Date
July 12, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.634059] ================================================================== [ 19.634218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.634281] Write of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.634336] [ 19.634369] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.634456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.634485] Hardware name: linux,dummy-virt (DT) [ 19.634641] Call trace: [ 19.634689] show_stack+0x20/0x38 (C) [ 19.634760] dump_stack_lvl+0x8c/0xd0 [ 19.634814] print_report+0x118/0x5d0 [ 19.635082] kasan_report+0xdc/0x128 [ 19.635154] kasan_check_range+0x100/0x1a8 [ 19.635252] __kasan_check_write+0x20/0x30 [ 19.635312] copy_user_test_oob+0x35c/0xec8 [ 19.635362] kunit_try_run_case+0x170/0x3f0 [ 19.635426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.635481] kthread+0x328/0x630 [ 19.635802] ret_from_fork+0x10/0x20 [ 19.635891] [ 19.635922] Allocated by task 285: [ 19.635967] kasan_save_stack+0x3c/0x68 [ 19.636020] kasan_save_track+0x20/0x40 [ 19.636061] kasan_save_alloc_info+0x40/0x58 [ 19.636103] __kasan_kmalloc+0xd4/0xd8 [ 19.636150] __kmalloc_noprof+0x198/0x4c8 [ 19.636203] kunit_kmalloc_array+0x34/0x88 [ 19.636244] copy_user_test_oob+0xac/0xec8 [ 19.636285] kunit_try_run_case+0x170/0x3f0 [ 19.636324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.636565] kthread+0x328/0x630 [ 19.636763] ret_from_fork+0x10/0x20 [ 19.636983] [ 19.637060] The buggy address belongs to the object at fff00000c7897b00 [ 19.637060] which belongs to the cache kmalloc-128 of size 128 [ 19.637238] The buggy address is located 0 bytes inside of [ 19.637238] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.637362] [ 19.637465] The buggy address belongs to the physical page: [ 19.637570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.637627] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.637677] page_type: f5(slab) [ 19.637757] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.637916] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.637979] page dumped because: kasan: bad access detected [ 19.638111] [ 19.638191] Memory state around the buggy address: [ 19.638244] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.638335] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.638593] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.638700] ^ [ 19.639007] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.639113] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.639157] ================================================================== [ 19.644498] ================================================================== [ 19.644553] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.644602] Write of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.644821] [ 19.644888] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.644976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.645026] Hardware name: linux,dummy-virt (DT) [ 19.645086] Call trace: [ 19.645109] show_stack+0x20/0x38 (C) [ 19.645160] dump_stack_lvl+0x8c/0xd0 [ 19.645217] print_report+0x118/0x5d0 [ 19.645359] kasan_report+0xdc/0x128 [ 19.645571] kasan_check_range+0x100/0x1a8 [ 19.645665] __kasan_check_write+0x20/0x30 [ 19.645714] copy_user_test_oob+0x434/0xec8 [ 19.645856] kunit_try_run_case+0x170/0x3f0 [ 19.645986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.646051] kthread+0x328/0x630 [ 19.646095] ret_from_fork+0x10/0x20 [ 19.646369] [ 19.646431] Allocated by task 285: [ 19.646466] kasan_save_stack+0x3c/0x68 [ 19.646552] kasan_save_track+0x20/0x40 [ 19.646621] kasan_save_alloc_info+0x40/0x58 [ 19.646695] __kasan_kmalloc+0xd4/0xd8 [ 19.646860] __kmalloc_noprof+0x198/0x4c8 [ 19.646905] kunit_kmalloc_array+0x34/0x88 [ 19.646944] copy_user_test_oob+0xac/0xec8 [ 19.647060] kunit_try_run_case+0x170/0x3f0 [ 19.647106] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.647249] kthread+0x328/0x630 [ 19.647348] ret_from_fork+0x10/0x20 [ 19.647431] [ 19.647499] The buggy address belongs to the object at fff00000c7897b00 [ 19.647499] which belongs to the cache kmalloc-128 of size 128 [ 19.647644] The buggy address is located 0 bytes inside of [ 19.647644] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.647785] [ 19.647836] The buggy address belongs to the physical page: [ 