Date
July 10, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.090634] ================================================================== [ 19.090727] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.090781] Read of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.090849] [ 19.090881] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.090964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.090993] Hardware name: linux,dummy-virt (DT) [ 19.091024] Call trace: [ 19.091048] show_stack+0x20/0x38 (C) [ 19.091108] dump_stack_lvl+0x8c/0xd0 [ 19.091160] print_report+0x118/0x608 [ 19.091207] kasan_report+0xdc/0x128 [ 19.091258] kasan_check_range+0x100/0x1a8 [ 19.091308] __kasan_check_read+0x20/0x30 [ 19.091355] copy_user_test_oob+0x3c8/0xec8 [ 19.091405] kunit_try_run_case+0x170/0x3f0 [ 19.091456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.091513] kthread+0x328/0x630 [ 19.091556] ret_from_fork+0x10/0x20 [ 19.091611] [ 19.091634] Allocated by task 285: [ 19.091662] kasan_save_stack+0x3c/0x68 [ 19.091717] kasan_save_track+0x20/0x40 [ 19.091766] kasan_save_alloc_info+0x40/0x58 [ 19.091819] __kasan_kmalloc+0xd4/0xd8 [ 19.091857] __kmalloc_noprof+0x198/0x4c8 [ 19.091898] kunit_kmalloc_array+0x34/0x88 [ 19.091937] copy_user_test_oob+0xac/0xec8 [ 19.091977] kunit_try_run_case+0x170/0x3f0 [ 19.092027] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.092092] kthread+0x328/0x630 [ 19.092127] ret_from_fork+0x10/0x20 [ 19.092164] [ 19.092186] The buggy address belongs to the object at fff00000c6454900 [ 19.092186] which belongs to the cache kmalloc-128 of size 128 [ 19.092243] The buggy address is located 0 bytes inside of [ 19.092243] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.092306] [ 19.092327] The buggy address belongs to the physical page: [ 19.092360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.092412] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.092459] page_type: f5(slab) [ 19.092500] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.092552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.092594] page dumped because: kasan: bad access detected [ 19.092628] [ 19.092647] Memory state around the buggy address: [ 19.092680] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.092726] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.092770] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.092809] ^ [ 19.092851] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.092896] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.092937] ================================================================== [ 19.093044] ================================================================== [ 19.093098] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.093143] Write of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.093194] [ 19.093224] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.093304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.093333] Hardware name: linux,dummy-virt (DT) [ 19.093363] Call trace: [ 19.093386] show_stack+0x20/0x38 (C) [ 19.093435] dump_stack_lvl+0x8c/0xd0 [ 19.093485] print_report+0x118/0x608 [ 19.093534] kasan_report+0xdc/0x128 [ 19.093581] kasan_check_range+0x100/0x1a8 [ 19.093632] __kasan_check_write+0x20/0x30 [ 19.093681] copy_user_test_oob+0x434/0xec8 [ 19.093737] kunit_try_run_case+0x170/0x3f0 [ 19.093786] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.093849] kthread+0x328/0x630 [ 19.093892] ret_from_fork+0x10/0x20 [ 19.094337] [ 19.094377] Allocated by task 285: [ 19.094407] kasan_save_stack+0x3c/0x68 [ 19.094452] kasan_save_track+0x20/0x40 [ 19.094493] kasan_save_alloc_info+0x40/0x58 [ 19.094537] __kasan_kmalloc+0xd4/0xd8 [ 19.094578] __kmalloc_noprof+0x198/0x4c8 [ 19.094644] kunit_kmalloc_array+0x34/0x88 [ 19.094737] copy_user_test_oob+0xac/0xec8 [ 19.094789] kunit_try_run_case+0x170/0x3f0 [ 19.094831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.094878] kthread+0x328/0x630 [ 19.094914] ret_from_fork+0x10/0x20 [ 19.094954] [ 19.094975] The buggy address belongs to the object at fff00000c6454900 [ 19.094975] which belongs to the cache kmalloc-128 of size 128 [ 19.095034] The buggy address is located 0 bytes inside of [ 19.095034] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.095109] [ 19.095130] The buggy address belongs to the physical page: [ 