Date
July 12, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.610426] ================================================================== [ 23.610548] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 23.610671] Write of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.610867] [ 23.610978] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.611266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.611365] Hardware name: linux,dummy-virt (DT) [ 23.611467] Call trace: [ 23.611540] show_stack+0x20/0x38 (C) [ 23.611674] dump_stack_lvl+0x8c/0xd0 [ 23.611808] print_report+0x118/0x608 [ 23.611925] kasan_report+0xdc/0x128 [ 23.612020] kasan_check_range+0x100/0x1a8 [ 23.612175] __kasan_check_write+0x20/0x30 [ 23.612318] copy_user_test_oob+0x434/0xec8 [ 23.612748] kunit_try_run_case+0x170/0x3f0 [ 23.612893] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.613317] kthread+0x328/0x630 [ 23.613602] ret_from_fork+0x10/0x20 [ 23.613864] [ 23.613932] Allocated by task 286: [ 23.614038] kasan_save_stack+0x3c/0x68 [ 23.614171] kasan_save_track+0x20/0x40 [ 23.614295] kasan_save_alloc_info+0x40/0x58 [ 23.614400] __kasan_kmalloc+0xd4/0xd8 [ 23.614492] __kmalloc_noprof+0x198/0x4c8 [ 23.614581] kunit_kmalloc_array+0x34/0x88 [ 23.614675] copy_user_test_oob+0xac/0xec8 [ 23.614762] kunit_try_run_case+0x170/0x3f0 [ 23.614863] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.614974] kthread+0x328/0x630 [ 23.615052] ret_from_fork+0x10/0x20 [ 23.615152] [ 23.615220] The buggy address belongs to the object at fff00000c5942a00 [ 23.615220] which belongs to the cache kmalloc-128 of size 128 [ 23.615417] The buggy address is located 0 bytes inside of [ 23.615417] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.615588] [ 23.615661] The buggy address belongs to the physical page: [ 23.615758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.615877] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.615971] page_type: f5(slab) [ 23.616055] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.616214] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.616663] page dumped because: kasan: bad access detected [ 23.616753] [ 23.616792] Memory state around the buggy address: [ 23.616880] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.616990] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.617101] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.617188] ^ [ 23.617324] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.617435] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.617539] ================================================================== [ 23.598130] ================================================================== [ 23.598320] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 23.598453] Read of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.599024] [ 23.599108] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.599378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.599654] Hardware name: linux,dummy-virt (DT) [ 23.599762] Call trace: [ 23.600077] show_stack+0x20/0x38 (C) [ 23.600228] dump_stack_lvl+0x8c/0xd0 [ 23.600453] print_report+0x118/0x608 [ 23.600564] kasan_report+0xdc/0x128 [ 23.600959] kasan_check_range+0x100/0x1a8 [ 23.601308] __kasan_check_read+0x20/0x30 [ 23.601548] copy_user_test_oob+0x3c8/0xec8 [ 23.601918] kunit_try_run_case+0x170/0x3f0 [ 23.602065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.602191] kthread+0x328/0x630 [ 23.602271] ret_from_fork+0x10/0x20 [ 23.602715] [ 23.602765] Allocated by task 286: [ 23.602860] kasan_save_stack+0x3c/0x68 [ 23.603298] kasan_save_track+0x20/0x40 [ 23.603387] kasan_save_alloc_info+0x40/0x58 [ 23.603679] __kasan_kmalloc+0xd4/0xd8 [ 23.603812] __kmalloc_noprof+0x198/0x4c8 [ 23.604135] kunit_kmalloc_array+0x34/0x88 [ 23.604577] copy_user_test_oob+0xac/0xec8 [ 23.604946] kunit_try_run_case+0x170/0x3f0 [ 23.605194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.605628] kthread+0x328/0x630 [ 23.605792] ret_from_fork+0x10/0x20 [ 23.605892] [ 23.605934] The buggy address belongs to the object at fff00000c5942a00 [ 23.605934] which belongs to the cache kmalloc-128 of size 128 [ 23.606079] The buggy address is located 0 bytes inside of [ 23.606079] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.606240] [ 23.606298] The buggy address belongs to the physical page: [ 