444614] The buggy address is located 0 bytes inside of [ 15.444614] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.445153] [ 15.445245] The buggy address belongs to the physical page: [ 15.445451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.445763] flags: 0x200000000000000(node=0|zone=2) [ 15.445930] page_type: f5(slab) [ 15.446055] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.446286] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.446631] page dumped because: kasan: bad access detected [ 15.447134] [ 15.447245] Memory state around the buggy address: [ 15.447477] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.447755] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.447973] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.448187] ^ [ 15.448649] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.449296] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.449653] ================================================================== [ 15.487519] ================================================================== [ 15.488241] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.488536] Read of size 121 at addr ffff888102c8ba00 by task kunit_try_catch/304 [ 15.488949] [ 15.489037] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.489079] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.489092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.489115] Call Trace: [ 15.489130] <TASK> [ 15.489148] dump_stack_lvl+0x73/0xb0 [ 15.489174] print_report+0xd1/0x650 [ 15.489197] ? __virt_addr_valid+0x1db/0x2d0 [ 15.489220] ? copy_user_test_oob+0x604/0x10f0 [ 15.489244] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.489266] ? copy_user_test_oob+0x604/0x10f0 [ 15.489291] kasan_report+0x141/0x180 [ 15.489314] ? copy_user_test_oob+0x604/0x10f0 [ 15.489354] kasan_check_range+0x10c/0x1c0 [ 15.489389] __kasan_check_read+0x15/0x20 [ 15.489410] copy_user_test_oob+0x604/0x10f0 [ 15.489436] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.489470] ? finish_task_switch.isra.0+0x153/0x700 [ 15.489494] ? __switch_to+0x47/0xf50 [ 15.489519] ? __schedule+0x10cc/0x2b60 [ 15.489542] ? __pfx_read_tsc+0x10/0x10 [ 15.489572] ? ktime_get_ts64+0x86/0x230 [ 15.489596] kunit_try_run_case+0x1a5/0x480 [ 15.489632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.489655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.489679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.489703] ? __kthread_parkme+0x82/0x180 [ 15.489734] ? preempt_count_sub+0x50/0x80 [ 15.489764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.489799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.489823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.489847] kthread+0x337/0x6f0 [ 15.489867] ? trace_preempt_on+0x20/0xc0 [ 15.489892] ? __pfx_kthread+0x10/0x10 [ 15.489923] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.489945] ? calculate_sigpending+0x7b/0xa0 [ 15.489969] ? __pfx_kthread+0x10/0x10 [ 15.490002] ret_from_fork+0x116/0x1d0 [ 15.490021] ? __pfx_kthread+0x10/0x10 [ 15.490042] ret_from_fork_asm+0x1a/0x30 [ 15.490082] </TASK> [ 15.490094] [ 15.497334] Allocated by task 304: [ 15.497527] kasan_save_stack+0x45/0x70 [ 15.497728] kasan_save_track+0x18/0x40 [ 15.497924] kasan_save_alloc_info+0x3b/0x50 [ 15.498234] __kasan_kmalloc+0xb7/0xc0 [ 15.498476] __kmalloc_noprof+0x1c9/0x500 [ 15.498617] kunit_kmalloc_array+0x25/0x60 [ 15.498760] copy_user_test_oob+0xab/0x10f0 [ 15.498906] kunit_try_run_case+0x1a5/0x480 [ 15.499072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.499329] kthread+0x337/0x6f0 [ 15.499530] ret_from_fork+0x116/0x1d0 [ 15.499727] ret_from_fork_asm+0x1a/0x30 [ 15.500082] [ 15.500180] The buggy address belongs to the object at ffff888102c8ba00 [ 15.500180] which belongs to the cache kmalloc-128 of size 128 [ 15.500827] The buggy address is located 0 bytes inside of [ 15.500827] allocated 120-byte region [ffff888102c8ba00, ffff888102c8ba78) [ 15.501284] [ 15.501370] The buggy address belongs to the physical page: [ 15.501559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8b [ 15.502155] flags: 0x200000000000000(node=0|zone=2) [ 15.502361] page_type: f5(slab) [ 15.502550] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.502946] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.503266] page dumped because: kasan: bad access detected [ 15.503509] [ 15.503625] Memory state around the buggy address: [ 15.503866] ffff888102c8b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.504165] ffff888102c8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.504468] >ffff888102c8ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.504860] ^ [ 15.505145] ffff888102c8ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.505483] ffff888102c8bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.505701] ==================================================================