19.095162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.095216] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.095262] page_type: f5(slab) [ 19.095299] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.095351] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.095394] page dumped because: kasan: bad access detected [ 19.095427] [ 19.095450] Memory state around the buggy address: [ 19.095482] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.095528] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.095571] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.095612] ^ [ 19.095655] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.095699] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.095739] ================================================================== [ 19.076093] ================================================================== [ 19.076153] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.076208] Read of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.076262] [ 19.076295] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.076380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.076700] Hardware name: linux,dummy-virt (DT) [ 19.076744] Call trace: [ 19.076789] show_stack+0x20/0x38 (C) [ 19.076864] dump_stack_lvl+0x8c/0xd0 [ 19.076943] print_report+0x118/0x608 [ 19.076996] kasan_report+0xdc/0x128 [ 19.077064] kasan_check_range+0x100/0x1a8 [ 19.077140] __kasan_check_read+0x20/0x30 [ 19.077189] copy_user_test_oob+0x728/0xec8 [ 19.077237] kunit_try_run_case+0x170/0x3f0 [ 19.077287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.077344] kthread+0x328/0x630 [ 19.077558] ret_from_fork+0x10/0x20 [ 19.077623] [ 19.077663] Allocated by task 285: [ 19.077737] kasan_save_stack+0x3c/0x68 [ 19.077832] kasan_save_track+0x20/0x40 [ 19.077956] kasan_save_alloc_info+0x40/0x58 [ 19.078042] __kasan_kmalloc+0xd4/0xd8 [ 19.078172] __kmalloc_noprof+0x198/0x4c8 [ 19.078261] kunit_kmalloc_array+0x34/0x88 [ 19.078357] copy_user_test_oob+0xac/0xec8 [ 19.078443] kunit_try_run_case+0x170/0x3f0 [ 19.078483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.078530] kthread+0x328/0x630 [ 19.078688] ret_from_fork+0x10/0x20 [ 19.078737] [ 19.078762] The buggy address belongs to the object at fff00000c6454900 [ 19.078762] which belongs to the cache kmalloc-128 of size 128 [ 19.078862] The buggy address is located 0 bytes inside of [ 19.078862] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.078948] [ 19.079056] The buggy address belongs to the physical page: [ 19.079134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.079224] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.079324] page_type: f5(slab) [ 19.079413] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.079556] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.079653] page dumped because: kasan: bad access detected [ 19.079717] [ 19.079807] Memory state around the buggy address: [ 19.079863] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.079910] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.079996] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.080263] ^ [ 19.080373] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.080469] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.080592] ================================================================== [ 19.086997] ================================================================== [ 19.087062] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.087133] Write of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.087187] [ 19.087221] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.087325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.087354] Hardware name: linux,dummy-virt (DT) [ 19.087385] Call trace: [ 19.087435] show_stack+0x20/0x38 (C) [ 19.087486] dump_stack_lvl+0x8c/0xd0 [ 19.087535] print_report+0x118/0x608 [ 19.087594] kasan_report+0xdc/0x128 [ 19.087649] kasan_check_range+0x100/0x1a8 [ 19.087701] __kasan_check_write+0x20/0x30 [ 19.087747] copy_user_test_oob+0x35c/0xec8 [ 19.087797] kunit_try_run_case+0x170/0x3f0 [ 19.087846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.087909] kthread+0x328/0x630 [ 19.087962] ret_from_fork+0x10/0x20 [ 19.088014] [ 19.088034] Allocated by task 285: [ 19.088069] kasan_save_stack+0x3c/0x68 [ 19.088124] kasan_save_track+0x20/0x40 [ 19.088170] kasan_save_alloc_info+0x40/0x58 [ 19.088215] __kasan_kmalloc+0xd4/0xd8 [ 19.088255] __kmalloc_noprof+0x198/0x4c8 [ 