Date
July 11, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.764323] ================================================================== [ 19.764383] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.764436] Write of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.764500] [ 19.764662] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.764976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.765124] Hardware name: linux,dummy-virt (DT) [ 19.765273] Call trace: [ 19.765332] show_stack+0x20/0x38 (C) [ 19.765444] dump_stack_lvl+0x8c/0xd0 [ 19.765640] print_report+0x118/0x608 [ 19.765741] kasan_report+0xdc/0x128 [ 19.766136] kasan_check_range+0x100/0x1a8 [ 19.766381] __kasan_check_write+0x20/0x30 [ 19.766523] copy_user_test_oob+0x35c/0xec8 [ 19.766572] kunit_try_run_case+0x170/0x3f0 [ 19.766620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.766675] kthread+0x328/0x630 [ 19.767667] ret_from_fork+0x10/0x20 [ 19.767858] [ 19.767881] Allocated by task 286: [ 19.767911] kasan_save_stack+0x3c/0x68 [ 19.767956] kasan_save_track+0x20/0x40 [ 19.767994] kasan_save_alloc_info+0x40/0x58 [ 19.768037] __kasan_kmalloc+0xd4/0xd8 [ 19.768075] __kmalloc_noprof+0x198/0x4c8 [ 19.768115] kunit_kmalloc_array+0x34/0x88 [ 19.768154] copy_user_test_oob+0xac/0xec8 [ 19.768192] kunit_try_run_case+0x170/0x3f0 [ 19.768231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.768275] kthread+0x328/0x630 [ 19.768310] ret_from_fork+0x10/0x20 [ 19.768348] [ 19.768368] The buggy address belongs to the object at fff00000c5903800 [ 19.768368] which belongs to the cache kmalloc-128 of size 128 [ 19.768429] The buggy address is located 0 bytes inside of [ 19.768429] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.768493] [ 19.768515] The buggy address belongs to the physical page: [ 19.768548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.768600] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.768652] page_type: f5(slab) [ 19.768692] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.768744] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.768797] page dumped because: kasan: bad access detected [ 19.768830] [ 19.768862] Memory state around the buggy address: [ 19.768897] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.768942] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.768986] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.769027] ^ [ 19.769070] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.769114] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.769154] ================================================================== [ 19.788110] ================================================================== [ 19.788166] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.788217] Write of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.788270] [ 19.788304] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.788388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.788417] Hardware name: linux,dummy-virt (DT) [ 19.788448] Call trace: [ 19.788471] show_stack+0x20/0x38 (C) [ 19.788521] dump_stack_lvl+0x8c/0xd0 [ 19.788569] print_report+0x118/0x608 [ 19.788617] kasan_report+0xdc/0x128 [ 19.788663] kasan_check_range+0x100/0x1a8 [ 19.788713] __kasan_check_write+0x20/0x30 [ 19.788760] copy_user_test_oob+0x434/0xec8 [ 19.788810] kunit_try_run_case+0x170/0x3f0 [ 19.788871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.788925] kthread+0x328/0x630 [ 19.788967] ret_from_fork+0x10/0x20 [ 19.789017] [ 19.789037] Allocated by task 286: [ 19.789867] kasan_save_stack+0x3c/0x68 [ 19.789930] kasan_save_track+0x20/0x40 [ 19.790062] kasan_save_alloc_info+0x40/0x58 [ 19.790117] __kasan_kmalloc+0xd4/0xd8 [ 19.790156] __kmalloc_noprof+0x198/0x4c8 [ 19.790205] kunit_kmalloc_array+0x34/0x88 [ 19.790244] copy_user_test_oob+0xac/0xec8 [ 19.790294] kunit_try_run_case+0x170/0x3f0 [ 19.790345] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.790389] kthread+0x328/0x630 [ 19.790435] ret_from_fork+0x10/0x20 [ 19.790472] [ 19.790527] The buggy address belongs to the object at fff00000c5903800 [ 19.790527] which belongs to the cache kmalloc-128 of size 128 [ 19.790732] The buggy address is located 0 bytes inside of [ 19.790732] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.791727] [ 19.791778] The buggy address belongs to the physical page: [ 