19.647871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.647929] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.647979] page_type: f5(slab) [ 19.648298] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.648505] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.648613] page dumped because: kasan: bad access detected [ 19.648668] [ 19.648688] Memory state around the buggy address: [ 19.648723] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.648976] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.649084] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.649253] ^ [ 19.649339] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.649499] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.649629] ================================================================== [ 19.624524] ================================================================== [ 19.624585] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.624663] Read of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.624720] [ 19.624771] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.624859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.624999] Hardware name: linux,dummy-virt (DT) [ 19.625121] Call trace: [ 19.625169] show_stack+0x20/0x38 (C) [ 19.625238] dump_stack_lvl+0x8c/0xd0 [ 19.625332] print_report+0x118/0x5d0 [ 19.625406] kasan_report+0xdc/0x128 [ 19.625537] kasan_check_range+0x100/0x1a8 [ 19.625697] __kasan_check_read+0x20/0x30 [ 19.625754] copy_user_test_oob+0x728/0xec8 [ 19.625805] kunit_try_run_case+0x170/0x3f0 [ 19.625853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.625906] kthread+0x328/0x630 [ 19.625953] ret_from_fork+0x10/0x20 [ 19.626000] [ 19.626019] Allocated by task 285: [ 19.626051] kasan_save_stack+0x3c/0x68 [ 19.626094] kasan_save_track+0x20/0x40 [ 19.626318] kasan_save_alloc_info+0x40/0x58 [ 19.626398] __kasan_kmalloc+0xd4/0xd8 [ 19.626449] __kmalloc_noprof+0x198/0x4c8 [ 19.626491] kunit_kmalloc_array+0x34/0x88 [ 19.626550] copy_user_test_oob+0xac/0xec8 [ 19.626591] kunit_try_run_case+0x170/0x3f0 [ 19.626640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.626687] kthread+0x328/0x630 [ 19.626720] ret_from_fork+0x10/0x20 [ 19.626758] [ 19.626780] The buggy address belongs to the object at fff00000c7897b00 [ 19.626780] which belongs to the cache kmalloc-128 of size 128 [ 19.626850] The buggy address is located 0 bytes inside of [ 19.626850] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.626916] [ 19.626937] The buggy address belongs to the physical page: [ 19.626969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.627025] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.627083] page_type: f5(slab) [ 19.627131] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.627377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.627676] page dumped because: kasan: bad access detected [ 19.627763] [ 19.627830] Memory state around the buggy address: [ 19.627869] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.627917] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.627963] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.628005] ^ [ 19.628050] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.628096] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.628138] ================================================================== [ 19.650124] ================================================================== [ 19.650189] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.650238] Read of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.650291] [ 19.650454] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.650713] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.650750] Hardware name: linux,dummy-virt (DT) [ 19.650808] Call trace: [ 19.650899] show_stack+0x20/0x38 (C) [ 19.651097] dump_stack_lvl+0x8c/0xd0 [ 19.651183] print_report+0x118/0x5d0 [ 19.651322] kasan_report+0xdc/0x128 [ 19.651418] kasan_check_range+0x100/0x1a8 [ 19.651469] __kasan_check_read+0x20/0x30 [ 19.651534] copy_user_test_oob+0x4a0/0xec8 [ 19.651584] kunit_try_run_case+0x170/0x3f0 [ 19.651748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.651813] kthread+0x328/0x630 [ 19.651892] ret_from_fork+0x10/0x20 [ 19.652042] [ 19.652109] Allocated by task 285: [ 19.652238] kasan_save_stack+0x3c/0x68 [ 19.652321] kasan_save_track+0x20/0x40 [ 