19.088294] kunit_kmalloc_array+0x34/0x88 [ 19.088334] copy_user_test_oob+0xac/0xec8 [ 19.088373] kunit_try_run_case+0x170/0x3f0 [ 19.088413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.088458] kthread+0x328/0x630 [ 19.088500] ret_from_fork+0x10/0x20 [ 19.088540] [ 19.088560] The buggy address belongs to the object at fff00000c6454900 [ 19.088560] which belongs to the cache kmalloc-128 of size 128 [ 19.088620] The buggy address is located 0 bytes inside of [ 19.088620] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.088686] [ 19.088708] The buggy address belongs to the physical page: [ 19.089150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.089249] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.089304] page_type: f5(slab) [ 19.089365] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.089433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.089478] page dumped because: kasan: bad access detected [ 19.089539] [ 19.089569] Memory state around the buggy address: [ 19.089604] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.089649] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.089694] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.089734] ^ [ 19.089992] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.090105] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.090177] ================================================================== [ 19.096201] ================================================================== [ 19.096276] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.096329] Read of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.096404] [ 19.096436] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.096518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.096545] Hardware name: linux,dummy-virt (DT) [ 19.096575] Call trace: [ 19.096599] show_stack+0x20/0x38 (C) [ 19.096649] dump_stack_lvl+0x8c/0xd0 [ 19.096849] print_report+0x118/0x608 [ 19.096900] kasan_report+0xdc/0x128 [ 19.096948] kasan_check_range+0x100/0x1a8 [ 19.097019] __kasan_check_read+0x20/0x30 [ 19.097096] copy_user_test_oob+0x4a0/0xec8 [ 19.097179] kunit_try_run_case+0x170/0x3f0 [ 19.097245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.097320] kthread+0x328/0x630 [ 19.097366] ret_from_fork+0x10/0x20 [ 19.097432] [ 19.097471] Allocated by task 285: [ 19.097728] kasan_save_stack+0x3c/0x68 [ 19.097784] kasan_save_track+0x20/0x40 [ 19.097866] kasan_save_alloc_info+0x40/0x58 [ 19.097932] __kasan_kmalloc+0xd4/0xd8 [ 19.097998] __kmalloc_noprof+0x198/0x4c8 [ 19.098115] kunit_kmalloc_array+0x34/0x88 [ 19.098197] copy_user_test_oob+0xac/0xec8 [ 19.098271] kunit_try_run_case+0x170/0x3f0 [ 19.098339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.098424] kthread+0x328/0x630 [ 19.098461] ret_from_fork+0x10/0x20 [ 19.098498] [ 19.098520] The buggy address belongs to the object at fff00000c6454900 [ 19.098520] which belongs to the cache kmalloc-128 of size 128 [ 19.098580] The buggy address is located 0 bytes inside of [ 19.098580] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.098642] [ 19.098665] The buggy address belongs to the physical page: [ 19.098696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.098884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.098983] page_type: f5(slab) [ 19.099061] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.099167] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.099458] page dumped because: kasan: bad access detected [ 19.099518] [ 19.099538] Memory state around the buggy address: [ 19.099575] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.099851] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.099939] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.100033] ^ [ 19.100113] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.100354] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.100458] ================================================================== [ 19.067332] ================================================================== [ 19.067678] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.067799] Write of size 121 at addr fff00000c6454900 by task kunit_try_catch/285 [ 19.067882] [ 19.067935] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.068074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.068140] Hardware name: linux,dummy-virt (DT) [ 19.068197] Call trace: [ 19.068233] show_stack+0x20/0x38 (C) [ 19.068302] dump_stack_lvl+0x8c/0xd0 [ 19.068378] print_report+0x118/0x608 [ 19.068442] kasan_report+0xdc/0x128 [ 19.068490] kasan_check_range+0x100/0x1a8 [ 19.068721] __kasan_check_write+0x20/0x30 [ 19.068785] copy_user_test_oob+0x234/0xec8 [ 19.068835] kunit_try_run_case+0x170/0x3f0 [ 19.069105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.069179] kthread+0x328/0x630 [ 19.069295] ret_from_fork+0x10/0x20 [ 19.069371] [ 19.069410] Allocated by task 285: [ 19.069444] kasan_save_stack+0x3c/0x68 [ 19.069505] kasan_save_track+0x20/0x40 [ 19.069548] kasan_save_alloc_info+0x40/0x58 [ 19.069589] __kasan_kmalloc+0xd4/0xd8 [ 19.069630] __kmalloc_noprof+0x198/0x4c8 [ 19.069673] kunit_kmalloc_array+0x34/0x88 [ 19.069712] copy_user_test_oob+0xac/0xec8 [ 19.069769] kunit_try_run_case+0x170/0x3f0 [ 19.069810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.069861] kthread+0x328/0x630 [ 19.069895] ret_from_fork+0x10/0x20 [ 19.069943] [ 19.069973] The buggy address belongs to the object at fff00000c6454900 [ 19.069973] which belongs to the cache kmalloc-128 of size 128 [ 19.070035] The buggy address is located 0 bytes inside of [ 19.070035] allocated 120-byte region [fff00000c6454900, fff00000c6454978) [ 19.070107] [ 19.070132] The buggy address belongs to the physical page: [ 19.070166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106454 [ 19.070399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.070469] page_type: f5(slab) [ 19.070516] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.070567] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.070611] page dumped because: kasan: bad access detected [ 19.070646] [ 19.070666] Memory state around the buggy address: [ 19.070704] fff00000c6454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.070750] fff00000c6454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.070955] >fff00000c6454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.071029] ^ [ 19.071121] fff00000c6454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.071211] fff00000c6454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.071321] ==================================================================
[ 16.679369] ================================================================== [ 16.679744] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.680134] Read of size 121 at addr ffff888103a2f000 by task kunit_try_catch/303 [ 16.680527] [ 16.680645] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.680688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.680713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.680734] Call Trace: [ 16.680747] <TASK> [ 16.680791] dump_stack_lvl+0x73/0xb0 [ 16.680822] print_report+0xd1/0x650 [ 16.680845] ? __virt_addr_valid+0x1db/0x2d0 [ 16.680879] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.680904] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.680929] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.680954] kasan_report+0x141/0x180 [ 16.680977] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.681006] kasan_check_range+0x10c/0x1c0 [ 16.681031] __kasan_check_read+0x15/0x20 [ 16.681051] copy_user_test_oob+0x4aa/0x10f0 [ 16.681078] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.681102] ? finish_task_switch.isra.0+0x153/0x700 [ 16.681125] ? __switch_to+0x47/0xf50 [ 16.681151] ? __schedule+0x10cc/0x2b60 [ 16.681174] ? __pfx_read_tsc+0x10/0x10 [ 16.681196] ? ktime_get_ts64+0x86/0x230 [ 16.681220] kunit_try_run_case+0x1a5/0x480 [ 16.681245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.681270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.681294] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.681320] ? __kthread_parkme+0x82/0x180 [ 16.681353] ? preempt_count_sub+0x50/0x80 [ 16.681378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.681404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.681449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.681490] kthread+0x337/0x6f0 [ 16.681524] ? trace_preempt_on+0x20/0xc0 [ 16.681562] ? __pfx_kthread+0x10/0x10 [ 16.681583] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.681619] ? calculate_sigpending+0x7b/0xa0 [ 16.681658] ? __pfx_kthread+0x10/0x10 [ 16.681681] ret_from_fork+0x116/0x1d0 [ 16.681711] ? __pfx_kthread+0x10/0x10 [ 16.681733] ret_from_fork_asm+0x1a/0x30 [ 16.681775] </TASK> [ 16.681786] [ 16.690186] Allocated by task 303: [ 