19.792800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.793124] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.793438] page_type: f5(slab) [ 19.793757] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.793915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.793961] page dumped because: kasan: bad access detected [ 19.794608] [ 19.794633] Memory state around the buggy address: [ 19.794673] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.794722] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.794769] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.795456] ^ [ 19.795519] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.795566] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.795607] ================================================================== [ 19.752581] ================================================================== [ 19.752640] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.752697] Read of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.752915] [ 19.752973] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.753158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.753205] Hardware name: linux,dummy-virt (DT) [ 19.753236] Call trace: [ 19.753340] show_stack+0x20/0x38 (C) [ 19.753437] dump_stack_lvl+0x8c/0xd0 [ 19.753484] print_report+0x118/0x608 [ 19.753531] kasan_report+0xdc/0x128 [ 19.753579] kasan_check_range+0x100/0x1a8 [ 19.753627] __kasan_check_read+0x20/0x30 [ 19.753673] copy_user_test_oob+0x728/0xec8 [ 19.753720] kunit_try_run_case+0x170/0x3f0 [ 19.753770] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.753825] kthread+0x328/0x630 [ 19.754018] ret_from_fork+0x10/0x20 [ 19.754074] [ 19.754097] Allocated by task 286: [ 19.754126] kasan_save_stack+0x3c/0x68 [ 19.754167] kasan_save_track+0x20/0x40 [ 19.754206] kasan_save_alloc_info+0x40/0x58 [ 19.754249] __kasan_kmalloc+0xd4/0xd8 [ 19.754286] __kmalloc_noprof+0x198/0x4c8 [ 19.754341] kunit_kmalloc_array+0x34/0x88 [ 19.754380] copy_user_test_oob+0xac/0xec8 [ 19.754419] kunit_try_run_case+0x170/0x3f0 [ 19.754626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.754829] kthread+0x328/0x630 [ 19.754975] ret_from_fork+0x10/0x20 [ 19.755040] [ 19.755123] The buggy address belongs to the object at fff00000c5903800 [ 19.755123] which belongs to the cache kmalloc-128 of size 128 [ 19.755182] The buggy address is located 0 bytes inside of [ 19.755182] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.755248] [ 19.755347] The buggy address belongs to the physical page: [ 19.755394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.755542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.755686] page_type: f5(slab) [ 19.755726] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.756000] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.756135] page dumped because: kasan: bad access detected [ 19.756223] [ 19.756243] Memory state around the buggy address: [ 19.756285] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.756337] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.756553] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.756594] ^ [ 19.756637] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.756713] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.756919] ================================================================== [ 19.737577] ================================================================== [ 19.737863] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.738195] Write of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.738752] [ 19.739151] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.739304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.739341] Hardware name: linux,dummy-virt (DT) [ 19.739376] Call trace: [ 19.739408] show_stack+0x20/0x38 (C) [ 19.739754] dump_stack_lvl+0x8c/0xd0 [ 19.739947] print_report+0x118/0x608 [ 19.740184] kasan_report+0xdc/0x128 [ 19.740231] kasan_check_range+0x100/0x1a8 [ 19.740322] __kasan_check_write+0x20/0x30 [ 19.740558] copy_user_test_oob+0x234/0xec8 [ 19.740607] kunit_try_run_case+0x170/0x3f0 [ 19.740659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.740762] kthread+0x328/0x630 [ 19.741123] ret_from_fork+0x10/0x20 [ 19.741525] [ 19.741640] Allocated by task 286: [ 19.741801] kasan_save_stack+0x3c/0x68 [ 19.741863] kasan_save_track+0x20/0x40 [ 19.742109] kasan_save_alloc_info+0x40/0x58 [ 