19.652558] kasan_save_alloc_info+0x40/0x58 [ 19.652680] __kasan_kmalloc+0xd4/0xd8 [ 19.652797] __kmalloc_noprof+0x198/0x4c8 [ 19.652944] kunit_kmalloc_array+0x34/0x88 [ 19.653071] copy_user_test_oob+0xac/0xec8 [ 19.653214] kunit_try_run_case+0x170/0x3f0 [ 19.653256] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.653311] kthread+0x328/0x630 [ 19.653347] ret_from_fork+0x10/0x20 [ 19.653385] [ 19.653417] The buggy address belongs to the object at fff00000c7897b00 [ 19.653417] which belongs to the cache kmalloc-128 of size 128 [ 19.653479] The buggy address is located 0 bytes inside of [ 19.653479] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.653581] [ 19.653613] The buggy address belongs to the physical page: [ 19.653660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.653717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.653778] page_type: f5(slab) [ 19.653833] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.653896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.653953] page dumped because: kasan: bad access detected [ 19.653995] [ 19.654016] Memory state around the buggy address: [ 19.654051] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.654097] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.654142] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.654668] ^ [ 19.654850] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.655023] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.655133] ================================================================== [ 19.640013] ================================================================== [ 19.640067] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.640511] Read of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.640591] [ 19.640625] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.640830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.640937] Hardware name: linux,dummy-virt (DT) [ 19.640972] Call trace: [ 19.640996] show_stack+0x20/0x38 (C) [ 19.641046] dump_stack_lvl+0x8c/0xd0 [ 19.641094] print_report+0x118/0x5d0 [ 19.641154] kasan_report+0xdc/0x128 [ 19.641213] kasan_check_range+0x100/0x1a8 [ 19.641264] __kasan_check_read+0x20/0x30 [ 19.641308] copy_user_test_oob+0x3c8/0xec8 [ 19.641358] kunit_try_run_case+0x170/0x3f0 [ 19.641406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.641459] kthread+0x328/0x630 [ 19.641503] ret_from_fork+0x10/0x20 [ 19.641551] [ 19.641571] Allocated by task 285: [ 19.641601] kasan_save_stack+0x3c/0x68 [ 19.641642] kasan_save_track+0x20/0x40 [ 19.641681] kasan_save_alloc_info+0x40/0x58 [ 19.641735] __kasan_kmalloc+0xd4/0xd8 [ 19.641776] __kmalloc_noprof+0x198/0x4c8 [ 19.641815] kunit_kmalloc_array+0x34/0x88 [ 19.641871] copy_user_test_oob+0xac/0xec8 [ 19.641912] kunit_try_run_case+0x170/0x3f0 [ 19.641956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.642282] kthread+0x328/0x630 [ 19.642320] ret_from_fork+0x10/0x20 [ 19.642574] [ 19.642664] The buggy address belongs to the object at fff00000c7897b00 [ 19.642664] which belongs to the cache kmalloc-128 of size 128 [ 19.642772] The buggy address is located 0 bytes inside of [ 19.642772] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.642887] [ 19.642937] The buggy address belongs to the physical page: [ 19.642976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.643040] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.643121] page_type: f5(slab) [ 19.643198] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.643260] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.643304] page dumped because: kasan: bad access detected [ 19.643358] [ 19.643452] Memory state around the buggy address: [ 19.643488] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.643577] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.643624] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.643665] ^ [ 19.643710] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.643755] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.643933] ================================================================== [ 19.615091] ================================================================== [ 19.615262] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.615383] Write of size 121 at addr fff00000c7897b00 by task kunit_try_catch/285 [ 19.615440] [ 