16.690393] kasan_save_stack+0x45/0x70 [ 16.690698] kasan_save_track+0x18/0x40 [ 16.690893] kasan_save_alloc_info+0x3b/0x50 [ 16.691135] __kasan_kmalloc+0xb7/0xc0 [ 16.691371] __kmalloc_noprof+0x1c9/0x500 [ 16.691596] kunit_kmalloc_array+0x25/0x60 [ 16.691886] copy_user_test_oob+0xab/0x10f0 [ 16.692132] kunit_try_run_case+0x1a5/0x480 [ 16.692425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.692680] kthread+0x337/0x6f0 [ 16.692834] ret_from_fork+0x116/0x1d0 [ 16.692967] ret_from_fork_asm+0x1a/0x30 [ 16.693139] [ 16.693232] The buggy address belongs to the object at ffff888103a2f000 [ 16.693232] which belongs to the cache kmalloc-128 of size 128 [ 16.693906] The buggy address is located 0 bytes inside of [ 16.693906] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.694500] [ 16.694620] The buggy address belongs to the physical page: [ 16.694876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.695241] flags: 0x200000000000000(node=0|zone=2) [ 16.695530] page_type: f5(slab) [ 16.695727] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.696067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.696442] page dumped because: kasan: bad access detected [ 16.696723] [ 16.696825] Memory state around the buggy address: [ 16.697017] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697405] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697753] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.698046] ^ [ 16.698324] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.698743] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.699092] ================================================================== [ 16.699761] ================================================================== [ 16.700119] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.700533] Write of size 121 at addr ffff888103a2f000 by task kunit_try_catch/303 [ 16.700859] [ 16.700967] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.701008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.701021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.701041] Call Trace: [ 16.701054] <TASK> [ 16.701067] dump_stack_lvl+0x73/0xb0 [ 16.701096] print_report+0xd1/0x650 [ 16.701119] ? __virt_addr_valid+0x1db/0x2d0 [ 16.701142] ? copy_user_test_oob+0x557/0x10f0 [ 16.701166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.701191] ? copy_user_test_oob+0x557/0x10f0 [ 16.701216] kasan_report+0x141/0x180 [ 16.701238] ? copy_user_test_oob+0x557/0x10f0 [ 16.701295] kasan_check_range+0x10c/0x1c0 [ 16.701321] __kasan_check_write+0x18/0x20 [ 16.701376] copy_user_test_oob+0x557/0x10f0 [ 16.701424] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.701449] ? finish_task_switch.isra.0+0x153/0x700 [ 16.701472] ? __switch_to+0x47/0xf50 [ 16.701507] ? __schedule+0x10cc/0x2b60 [ 16.701530] ? __pfx_read_tsc+0x10/0x10 [ 16.701552] ? ktime_get_ts64+0x86/0x230 [ 16.701586] kunit_try_run_case+0x1a5/0x480 [ 16.701611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.701638] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.701692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.701719] ? __kthread_parkme+0x82/0x180 [ 16.701769] ? preempt_count_sub+0x50/0x80 [ 16.701795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.701821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.701848] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.701875] kthread+0x337/0x6f0 [ 16.701895] ? trace_preempt_on+0x20/0xc0 [ 16.701945] ? __pfx_kthread+0x10/0x10 [ 16.701967] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.701990] ? calculate_sigpending+0x7b/0xa0 [ 16.702048] ? __pfx_kthread+0x10/0x10 [ 16.702071] ret_from_fork+0x116/0x1d0 [ 16.702091] ? __pfx_kthread+0x10/0x10 [ 16.702123] ret_from_fork_asm+0x1a/0x30 [ 16.702154] </TASK> [ 16.702165] [ 16.710200] Allocated by task 303: [ 16.710419] kasan_save_stack+0x45/0x70 [ 16.710642] kasan_save_track+0x18/0x40 [ 16.710829] kasan_save_alloc_info+0x3b/0x50 [ 16.711073] __kasan_kmalloc+0xb7/0xc0 [ 16.711288] __kmalloc_noprof+0x1c9/0x500 [ 16.711532] kunit_kmalloc_array+0x25/0x60 [ 16.711779] copy_user_test_oob+0xab/0x10f0 [ 16.711970] kunit_try_run_case+0x1a5/0x480 [ 16.712118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.712360] kthread+0x337/0x6f0 [ 16.712661] ret_from_fork+0x116/0x1d0 [ 16.712869] ret_from_fork_asm+0x1a/0x30 [ 16.713047] [ 16.713120] The buggy address belongs to the object at ffff888103a2f000 [ 