19.742189] __kasan_kmalloc+0xd4/0xd8 [ 19.742318] __kmalloc_noprof+0x198/0x4c8 [ 19.742363] kunit_kmalloc_array+0x34/0x88 [ 19.742422] copy_user_test_oob+0xac/0xec8 [ 19.742484] kunit_try_run_case+0x170/0x3f0 [ 19.742545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.742623] kthread+0x328/0x630 [ 19.742657] ret_from_fork+0x10/0x20 [ 19.743809] [ 19.743848] The buggy address belongs to the object at fff00000c5903800 [ 19.743848] which belongs to the cache kmalloc-128 of size 128 [ 19.743914] The buggy address is located 0 bytes inside of [ 19.743914] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.744510] [ 19.744558] The buggy address belongs to the physical page: [ 19.744865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.744995] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.745082] page_type: f5(slab) [ 19.745185] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.745313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.745386] page dumped because: kasan: bad access detected [ 19.745504] [ 19.745568] Memory state around the buggy address: [ 19.745659] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.745760] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.745858] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.745899] ^ [ 19.745972] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.746030] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.746172] ================================================================== [ 19.772468] ================================================================== [ 19.772525] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.772577] Read of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.772629] [ 19.772673] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.772759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.772789] Hardware name: linux,dummy-virt (DT) [ 19.772820] Call trace: [ 19.772857] show_stack+0x20/0x38 (C) [ 19.772905] dump_stack_lvl+0x8c/0xd0 [ 19.772956] print_report+0x118/0x608 [ 19.773002] kasan_report+0xdc/0x128 [ 19.773049] kasan_check_range+0x100/0x1a8 [ 19.773097] __kasan_check_read+0x20/0x30 [ 19.773143] copy_user_test_oob+0x3c8/0xec8 [ 19.773191] kunit_try_run_case+0x170/0x3f0 [ 19.773239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.773293] kthread+0x328/0x630 [ 19.773335] ret_from_fork+0x10/0x20 [ 19.773383] [ 19.773405] Allocated by task 286: [ 19.773433] kasan_save_stack+0x3c/0x68 [ 19.773476] kasan_save_track+0x20/0x40 [ 19.773514] kasan_save_alloc_info+0x40/0x58 [ 19.773556] __kasan_kmalloc+0xd4/0xd8 [ 19.773593] __kmalloc_noprof+0x198/0x4c8 [ 19.773633] kunit_kmalloc_array+0x34/0x88 [ 19.773671] copy_user_test_oob+0xac/0xec8 [ 19.773710] kunit_try_run_case+0x170/0x3f0 [ 19.773750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.773794] kthread+0x328/0x630 [ 19.773827] ret_from_fork+0x10/0x20 [ 19.775691] [ 19.775720] The buggy address belongs to the object at fff00000c5903800 [ 19.775720] which belongs to the cache kmalloc-128 of size 128 [ 19.776134] The buggy address is located 0 bytes inside of [ 19.776134] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.777287] [ 19.777441] The buggy address belongs to the physical page: [ 19.777790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.778173] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.778268] page_type: f5(slab) [ 19.778876] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.778989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.779186] page dumped because: kasan: bad access detected [ 19.779437] [ 19.780770] Memory state around the buggy address: [ 19.780813] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.785497] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.785682] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.785930] ^ [ 19.786177] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.786317] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.786692] ================================================================== [ 19.808634] ================================================================== [ 19.809337] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.809597] Read of size 121 at addr fff00000c5903800 by task kunit_try_catch/286 [ 19.809829] [ 19.810080] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.810735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.810818] Hardware