23.606377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.606850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.607151] page_type: f5(slab) [ 23.607312] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.607433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.607543] page dumped because: kasan: bad access detected [ 23.607622] [ 23.607674] Memory state around the buggy address: [ 23.607748] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.607915] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.608047] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.608429] ^ [ 23.608554] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.608685] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.608929] ================================================================== [ 23.583915] ================================================================== [ 23.584039] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 23.584474] Write of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.584632] [ 23.584722] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.584930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.584997] Hardware name: linux,dummy-virt (DT) [ 23.585152] Call trace: [ 23.585222] show_stack+0x20/0x38 (C) [ 23.585803] dump_stack_lvl+0x8c/0xd0 [ 23.585969] print_report+0x118/0x608 [ 23.586093] kasan_report+0xdc/0x128 [ 23.586240] kasan_check_range+0x100/0x1a8 [ 23.586852] __kasan_check_write+0x20/0x30 [ 23.586991] copy_user_test_oob+0x35c/0xec8 [ 23.587117] kunit_try_run_case+0x170/0x3f0 [ 23.587250] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.587456] kthread+0x328/0x630 [ 23.587566] ret_from_fork+0x10/0x20 [ 23.587690] [ 23.587739] Allocated by task 286: [ 23.587805] kasan_save_stack+0x3c/0x68 [ 23.587911] kasan_save_track+0x20/0x40 [ 23.588001] kasan_save_alloc_info+0x40/0x58 [ 23.588099] __kasan_kmalloc+0xd4/0xd8 [ 23.588188] __kmalloc_noprof+0x198/0x4c8 [ 23.588274] kunit_kmalloc_array+0x34/0x88 [ 23.588362] copy_user_test_oob+0xac/0xec8 [ 23.588447] kunit_try_run_case+0x170/0x3f0 [ 23.588540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.588646] kthread+0x328/0x630 [ 23.588722] ret_from_fork+0x10/0x20 [ 23.588855] [ 23.588904] The buggy address belongs to the object at fff00000c5942a00 [ 23.588904] which belongs to the cache kmalloc-128 of size 128 [ 23.589043] The buggy address is located 0 bytes inside of [ 23.589043] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.589177] [ 23.589226] The buggy address belongs to the physical page: [ 23.589300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.591036] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.591438] page_type: f5(slab) [ 23.591578] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.591803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.592135] page dumped because: kasan: bad access detected [ 23.592236] [ 23.592400] Memory state around the buggy address: [ 23.592495] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.592599] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.593222] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.593686] ^ [ 23.593892] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.593997] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.594081] ================================================================== [ 23.562415] ================================================================== [ 23.565172] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 23.565346] Read of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.565795] [ 23.565988] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.566330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.566496] Hardware name: linux,dummy-virt (DT) [ 23.566604] Call trace: [ 23.566768] show_stack+0x20/0x38 (C) [ 23.566927] dump_stack_lvl+0x8c/0xd0 [ 23.567038] print_report+0x118/0x608 [ 23.567155] kasan_report+0xdc/0x128 [ 23.567273] kasan_check_range+0x100/0x1a8 [ 23.567393] __kasan_check_read+0x20/0x30 [ 23.567503] copy_user_test_oob+0x728/0xec8 [ 23.567624] kunit_try_run_case+0x170/0x3f0 [ 23.568159] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.568554] kthread+0x328/0x630 [ 23.568688] ret_from_fork+0x10/0x20 [ 23.568865] [ 23.569079] Allocated by task 286: [ 23.569178] kasan_save_stack+0x3c/0x68 [ 23.569262] kasan_save_track+0x20/0x40 [ 23.569306] kasan_save_alloc_info+0x40/0x58 [ 23.569352] __kasan_kmalloc+0xd4/0xd8 [ 23.569399] __kmalloc_noprof+0x198/0x4c8 [ 