16.713120] which belongs to the cache kmalloc-128 of size 128 [ 16.713714] The buggy address is located 0 bytes inside of [ 16.713714] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.714289] [ 16.714379] The buggy address belongs to the physical page: [ 16.714882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.715328] flags: 0x200000000000000(node=0|zone=2) [ 16.715641] page_type: f5(slab) [ 16.715836] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.716252] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.716619] page dumped because: kasan: bad access detected [ 16.716930] [ 16.717013] Memory state around the buggy address: [ 16.717270] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.717630] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.718074] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.718401] ^ [ 16.718797] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.719138] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.719493] ================================================================== [ 16.720228] ================================================================== [ 16.720595] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.721062] Read of size 121 at addr ffff888103a2f000 by task kunit_try_catch/303 [ 16.721430] [ 16.721510] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.721551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.721563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.721583] Call Trace: [ 16.721600] <TASK> [ 16.721616] dump_stack_lvl+0x73/0xb0 [ 16.721645] print_report+0xd1/0x650 [ 16.721668] ? __virt_addr_valid+0x1db/0x2d0 [ 16.721689] ? copy_user_test_oob+0x604/0x10f0 [ 16.721712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.721735] ? copy_user_test_oob+0x604/0x10f0 [ 16.721759] kasan_report+0x141/0x180 [ 16.721780] ? copy_user_test_oob+0x604/0x10f0 [ 16.721808] kasan_check_range+0x10c/0x1c0 [ 16.721832] __kasan_check_read+0x15/0x20 [ 16.721852] copy_user_test_oob+0x604/0x10f0 [ 16.721876] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.721899] ? finish_task_switch.isra.0+0x153/0x700 [ 16.721921] ? __switch_to+0x47/0xf50 [ 16.721946] ? __schedule+0x10cc/0x2b60 [ 16.721967] ? __pfx_read_tsc+0x10/0x10 [ 16.721989] ? ktime_get_ts64+0x86/0x230 [ 16.722012] kunit_try_run_case+0x1a5/0x480 [ 16.722053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.722077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.722102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.722127] ? __kthread_parkme+0x82/0x180 [ 16.722149] ? preempt_count_sub+0x50/0x80 [ 16.722173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.722199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.722257] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.722285] kthread+0x337/0x6f0 [ 16.722331] ? trace_preempt_on+0x20/0xc0 [ 16.722379] ? __pfx_kthread+0x10/0x10 [ 16.722431] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.722455] ? calculate_sigpending+0x7b/0xa0 [ 16.722507] ? __pfx_kthread+0x10/0x10 [ 16.722555] ret_from_fork+0x116/0x1d0 [ 16.722576] ? __pfx_kthread+0x10/0x10 [ 16.722614] ret_from_fork_asm+0x1a/0x30 [ 16.722695] </TASK> [ 16.722707] [ 16.731014] Allocated by task 303: [ 16.731217] kasan_save_stack+0x45/0x70 [ 16.731395] kasan_save_track+0x18/0x40 [ 16.731629] kasan_save_alloc_info+0x3b/0x50 [ 16.731841] __kasan_kmalloc+0xb7/0xc0 [ 16.732054] __kmalloc_noprof+0x1c9/0x500 [ 16.732250] kunit_kmalloc_array+0x25/0x60 [ 16.732474] copy_user_test_oob+0xab/0x10f0 [ 16.732729] kunit_try_run_case+0x1a5/0x480 [ 16.732981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.733271] kthread+0x337/0x6f0 [ 16.733451] ret_from_fork+0x116/0x1d0 [ 16.733767] ret_from_fork_asm+0x1a/0x30 [ 16.733962] [ 16.734056] The buggy address belongs to the object at ffff888103a2f000 [ 16.734056] which belongs to the cache kmalloc-128 of size 128 [ 16.734580] The buggy address is located 0 bytes inside of [ 16.734580] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.734980] [ 16.735051] The buggy address belongs to the physical page: [ 16.735215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.735457] flags: 0x200000000000000(node=0|zone=2) [ 16.735750] page_type: f5(slab) [ 16.735917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.736364] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.736831] page dumped because: kasan: bad access detected [ 