name: linux,dummy-virt (DT) [ 19.810974] Call trace: [ 19.811001] show_stack+0x20/0x38 (C) [ 19.811056] dump_stack_lvl+0x8c/0xd0 [ 19.811896] print_report+0x118/0x608 [ 19.812245] kasan_report+0xdc/0x128 [ 19.812517] kasan_check_range+0x100/0x1a8 [ 19.813180] __kasan_check_read+0x20/0x30 [ 19.813269] copy_user_test_oob+0x4a0/0xec8 [ 19.813321] kunit_try_run_case+0x170/0x3f0 [ 19.813372] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.814018] kthread+0x328/0x630 [ 19.814476] ret_from_fork+0x10/0x20 [ 19.814865] [ 19.815142] Allocated by task 286: [ 19.815182] kasan_save_stack+0x3c/0x68 [ 19.815239] kasan_save_track+0x20/0x40 [ 19.815284] kasan_save_alloc_info+0x40/0x58 [ 19.815469] __kasan_kmalloc+0xd4/0xd8 [ 19.815939] __kmalloc_noprof+0x198/0x4c8 [ 19.816129] kunit_kmalloc_array+0x34/0x88 [ 19.816245] copy_user_test_oob+0xac/0xec8 [ 19.816429] kunit_try_run_case+0x170/0x3f0 [ 19.816471] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.816799] kthread+0x328/0x630 [ 19.817192] ret_from_fork+0x10/0x20 [ 19.817337] [ 19.817374] The buggy address belongs to the object at fff00000c5903800 [ 19.817374] which belongs to the cache kmalloc-128 of size 128 [ 19.817672] The buggy address is located 0 bytes inside of [ 19.817672] allocated 120-byte region [fff00000c5903800, fff00000c5903878) [ 19.817906] [ 19.817930] The buggy address belongs to the physical page: [ 19.818103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105903 [ 19.818438] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.818582] page_type: f5(slab) [ 19.818627] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.819023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.819172] page dumped because: kasan: bad access detected [ 19.819369] [ 19.819436] Memory state around the buggy address: [ 19.819538] fff00000c5903700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.819779] fff00000c5903780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819916] >fff00000c5903800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.820124] ^ [ 19.820866] fff00000c5903880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.821075] fff00000c5903900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.821118] ==================================================================
[ 16.481511] ================================================================== [ 16.481948] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.482383] Read of size 121 at addr ffff888103953e00 by task kunit_try_catch/302 [ 16.482636] [ 16.482773] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.482815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.482828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.482866] Call Trace: [ 16.482882] <TASK> [ 16.482897] dump_stack_lvl+0x73/0xb0 [ 16.482955] print_report+0xd1/0x650 [ 16.482977] ? __virt_addr_valid+0x1db/0x2d0 [ 16.483001] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.483026] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.483050] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.483075] kasan_report+0x141/0x180 [ 16.483098] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.483158] kasan_check_range+0x10c/0x1c0 [ 16.483196] __kasan_check_read+0x15/0x20 [ 16.483217] copy_user_test_oob+0x4aa/0x10f0 [ 16.483243] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.483267] ? finish_task_switch.isra.0+0x153/0x700 [ 16.483290] ? __switch_to+0x47/0xf50 [ 16.483317] ? irqentry_exit+0x2a/0x60 [ 16.483338] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.483364] ? __pfx_read_tsc+0x10/0x10 [ 16.483386] ? ktime_get_ts64+0x86/0x230 [ 16.483411] kunit_try_run_case+0x1a5/0x480 [ 16.483436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.483464] ? __kthread_parkme+0x8f/0x180 [ 16.483486] ? __kthread_parkme+0xfa/0x180 [ 16.483508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.483534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.483578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.483605] kthread+0x337/0x6f0 [ 16.483625] ? trace_preempt_on+0x20/0xc0 [ 16.483649] ? __pfx_kthread+0x10/0x10 [ 16.483671] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.483694] ? calculate_sigpending+0x7b/0xa0 [ 16.483719] ? __pfx_kthread+0x10/0x10 [ 16.483742] ret_from_fork+0x116/0x1d0 [ 16.483761] ? __pfx_kthread+0x10/0x10 [ 16.483793] ret_from_fork_asm+0x1a/0x30 [ 16.483826] </TASK> [ 16.483836] [ 16.491153] Allocated by task 302: [ 16.491287] kasan_save_stack+0x45/0x70 [ 16.491480] kasan_save_track+0x18/0x40 [ 16.491672] kasan_save_alloc_info+0x3b/0x50 [ 16.491900] __kasan_kmalloc+0xb7/0xc0 [ 16.492046] __kmalloc_noprof+0x1c9/0x500 [ 16.492186] kunit_kmalloc_array+0x25/0x60 [ 16.492410] copy_user_test_oob+0xab/0x10f0 [ 16.492645] kunit_try_run_case+0x1a5/0x480 [ 16.492891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.493154] kthread+0x337/0x6f0 [ 16.493385] ret_from_fork+0x116/0x1d0 [ 16.493568] ret_from_fork_asm+0x1a/0x30 [ 16.493781] [ 16.493852] The buggy address belongs to the object at ffff888103953e00 [ 16.493852] which belongs to the cache kmalloc-128 of size 128 [ 16.494352] The buggy address is located 0 bytes inside of [ 16.494352] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.494789] [ 16.494904] The buggy address belongs to the physical page: [ 16.495245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.495536] flags: 0x200000000000000(node=0|zone=2) [ 16.495831] page_type: f5(slab) [ 16.495964] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.496356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.496753] page dumped because: kasan: bad access detected [ 16.497008] [ 16.497104] Memory state around the buggy address: [ 16.497321] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.497630] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.497952] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.498159] ^ [ 16.498365] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.498584] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.498797] ================================================================== [ 16.517977] ================================================================== [ 16.518332] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.518624] Read of size 121 at addr ffff888103953e00 by task kunit_try_catch/302 [ 16.519015] [ 16.519114] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.519177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.519190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.519211] Call Trace: [ 16.519226] <TASK> [ 16.519243] dump_stack_lvl+0x73/0xb0 [ 16.519271] print_report+0xd1/0x650 [ 16.519294] ? __virt_addr_valid+0x1db/0x2d0 [ 16.519317] ? copy_user_test_oob+0x604/0x10f0 [ 16.519342] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.519369] ? copy_user_test_oob+0x604/0x10f0 [ 16.519395] kasan_report+0x141/0x180 [ 16.519420] ? copy_user_test_oob+0x604/0x10f0 [ 16.519450] kasan_check_range+0x10c/0x1c0 [ 16.519474] __kasan_check_read+0x15/0x20 [ 16.519495] copy_user_test_oob+0x604/0x10f0 [ 16.519522] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.519546] ? finish_task_switch.isra.0+0x153/0x700 [ 16.519570] ? __switch_to+0x47/0xf50 [ 16.519597] ? irqentry_exit+0x2a/0x60 [ 16.519619] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.519644] ? __pfx_read_tsc+0x10/0x10 [ 16.519667] ? ktime_get_ts64+0x86/0x230 [ 16.519692] kunit_try_run_case+0x1a5/0x480 [ 16.519718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.519746] ? __kthread_parkme+0x8f/0x180 [ 16.519769] ? __kthread_parkme+0xfa/0x180 [ 16.519791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.519818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.519843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.519869] kthread+0x337/0x6f0 [ 16.519890] ? trace_preempt_on+0x20/0xc0 [ 16.519913] ? __pfx_kthread+0x10/0x10 [ 16.519945] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.519968] ? calculate_sigpending+0x7b/0xa0 [ 16.519993] ? __pfx_kthread+0x10/0x10 [ 16.520016] ret_from_fork+0x116/0x1d0 [ 16.520035] ? __pfx_kthread+0x10/0x10 [ 16.520056] ret_from_fork_asm+0x1a/0x30 [ 16.520089] </TASK> [ 16.520099] [ 16.526939] Allocated by task 302: [ 16.527085] kasan_save_stack+0x45/0x70 [ 16.527275] kasan_save_track+0x18/0x40 [ 16.527452] kasan_save_alloc_info+0x3b/0x50 [ 16.527601] __kasan_kmalloc+0xb7/0xc0 [ 16.527736] __kmalloc_noprof+0x1c9/0x500 [ 16.527874] kunit_kmalloc_array+0x25/0x60 [ 16.528094] copy_user_test_oob+0xab/0x10f0 [ 16.528308] kunit_try_run_case+0x1a5/0x480 [ 16.528513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.528765] kthread+0x337/0x6f0 [ 16.528952] ret_from_fork+0x116/0x1d0 [ 16.529151] ret_from_fork_asm+0x1a/0x30 [ 16.529342] [ 16.529417] The