23.569471] kunit_kmalloc_array+0x34/0x88 [ 23.569516] copy_user_test_oob+0xac/0xec8 [ 23.569556] kunit_try_run_case+0x170/0x3f0 [ 23.569598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.569642] kthread+0x328/0x630 [ 23.569679] ret_from_fork+0x10/0x20 [ 23.569719] [ 23.569743] The buggy address belongs to the object at fff00000c5942a00 [ 23.569743] which belongs to the cache kmalloc-128 of size 128 [ 23.569806] The buggy address is located 0 bytes inside of [ 23.569806] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.570007] [ 23.570060] The buggy address belongs to the physical page: [ 23.570143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.570245] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.570357] page_type: f5(slab) [ 23.570454] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.570655] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.570773] page dumped because: kasan: bad access detected [ 23.570876] [ 23.570924] Memory state around the buggy address: [ 23.571019] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.571170] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.571302] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.571402] ^ [ 23.571546] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.571708] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.571850] ================================================================== [ 23.536835] ================================================================== [ 23.537009] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 23.537170] Write of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.537288] [ 23.537369] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.537542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.537599] Hardware name: linux,dummy-virt (DT) [ 23.537671] Call trace: [ 23.537730] show_stack+0x20/0x38 (C) [ 23.537873] dump_stack_lvl+0x8c/0xd0 [ 23.537985] print_report+0x118/0x608 [ 23.538084] kasan_report+0xdc/0x128 [ 23.538189] kasan_check_range+0x100/0x1a8 [ 23.539807] __kasan_check_write+0x20/0x30 [ 23.540021] copy_user_test_oob+0x234/0xec8 [ 23.540119] kunit_try_run_case+0x170/0x3f0 [ 23.540221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.540341] kthread+0x328/0x630 [ 23.540452] ret_from_fork+0x10/0x20 [ 23.540569] [ 23.540618] Allocated by task 286: [ 23.540693] kasan_save_stack+0x3c/0x68 [ 23.540797] kasan_save_track+0x20/0x40 [ 23.540900] kasan_save_alloc_info+0x40/0x58 [ 23.540987] __kasan_kmalloc+0xd4/0xd8 [ 23.541076] __kmalloc_noprof+0x198/0x4c8 [ 23.541239] kunit_kmalloc_array+0x34/0x88 [ 23.541328] copy_user_test_oob+0xac/0xec8 [ 23.541421] kunit_try_run_case+0x170/0x3f0 [ 23.541516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.541765] kthread+0x328/0x630 [ 23.541929] ret_from_fork+0x10/0x20 [ 23.542062] [ 23.542110] The buggy address belongs to the object at fff00000c5942a00 [ 23.542110] which belongs to the cache kmalloc-128 of size 128 [ 23.542615] The buggy address is located 0 bytes inside of [ 23.542615] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.542938] [ 23.543157] The buggy address belongs to the physical page: [ 23.543448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.543660] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.544068] page_type: f5(slab) [ 23.544190] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.544316] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.544417] page dumped because: kasan: bad access detected [ 23.544502] [ 23.544554] Memory state around the buggy address: [ 23.544635] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.544746] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.544866] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.544958] ^ [ 23.545060] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.545806] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.545973] ================================================================== [ 23.618890] ================================================================== [ 23.619005] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 23.619119] Read of size 121 at addr fff00000c5942a00 by task kunit_try_catch/286 [ 23.619223] [ 23.619281] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 23.619469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.619529] Hardware name: linux,dummy-virt (DT) [ 23.619603] Call trace: [ 23.619653] show_stack+0x20/0x38 (C) [ 23.619763] dump_stack_lvl+0x8c/0xd0 [ 23.619880] print_report+0x118/0x608 [ 23.619983] kasan_report+0xdc/0x128 [ 23.620086] kasan_check_range+0x100/0x1a8 [ 23.620198] __kasan_check_read+0x20/0x30 [ 23.620302] copy_user_test_oob+0x4a0/0xec8 [ 23.620406] kunit_try_run_case+0x170/0x3f0 [ 23.620516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.620633] kthread+0x328/0x630 [ 23.620729] ret_from_fork+0x10/0x20 [ 23.620858] [ 23.620898] Allocated by task 286: [ 23.620960] kasan_save_stack+0x3c/0x68 [ 23.621047] kasan_save_track+0x20/0x40 [ 23.621139] kasan_save_alloc_info+0x40/0x58 [ 23.621559] __kasan_kmalloc+0xd4/0xd8 [ 23.621691] __kmalloc_noprof+0x198/0x4c8 [ 23.621775] kunit_kmalloc_array+0x34/0x88 [ 23.621867] copy_user_test_oob+0xac/0xec8 [ 23.621939] kunit_try_run_case+0x170/0x3f0 [ 23.622051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.622172] kthread+0x328/0x630 [ 23.622248] ret_from_fork+0x10/0x20 [ 23.622329] [ 23.622886] The buggy address belongs to the object at fff00000c5942a00 [ 23.622886] which belongs to the cache kmalloc-128 of size 128 [ 23.623331] The buggy address is located 0 bytes inside of [ 23.623331] allocated 120-byte region [fff00000c5942a00, fff00000c5942a78) [ 23.623625] [ 23.623692] The buggy address belongs to the physical page: [ 23.623774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105942 [ 23.623920] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.624032] page_type: f5(slab) [ 23.624122] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.624266] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.624372] page dumped because: kasan: bad access detected [ 23.624452] [ 23.624503] Memory state around the buggy address: [ 23.624580] fff00000c5942900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.624691] fff00000c5942980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.624806] >fff00000c5942a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.624924] ^ [ 23.625033] fff00000c5942a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.625154] fff00000c5942b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.625259] ==================================================================
[ 16.887316] ================================================================== [ 16.888115] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.888410] Write of size 121 at addr ffff888103ad9000 by task kunit_try_catch/303 [ 16.889035] [ 16.889248] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.889391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.889427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.889508] Call Trace: [ 16.889525] <TASK> [ 16.889541] dump_stack_lvl+0x73/0xb0 [ 16.889574] print_report+0xd1/0x650 [ 16.889599] ? __virt_addr_valid+0x1db/0x2d0 [ 16.889623] ? copy_user_test_oob+0x557/0x10f0 [ 16.889671] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.889696] ? copy_user_test_oob+0x557/0x10f0 [ 16.889873] kasan_report+0x141/0x180 [ 16.889901] ? copy_user_test_oob+0x557/0x10f0 [ 16.889931] kasan_check_range+0x10c/0x1c0 [ 16.889956] __kasan_check_write+0x18/0x20 [ 16.889978] copy_user_test_oob+0x557/0x10f0 [ 16.890004] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.890029] ? finish_task_switch.isra.0+0x153/0x700 [ 16.890055] ? __switch_to+0x47/0xf50 [ 16.890083] ? __schedule+0x10cc/0x2b60 [ 16.890107] ? __pfx_read_tsc+0x10/0x10 [ 16.890130] ? ktime_get_ts64+0x86/0x230 [ 16.890155] kunit_try_run_case+0x1a5/0x480 [ 16.890181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.890206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.890232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.890258] ? __kthread_parkme+0x82/0x180 [ 16.890280] ? preempt_count_sub+0x50/0x80 [ 16.890305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.890332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.890358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.890391] kthread+0x337/0x6f0 [ 16.890412] ? trace_preempt_on+0x20/0xc0 [ 16.890436] ? __pfx_kthread+0x10/0x10 [ 16.890457] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.890481] ? calculate_sigpending+0x7b/0xa0 [ 16.890507] ? __pfx_kthread+0x10/0x10 [ 16.890530] ret_from_fork+0x116/0x1d0 [ 16.890550] ? __pfx_kthread+0x10/0x10 [ 16.890572] ret_from_fork_asm+0x1a/0x30 [ 16.890603] </TASK> [ 16.890614] [ 16.900504] Allocated by task 303: [ 16.900687] kasan_save_stack+0x45/0x70 [ 