19.615505] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.615639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.615670] Hardware name: linux,dummy-virt (DT) [ 19.615864] Call trace: [ 19.615897] show_stack+0x20/0x38 (C) [ 19.616057] dump_stack_lvl+0x8c/0xd0 [ 19.616210] print_report+0x118/0x5d0 [ 19.616281] kasan_report+0xdc/0x128 [ 19.616360] kasan_check_range+0x100/0x1a8 [ 19.616458] __kasan_check_write+0x20/0x30 [ 19.616633] copy_user_test_oob+0x234/0xec8 [ 19.616704] kunit_try_run_case+0x170/0x3f0 [ 19.616757] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.616812] kthread+0x328/0x630 [ 19.616855] ret_from_fork+0x10/0x20 [ 19.616906] [ 19.617145] Allocated by task 285: [ 19.617198] kasan_save_stack+0x3c/0x68 [ 19.617277] kasan_save_track+0x20/0x40 [ 19.617317] kasan_save_alloc_info+0x40/0x58 [ 19.617361] __kasan_kmalloc+0xd4/0xd8 [ 19.617399] __kmalloc_noprof+0x198/0x4c8 [ 19.617462] kunit_kmalloc_array+0x34/0x88 [ 19.617628] copy_user_test_oob+0xac/0xec8 [ 19.617697] kunit_try_run_case+0x170/0x3f0 [ 19.617800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.617959] kthread+0x328/0x630 [ 19.618100] ret_from_fork+0x10/0x20 [ 19.618203] [ 19.618235] The buggy address belongs to the object at fff00000c7897b00 [ 19.618235] which belongs to the cache kmalloc-128 of size 128 [ 19.618308] The buggy address is located 0 bytes inside of [ 19.618308] allocated 120-byte region [fff00000c7897b00, fff00000c7897b78) [ 19.618405] [ 19.618448] The buggy address belongs to the physical page: [ 19.618484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897 [ 19.618573] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.618791] page_type: f5(slab) [ 19.618889] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.618944] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.619005] page dumped because: kasan: bad access detected [ 19.619040] [ 19.619060] Memory state around the buggy address: [ 19.619315] fff00000c7897a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.619406] fff00000c7897a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.619493] >fff00000c7897b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.619543] ^ [ 19.619598] fff00000c7897b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.619672] fff00000c7897c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.619769] ==================================================================
[ 16.869527] ================================================================== [ 16.869874] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.870207] Read of size 121 at addr ffff888103a67500 by task kunit_try_catch/302 [ 16.870890] [ 16.871001] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.871045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.871058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.871080] Call Trace: [ 16.871096] <TASK> [ 16.871111] dump_stack_lvl+0x73/0xb0 [ 16.871140] print_report+0xd1/0x610 [ 16.871163] ? __virt_addr_valid+0x1db/0x2d0 [ 16.871187] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.871212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.871237] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.871276] kasan_report+0x141/0x180 [ 16.871300] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.871329] kasan_check_range+0x10c/0x1c0 [ 16.871354] __kasan_check_read+0x15/0x20 [ 16.871375] copy_user_test_oob+0x4aa/0x10f0 [ 16.871402] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.871427] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.871459] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.871488] kunit_try_run_case+0x1a5/0x480 [ 16.871513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.871538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.871563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.871588] ? __kthread_parkme+0x82/0x180 [ 16.871609] ? preempt_count_sub+0x50/0x80 [ 16.871646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.871672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.871710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.871737] kthread+0x337/0x6f0 [ 16.871758] ? trace_preempt_on+0x20/0xc0 [ 16.871782] ? __pfx_kthread+0x10/0x10 [ 16.871804] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.871827] ? calculate_sigpending+0x7b/0xa0 [ 16.871853] ? __pfx_kthread+0x10/0x10 [ 16.871876] ret_from_fork+0x116/0x1d0 [ 