16.737139] [ 16.737299] Memory state around the buggy address: [ 16.737583] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.737950] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.738269] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.738664] ^ [ 16.739024] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739254] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739622] ================================================================== [ 16.658971] ================================================================== [ 16.659292] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.659714] Write of size 121 at addr ffff888103a2f000 by task kunit_try_catch/303 [ 16.660087] [ 16.660251] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.660367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.660382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.660403] Call Trace: [ 16.660418] <TASK> [ 16.660433] dump_stack_lvl+0x73/0xb0 [ 16.660464] print_report+0xd1/0x650 [ 16.660488] ? __virt_addr_valid+0x1db/0x2d0 [ 16.660513] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.660537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.660607] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.660633] kasan_report+0x141/0x180 [ 16.660666] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.660696] kasan_check_range+0x10c/0x1c0 [ 16.660721] __kasan_check_write+0x18/0x20 [ 16.660741] copy_user_test_oob+0x3fd/0x10f0 [ 16.660768] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.660792] ? finish_task_switch.isra.0+0x153/0x700 [ 16.660817] ? __switch_to+0x47/0xf50 [ 16.660843] ? __schedule+0x10cc/0x2b60 [ 16.660867] ? __pfx_read_tsc+0x10/0x10 [ 16.660888] ? ktime_get_ts64+0x86/0x230 [ 16.660912] kunit_try_run_case+0x1a5/0x480 [ 16.660937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.660962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.660987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.661012] ? __kthread_parkme+0x82/0x180 [ 16.661034] ? preempt_count_sub+0x50/0x80 [ 16.661059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.661085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.661111] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.661137] kthread+0x337/0x6f0 [ 16.661157] ? trace_preempt_on+0x20/0xc0 [ 16.661181] ? __pfx_kthread+0x10/0x10 [ 16.661203] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.661226] ? calculate_sigpending+0x7b/0xa0 [ 16.661251] ? __pfx_kthread+0x10/0x10 [ 16.661273] ret_from_fork+0x116/0x1d0 [ 16.661293] ? __pfx_kthread+0x10/0x10 [ 16.661315] ret_from_fork_asm+0x1a/0x30 [ 16.661355] </TASK> [ 16.661367] [ 16.669913] Allocated by task 303: [ 16.670121] kasan_save_stack+0x45/0x70 [ 16.670376] kasan_save_track+0x18/0x40 [ 16.670572] kasan_save_alloc_info+0x3b/0x50 [ 16.670830] __kasan_kmalloc+0xb7/0xc0 [ 16.671062] __kmalloc_noprof+0x1c9/0x500 [ 16.671363] kunit_kmalloc_array+0x25/0x60 [ 16.671539] copy_user_test_oob+0xab/0x10f0 [ 16.671687] kunit_try_run_case+0x1a5/0x480 [ 16.671852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.672106] kthread+0x337/0x6f0 [ 16.672361] ret_from_fork+0x116/0x1d0 [ 16.672727] ret_from_fork_asm+0x1a/0x30 [ 16.672925] [ 16.673007] The buggy address belongs to the object at ffff888103a2f000 [ 16.673007] which belongs to the cache kmalloc-128 of size 128 [ 16.673623] The buggy address is located 0 bytes inside of [ 16.673623] allocated 120-byte region [ffff888103a2f000, ffff888103a2f078) [ 16.674152] [ 16.674234] The buggy address belongs to the physical page: [ 16.674444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a2f [ 16.674807] flags: 0x200000000000000(node=0|zone=2) [ 16.675020] page_type: f5(slab) [ 16.675215] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.675584] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.675917] page dumped because: kasan: bad access detected [ 16.676277] [ 16.676378] Memory state around the buggy address: [ 16.676592] ffff888103a2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.676806] ffff888103a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.677263] >ffff888103a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.677760] ^ [ 16.678167] ffff888103a2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.678439] ffff888103a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.678822] ==================================================================