buggy address belongs to the object at ffff888103953e00 [ 16.529417] which belongs to the cache kmalloc-128 of size 128 [ 16.529906] The buggy address is located 0 bytes inside of [ 16.529906] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.530316] [ 16.530387] The buggy address belongs to the physical page: [ 16.530599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.531086] flags: 0x200000000000000(node=0|zone=2) [ 16.531335] page_type: f5(slab) [ 16.531497] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.531828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.532113] page dumped because: kasan: bad access detected [ 16.532316] [ 16.532386] Memory state around the buggy address: [ 16.532568] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.533055] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.533338] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.533599] ^ [ 16.534015] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.534248] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.534463] ================================================================== [ 16.499484] ================================================================== [ 16.499817] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.500211] Write of size 121 at addr ffff888103953e00 by task kunit_try_catch/302 [ 16.500549] [ 16.500683] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.500742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.500754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.500784] Call Trace: [ 16.500798] <TASK> [ 16.500811] dump_stack_lvl+0x73/0xb0 [ 16.500858] print_report+0xd1/0x650 [ 16.500881] ? __virt_addr_valid+0x1db/0x2d0 [ 16.500932] ? copy_user_test_oob+0x557/0x10f0 [ 16.500957] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.500982] ? copy_user_test_oob+0x557/0x10f0 [ 16.501007] kasan_report+0x141/0x180 [ 16.501030] ? copy_user_test_oob+0x557/0x10f0 [ 16.501060] kasan_check_range+0x10c/0x1c0 [ 16.501101] __kasan_check_write+0x18/0x20 [ 16.501135] copy_user_test_oob+0x557/0x10f0 [ 16.501175] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.501212] ? finish_task_switch.isra.0+0x153/0x700 [ 16.501236] ? __switch_to+0x47/0xf50 [ 16.501262] ? irqentry_exit+0x2a/0x60 [ 16.501284] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.501310] ? __pfx_read_tsc+0x10/0x10 [ 16.501331] ? ktime_get_ts64+0x86/0x230 [ 16.501356] kunit_try_run_case+0x1a5/0x480 [ 16.501381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.501410] ? __kthread_parkme+0x8f/0x180 [ 16.501432] ? __kthread_parkme+0xfa/0x180 [ 16.501455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.501480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.501506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.501533] kthread+0x337/0x6f0 [ 16.501552] ? trace_preempt_on+0x20/0xc0 [ 16.501577] ? __pfx_kthread+0x10/0x10 [ 16.501599] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.501623] ? calculate_sigpending+0x7b/0xa0 [ 16.501648] ? __pfx_kthread+0x10/0x10 [ 16.501671] ret_from_fork+0x116/0x1d0 [ 16.501691] ? __pfx_kthread+0x10/0x10 [ 16.501712] ret_from_fork_asm+0x1a/0x30 [ 16.501744] </TASK> [ 16.501762] [ 16.509424] Allocated by task 302: [ 16.509552] kasan_save_stack+0x45/0x70 [ 16.509762] kasan_save_track+0x18/0x40 [ 16.509990] kasan_save_alloc_info+0x3b/0x50 [ 16.510204] __kasan_kmalloc+0xb7/0xc0 [ 16.510411] __kmalloc_noprof+0x1c9/0x500 [ 16.510633] kunit_kmalloc_array+0x25/0x60 [ 16.510942] copy_user_test_oob+0xab/0x10f0 [ 16.511149] kunit_try_run_case+0x1a5/0x480 [ 16.511356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.511607] kthread+0x337/0x6f0 [ 16.511759] ret_from_fork+0x116/0x1d0 [ 16.511957] ret_from_fork_asm+0x1a/0x30 [ 16.512116] [ 16.512185] The buggy address belongs to the object at ffff888103953e00 [ 16.512185] which belongs to the cache kmalloc-128 of size 128 [ 16.512657] The buggy address is located 0 bytes inside of [ 16.512657] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.513320] [ 16.513406] The buggy address belongs to the physical page: [ 16.513652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.514039] flags: 0x200000000000000(node=0|zone=2) [ 16.514259] page_type: f5(slab) [ 16.514425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.514750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.515062] page dumped because: kasan: bad access detected [ 16.515296] [ 16.515368] Memory state around the buggy address: [ 16.515590] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.515952] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.516226] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.516508] ^ [ 16.516829] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.517154] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.517436] ================================================================== [ 16.458472] ================================================================== [ 16.458826] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.459238] Write of size 121 at addr ffff888103953e00 by task kunit_try_catch/302 [ 16.459573] [ 16.459687] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.459730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.459743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.459764] Call Trace: [ 16.459777] <TASK> [ 16.459792] dump_stack_lvl+0x73/0xb0 [ 16.459846] print_report+0xd1/0x650 [ 16.459876] ? __virt_addr_valid+0x1db/0x2d0 [ 16.459900] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.459936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.459961] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.459986] kasan_report+0x141/0x180 [ 16.460009] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.460038] kasan_check_range+0x10c/0x1c0 [ 16.460062] __kasan_check_write+0x18/0x20 [ 16.460102] copy_user_test_oob+0x3fd/0x10f0 [ 16.460128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.460153] ? finish_task_switch.isra.0+0x153/0x700 [ 16.460177] ? __switch_to+0x47/0xf50 [ 16.460204] ? irqentry_exit+0x2a/0x60 [ 16.460226] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.460251] ? __pfx_read_tsc+0x10/0x10 [ 16.460274] ? ktime_get_ts64+0x86/0x230 [ 16.460298] kunit_try_run_case+0x1a5/0x480 [ 16.460343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.460371] ? __kthread_parkme+0x8f/0x180 [ 16.460394] ? __kthread_parkme+0xfa/0x180 [ 16.460416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.460442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.460468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.460510] kthread+0x337/0x6f0 [ 16.460530] ? trace_preempt_on+0x20/0xc0 [ 16.460555] ? __pfx_kthread+0x10/0x10 [ 16.460577] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.460602] ? calculate_sigpending+0x7b/0xa0 [ 16.460628] ? __pfx_kthread+0x10/0x10 [ 16.460651] ret_from_fork+0x116/0x1d0 [ 16.460671] ? __pfx_kthread+0x10/0x10 [ 16.460692] ret_from_fork_asm+0x1a/0x30 [ 16.460726] </TASK> [ 16.460736] [ 16.472882] Allocated by task 302: [ 16.473255] kasan_save_stack+0x45/0x70 [ 16.473432] kasan_save_track+0x18/0x40 [ 16.473569] kasan_save_alloc_info+0x3b/0x50 [ 16.473712] __kasan_kmalloc+0xb7/0xc0 [ 16.473875] __kmalloc_noprof+0x1c9/0x500 [ 16.474145] kunit_kmalloc_array+0x25/0x60 [ 16.474356] copy_user_test_oob+0xab/0x10f0 [ 16.474562] kunit_try_run_case+0x1a5/0x480 [ 16.474772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.475026] kthread+0x337/0x6f0 [ 16.475169] ret_from_fork+0x116/0x1d0 [ 16.475346] ret_from_fork_asm+0x1a/0x30 [ 16.475482] [ 16.475576] The buggy address belongs to the object at ffff888103953e00 [ 16.475576] which belongs to the cache kmalloc-128 of size 128 [ 16.476192] The buggy address is located 0 bytes inside of [ 16.476192] allocated 120-byte region [ffff888103953e00, ffff888103953e78) [ 16.476665] [ 16.476737] The buggy address belongs to the physical page: [ 16.476902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953 [ 16.477289] flags: 0x200000000000000(node=0|zone=2) [ 16.477632] page_type: f5(slab) [ 16.477802] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.478188] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.478439] page dumped because: kasan: bad access detected [ 16.478627] [ 16.478740] Memory state around the buggy address: [ 16.479049] ffff888103953d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.479411] ffff888103953d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.479727] >ffff888103953e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.480056] ^ [ 16.480333] ffff888103953e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.480567] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.480964] ==================================================================