16.871896] ? __pfx_kthread+0x10/0x10 [ 16.871918] ret_from_fork_asm+0x1a/0x30 [ 16.871950] </TASK> [ 16.871960] [ 16.878747] Allocated by task 302: [ 16.878917] kasan_save_stack+0x45/0x70 [ 16.879135] kasan_save_track+0x18/0x40 [ 16.879338] kasan_save_alloc_info+0x3b/0x50 [ 16.879522] __kasan_kmalloc+0xb7/0xc0 [ 16.879657] __kmalloc_noprof+0x1c9/0x500 [ 16.879801] kunit_kmalloc_array+0x25/0x60 [ 16.879986] copy_user_test_oob+0xab/0x10f0 [ 16.880209] kunit_try_run_case+0x1a5/0x480 [ 16.880427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.880679] kthread+0x337/0x6f0 [ 16.880846] ret_from_fork+0x116/0x1d0 [ 16.881008] ret_from_fork_asm+0x1a/0x30 [ 16.881149] [ 16.881239] The buggy address belongs to the object at ffff888103a67500 [ 16.881239] which belongs to the cache kmalloc-128 of size 128 [ 16.881815] The buggy address is located 0 bytes inside of [ 16.881815] allocated 120-byte region [ffff888103a67500, ffff888103a67578) [ 16.882330] [ 16.882429] The buggy address belongs to the physical page: [ 16.882648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.882997] flags: 0x200000000000000(node=0|zone=2) [ 16.883224] page_type: f5(slab) [ 16.883353] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.883587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.883815] page dumped because: kasan: bad access detected [ 16.884089] [ 16.884183] Memory state around the buggy address: [ 16.884412] ffff888103a67400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.884731] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.885053] >ffff888103a67500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.885354] ^ [ 16.885578] ffff888103a67580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.885794] ffff888103a67600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.886031] ================================================================== [ 16.886946] ================================================================== [ 16.887471] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.887815] Write of size 121 at addr ffff888103a67500 by task kunit_try_catch/302 [ 16.888189] [ 16.888311] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.888354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.888367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.888388] Call Trace: [ 16.888403] <TASK> [ 16.888417] dump_stack_lvl+0x73/0xb0 [ 16.888445] print_report+0xd1/0x610 [ 16.888468] ? __virt_addr_valid+0x1db/0x2d0 [ 16.888493] ? copy_user_test_oob+0x557/0x10f0 [ 16.888518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.888543] ? copy_user_test_oob+0x557/0x10f0 [ 16.888567] kasan_report+0x141/0x180 [ 16.888591] ? copy_user_test_oob+0x557/0x10f0 [ 16.888632] kasan_check_range+0x10c/0x1c0 [ 16.888657] __kasan_check_write+0x18/0x20 [ 16.888689] copy_user_test_oob+0x557/0x10f0 [ 16.888717] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.888742] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.888773] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.888803] kunit_try_run_case+0x1a5/0x480 [ 16.888828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.888853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.888878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.888904] ? __kthread_parkme+0x82/0x180 [ 16.888925] ? preempt_count_sub+0x50/0x80 [ 16.888950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.888976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.889002] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.889030] kthread+0x337/0x6f0 [ 16.889049] ? trace_preempt_on+0x20/0xc0 [ 16.889074] ? __pfx_kthread+0x10/0x10 [ 16.889106] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.889130] ? calculate_sigpending+0x7b/0xa0 [ 16.889156] ? __pfx_kthread+0x10/0x10 [ 16.889189] ret_from_fork+0x116/0x1d0 [ 16.889209] ? __pfx_kthread+0x10/0x10 [ 16.889231] ret_from_fork_asm+0x1a/0x30 [ 16.889282] </TASK> [ 16.889292] [ 16.896125] Allocated by task 302: [ 16.896320] kasan_save_stack+0x45/0x70 [ 16.896510] kasan_save_track+0x18/0x40 [ 16.896707] kasan_save_alloc_info+0x3b/0x50 [ 16.896892] __kasan_kmalloc+0xb7/0xc0 [ 16.897089] __kmalloc_noprof+0x1c9/0x500 [ 16.897231] kunit_kmalloc_array+0x25/0x60 [ 16.897387] copy_user_test_oob+0xab/0x10f0 [ 16.897615] kunit_try_run_case+0x1a5/0x480 [ 16.897824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.898078] kthread+0x337/0x6f0 [ 16.898237] ret_from_fork+0x116/0x1d0 [ 16.898380] ret_from_fork_asm+0x1a/0x30 [ 16.898570] [ 16.898664] The buggy address belongs to the object at ffff888103a67500 [ 16.898664] which belongs to the cache kmalloc-128 of size 128 [ 16.899211] The buggy address is located 0 bytes inside of [ 16.899211] allocated 120-byte region [ffff888103a67500, ffff888103a67578) [ 16.899728] [ 16.899814] The buggy address belongs to the physical page: [ 16.900059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.900401] flags: 0x200000000000000(node=0|zone=2) [ 16.900642] page_type: f5(slab) [ 16.900805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.901134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.901460] page dumped because: kasan: bad access detected [ 16.901695] [ 16.901766] Memory state around the buggy address: [ 16.901923] ffff888103a67400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.902139] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.902410] >ffff888103a67500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.902752] ^ [ 16.903066] ffff888103a67580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.903387] ffff888103a67600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.903698] ================================================================== [ 16.904122] ================================================================== [ 16.904477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.904915] Read of size 121 at addr ffff888103a67500 by task kunit_try_catch/302 [ 16.905360] [ 16.905494] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.905546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.905559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.905581] Call Trace: [ 16.905594] <TASK> [ 16.905608] dump_stack_lvl+0x73/0xb0 [ 16.905649] print_report+0xd1/0x610 [ 16.905671] ? __virt_addr_valid+0x1db/0x2d0 [ 16.905695] ? copy_user_test_oob+0x604/0x10f0 [ 16.905720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.905745] ? copy_user_test_oob+0x604/0x10f0 [ 16.905770] kasan_report+0x141/0x180 [ 16.905793] ? copy_user_test_oob+0x604/0x10f0 [ 16.905823] kasan_check_range+0x10c/0x1c0 [ 16.905847] __kasan_check_read+0x15/0x20 [ 16.905868] copy_user_test_oob+0x604/0x10f0 [ 16.905905] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.905929] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.905971] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.906001] kunit_try_run_case+0x1a5/0x480 [ 16.906026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.906051] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.906075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.906101] ? __kthread_parkme+0x82/0x180 [ 16.906123] ? preempt_count_sub+0x50/0x80 [ 16.906147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.906173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.906199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.906226] kthread+0x337/0x6f0 [ 16.906247] ? trace_preempt_on+0x20/0xc0 [ 16.906290] ? __pfx_kthread+0x10/0x10 [ 16.906313] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.906337] ? calculate_sigpending+0x7b/0xa0 [ 16.906373] ? __pfx_kthread+0x10/0x10 [ 16.906396] ret_from_fork+0x116/0x1d0 [ 16.906416] ? __pfx_kthread+0x10/0x10 [ 16.906438] ret_from_fork_asm+0x1a/0x30 [ 16.906478] </TASK> [ 16.906488] [ 16.913074] Allocated by task 302: [ 16.913254] kasan_save_stack+0x45/0x70 [ 16.913494] kasan_save_track+0x18/0x40 [ 16.913686] kasan_save_alloc_info+0x3b/0x50 [ 16.913917] __kasan_kmalloc+0xb7/0xc0 [ 16.914114] __kmalloc_noprof+0x1c9/0x500 [ 16.914311] kunit_kmalloc_array+0x25/0x60 [ 16.914516] copy_user_test_oob+0xab/0x10f0 [ 16.914710] kunit_try_run_case+0x1a5/0x480 [ 16.914859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.915037] kthread+0x337/0x6f0 [ 16.915158] ret_from_fork+0x116/0x1d0 [ 16.915312] ret_from_fork_asm+0x1a/0x30 [ 16.915509] [ 16.915628] The buggy address belongs to the object at ffff888103a67500 [ 16.915628] which belongs to the cache kmalloc-128 of size 128 [ 16.916254] The buggy address is located 0 bytes inside of [ 16.916254] allocated 120-byte region [ffff888103a67500, ffff888103a67578) [ 16.916773] [ 16.916845] The buggy address belongs to the physical page: [ 16.917018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.917416] flags: 