16.900925] kasan_save_track+0x18/0x40 [ 16.901214] kasan_save_alloc_info+0x3b/0x50 [ 16.901423] __kasan_kmalloc+0xb7/0xc0 [ 16.901610] __kmalloc_noprof+0x1c9/0x500 [ 16.901853] kunit_kmalloc_array+0x25/0x60 [ 16.902158] copy_user_test_oob+0xab/0x10f0 [ 16.902366] kunit_try_run_case+0x1a5/0x480 [ 16.902592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.902845] kthread+0x337/0x6f0 [ 16.903032] ret_from_fork+0x116/0x1d0 [ 16.903223] ret_from_fork_asm+0x1a/0x30 [ 16.903441] [ 16.903581] The buggy address belongs to the object at ffff888103ad9000 [ 16.903581] which belongs to the cache kmalloc-128 of size 128 [ 16.904715] The buggy address is located 0 bytes inside of [ 16.904715] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.905120] [ 16.905225] The buggy address belongs to the physical page: [ 16.905479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.906039] flags: 0x200000000000000(node=0|zone=2) [ 16.906262] page_type: f5(slab) [ 16.906388] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.906714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.906948] page dumped because: kasan: bad access detected [ 16.907119] [ 16.907188] Memory state around the buggy address: [ 16.907340] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.907552] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.907776] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.907986] ^ [ 16.908274] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.908604] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.908950] ================================================================== [ 16.846132] ================================================================== [ 16.846477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.846763] Write of size 121 at addr ffff888103ad9000 by task kunit_try_catch/303 [ 16.847178] [ 16.847278] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.847322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.847335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.847356] Call Trace: [ 16.847371] <TASK> [ 16.847388] dump_stack_lvl+0x73/0xb0 [ 16.847418] print_report+0xd1/0x650 [ 16.847442] ? __virt_addr_valid+0x1db/0x2d0 [ 16.847465] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.847491] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.847516] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.847541] kasan_report+0x141/0x180 [ 16.847565] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.847594] kasan_check_range+0x10c/0x1c0 [ 16.847619] __kasan_check_write+0x18/0x20 [ 16.847640] copy_user_test_oob+0x3fd/0x10f0 [ 16.847667] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.847703] ? finish_task_switch.isra.0+0x153/0x700 [ 16.847728] ? __switch_to+0x47/0xf50 [ 16.847766] ? __schedule+0x10cc/0x2b60 [ 16.847789] ? __pfx_read_tsc+0x10/0x10 [ 16.847811] ? ktime_get_ts64+0x86/0x230 [ 16.847836] kunit_try_run_case+0x1a5/0x480 [ 16.847861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.847886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.847911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.847938] ? __kthread_parkme+0x82/0x180 [ 16.847960] ? preempt_count_sub+0x50/0x80 [ 16.847985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.848012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.848038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.848065] kthread+0x337/0x6f0 [ 16.848085] ? trace_preempt_on+0x20/0xc0 [ 16.848110] ? __pfx_kthread+0x10/0x10 [ 16.848132] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.848155] ? calculate_sigpending+0x7b/0xa0 [ 16.848181] ? __pfx_kthread+0x10/0x10 [ 16.848204] ret_from_fork+0x116/0x1d0 [ 16.848224] ? __pfx_kthread+0x10/0x10 [ 16.848246] ret_from_fork_asm+0x1a/0x30 [ 16.848277] </TASK> [ 16.848289] [ 16.855282] Allocated by task 303: [ 16.855454] kasan_save_stack+0x45/0x70 [ 16.855596] kasan_save_track+0x18/0x40 [ 16.855913] kasan_save_alloc_info+0x3b/0x50 [ 16.856125] __kasan_kmalloc+0xb7/0xc0 [ 16.856280] __kmalloc_noprof+0x1c9/0x500 [ 16.856421] kunit_kmalloc_array+0x25/0x60 [ 16.856576] copy_user_test_oob+0xab/0x10f0 [ 16.856916] kunit_try_run_case+0x1a5/0x480 [ 16.857131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.857388] kthread+0x337/0x6f0 [ 16.857560] ret_from_fork+0x116/0x1d0 [ 16.857760] ret_from_fork_asm+0x1a/0x30 [ 16.857953] [ 16.858044] The buggy address belongs to the object at ffff888103ad9000 [ 16.858044] which belongs to the cache kmalloc-128 of size 128 [ 16.858492] The buggy address is located 0 bytes inside of [ 16.858492] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.858966] [ 16.859037] The buggy address belongs to the physical page: [ 16.859208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.859450] flags: 0x200000000000000(node=0|zone=2) [ 16.859665] page_type: f5(slab) [ 16.859844] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.860186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.860524] page dumped because: kasan: bad access detected [ 16.860700] [ 16.860782] Memory state around the buggy address: [ 16.860938] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.861156] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.861657] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.861991] ^ [ 16.862321] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.862657] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.863101] ================================================================== [ 16.909481] ================================================================== [ 16.909713] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.910175] Read of size 121 at addr ffff888103ad9000 by task kunit_try_catch/303 [ 16.910766] [ 16.910891] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.910937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.910950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.910972] Call Trace: [ 16.910985] <TASK> [ 16.911000] dump_stack_lvl+0x73/0xb0 [ 16.911051] print_report+0xd1/0x650 [ 16.911076] ? __virt_addr_valid+0x1db/0x2d0 [ 16.911115] ? copy_user_test_oob+0x604/0x10f0 [ 16.911155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.911208] ? copy_user_test_oob+0x604/0x10f0 [ 16.911246] kasan_report+0x141/0x180 [ 16.911282] ? copy_user_test_oob+0x604/0x10f0 [ 16.911312] kasan_check_range+0x10c/0x1c0 [ 16.911350] __kasan_check_read+0x15/0x20 [ 16.911370] copy_user_test_oob+0x604/0x10f0 [ 16.911397] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.911421] ? finish_task_switch.isra.0+0x153/0x700 [ 16.911446] ? __switch_to+0x47/0xf50 [ 16.911472] ? __schedule+0x10cc/0x2b60 [ 16.911495] ? __pfx_read_tsc+0x10/0x10 [ 16.911517] ? ktime_get_ts64+0x86/0x230 [ 16.911541] kunit_try_run_case+0x1a5/0x480 [ 16.911567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.911591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.911616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.911642] ? __kthread_parkme+0x82/0x180 [ 16.911664] ? preempt_count_sub+0x50/0x80 [ 16.911723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.911759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.911786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.911812] kthread+0x337/0x6f0 [ 16.911833] ? trace_preempt_on+0x20/0xc0 [ 16.911858] ? __pfx_kthread+0x10/0x10 [ 16.911880] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.911903] ? calculate_sigpending+0x7b/0xa0 [ 16.911928] ? __pfx_kthread+0x10/0x10 [ 16.911952] ret_from_fork+0x116/0x1d0 [ 16.911971] ? __pfx_kthread+0x10/0x10 [ 16.911992] ret_from_fork_asm+0x1a/0x30 [ 16.912024] </TASK> [ 16.912035] [ 16.922237] Allocated by task 303: [ 16.922467] kasan_save_stack+0x45/0x70 [ 16.922630] kasan_save_track+0x18/0x40 [ 16.922780] kasan_save_alloc_info+0x3b/0x50 [ 16.922931] __kasan_kmalloc+0xb7/0xc0 [ 16.923119] __kmalloc_noprof+0x1c9/0x500 [ 16.923321] kunit_kmalloc_array+0x25/0x60 [ 16.923564] copy_user_test_oob+0xab/0x10f0 [ 16.923922] kunit_try_run_case+0x1a5/0x480 [ 16.924151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.924358] kthread+0x337/0x6f0 [ 16.924477] ret_from_fork+0x116/0x1d0 [ 16.924608] ret_from_fork_asm+0x1a/0x30 [ 16.924763] [ 16.924834] The buggy address belongs to the object at ffff888103ad9000 [ 16.924834] which belongs to the cache kmalloc-128 of size 128 [ 16.925182] The buggy address is located 0 bytes inside of [ 16.925182] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.925734] [ 16.925865] The buggy address belongs to the physical page: [ 16.926163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.926570] flags: 0x200000000000000(node=0|zone=2) [ 16.926842] page_type: f5(slab) [ 16.927052] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.927398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.927743] page dumped because: kasan: bad access detected [ 16.928018] [ 16.928109] Memory state around the buggy address: [ 16.928293] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.928541] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.928886] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.929125] ^ [ 16.929422] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.929695] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.930019] ================================================================== [ 16.863728] ================================================================== [ 16.865199] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.865523] Read of size 121 at addr ffff888103ad9000 by task kunit_try_catch/303 [ 16.866436] [ 16.866766] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.866816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.866830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.866851] Call Trace: [ 16.866867] <TASK> [ 16.866884] dump_stack_lvl+0x73/0xb0 [ 16.866924] print_report+0xd1/0x650 [ 16.866948] ? __virt_addr_valid+0x1db/0x2d0 [ 16.866972] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.866997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.867022] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.867047] kasan_report+0x141/0x180 [ 16.867071] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.867100] kasan_check_range+0x10c/0x1c0 [ 16.867125] __kasan_check_read+0x15/0x20 [ 16.867146] copy_user_test_oob+0x4aa/0x10f0 [ 16.867174] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.867200] ? finish_task_switch.isra.0+0x153/0x700 [ 16.867224] ? __switch_to+0x47/0xf50 [ 16.867251] ? __schedule+0x10cc/0x2b60 [ 16.867277] ? __pfx_read_tsc+0x10/0x10 [ 16.867301] ? ktime_get_ts64+0x86/0x230 [ 16.867326] kunit_try_run_case+0x1a5/0x480 [ 16.867352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.867377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.867404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.867429] ? __kthread_parkme+0x82/0x180 [ 16.867451] ? preempt_count_sub+0x50/0x80 [ 16.867476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.867503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.867529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.867556] kthread+0x337/0x6f0 [ 16.867577] ? trace_preempt_on+0x20/0xc0 [ 16.867602] ? __pfx_kthread+0x10/0x10 [ 16.867624] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.867647] ? calculate_sigpending+0x7b/0xa0 [ 16.867672] ? __pfx_kthread+0x10/0x10 [ 16.867695] ret_from_fork+0x116/0x1d0 [ 16.867715] ? __pfx_kthread+0x10/0x10 [ 16.867736] ret_from_fork_asm+0x1a/0x30 [ 16.867777] </TASK> [ 16.867789] [ 16.874979] Allocated by task 303: [ 16.875106] kasan_save_stack+0x45/0x70 [ 16.875283] kasan_save_track+0x18/0x40 [ 16.875496] kasan_save_alloc_info+0x3b/0x50 [ 16.875860] __kasan_kmalloc+0xb7/0xc0 [ 16.876303] __kmalloc_noprof+0x1c9/0x500 [ 16.876582] kunit_kmalloc_array+0x25/0x60 [ 16.877244] copy_user_test_oob+0xab/0x10f0 [ 16.878141] kunit_try_run_case+0x1a5/0x480 [ 16.878322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.878602] kthread+0x337/0x6f0 [ 16.878828] ret_from_fork+0x116/0x1d0 [ 16.879035] ret_from_fork_asm+0x1a/0x30 [ 16.879512] [ 16.879589] The buggy address belongs to the object at ffff888103ad9000 [ 16.879589] which belongs to the cache kmalloc-128 of size 128 [ 16.880492] The buggy address is located 0 bytes inside of [ 16.880492] allocated 120-byte region [ffff888103ad9000, ffff888103ad9078) [ 16.881242] [ 16.881324] The buggy address belongs to the physical page: [ 16.881581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad9 [ 16.882135] flags: 0x200000000000000(node=0|zone=2) [ 16.882389] page_type: f5(slab) [ 16.882663] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.883126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.883429] page dumped because: kasan: bad access detected [ 16.883863] [ 16.883986] Memory state around the buggy address: [ 16.884315] ffff888103ad8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.884614] ffff888103ad8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.885057] >ffff888103ad9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.885437] ^ [ 16.885828] ffff888103ad9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.886135] ffff888103ad9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.886449] ==================================================================