0x200000000000000(node=0|zone=2) [ 16.917648] page_type: f5(slab) [ 16.917828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.918156] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.918486] page dumped because: kasan: bad access detected [ 16.918723] [ 16.918840] Memory state around the buggy address: [ 16.919044] ffff888103a67400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.919355] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.919645] >ffff888103a67500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.919986] ^ [ 16.920288] ffff888103a67580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.920553] ffff888103a67600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.920779] ================================================================== [ 16.852297] ================================================================== [ 16.852617] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.852954] Write of size 121 at addr ffff888103a67500 by task kunit_try_catch/302 [ 16.853344] [ 16.853484] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.853529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.853542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.853563] Call Trace: [ 16.853576] <TASK> [ 16.853591] dump_stack_lvl+0x73/0xb0 [ 16.853632] print_report+0xd1/0x610 [ 16.853655] ? __virt_addr_valid+0x1db/0x2d0 [ 16.853679] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.853715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.853740] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.853766] kasan_report+0x141/0x180 [ 16.853789] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.853818] kasan_check_range+0x10c/0x1c0 [ 16.853843] __kasan_check_write+0x18/0x20 [ 16.853874] copy_user_test_oob+0x3fd/0x10f0 [ 16.853901] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.853925] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.853971] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.854001] kunit_try_run_case+0x1a5/0x480 [ 16.854037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.854061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.854087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.854112] ? __kthread_parkme+0x82/0x180 [ 16.854134] ? preempt_count_sub+0x50/0x80 [ 16.854159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.854185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.854212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.854239] kthread+0x337/0x6f0 [ 16.854259] ? trace_preempt_on+0x20/0xc0 [ 16.854293] ? __pfx_kthread+0x10/0x10 [ 16.854316] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.854339] ? calculate_sigpending+0x7b/0xa0 [ 16.854365] ? __pfx_kthread+0x10/0x10 [ 16.854388] ret_from_fork+0x116/0x1d0 [ 16.854408] ? __pfx_kthread+0x10/0x10 [ 16.854431] ret_from_fork_asm+0x1a/0x30 [ 16.854463] </TASK> [ 16.854474] [ 16.861296] Allocated by task 302: [ 16.861506] kasan_save_stack+0x45/0x70 [ 16.861709] kasan_save_track+0x18/0x40 [ 16.861894] kasan_save_alloc_info+0x3b/0x50 [ 16.862090] __kasan_kmalloc+0xb7/0xc0 [ 16.862293] __kmalloc_noprof+0x1c9/0x500 [ 16.862496] kunit_kmalloc_array+0x25/0x60 [ 16.862676] copy_user_test_oob+0xab/0x10f0 [ 16.862905] kunit_try_run_case+0x1a5/0x480 [ 16.863126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.863380] kthread+0x337/0x6f0 [ 16.863547] ret_from_fork+0x116/0x1d0 [ 16.863747] ret_from_fork_asm+0x1a/0x30 [ 16.863921] [ 16.864028] The buggy address belongs to the object at ffff888103a67500 [ 16.864028] which belongs to the cache kmalloc-128 of size 128 [ 16.864533] The buggy address is located 0 bytes inside of [ 16.864533] allocated 120-byte region [ffff888103a67500, ffff888103a67578) [ 16.864989] [ 16.865064] The buggy address belongs to the physical page: [ 16.865237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 16.865530] flags: 0x200000000000000(node=0|zone=2) [ 16.865772] page_type: f5(slab) [ 16.865950] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.866298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.866627] page dumped because: kasan: bad access detected [ 16.866804] [ 16.866872] Memory state around the buggy address: [ 16.867028] ffff888103a67400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.867299] ffff888103a67480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.867632] >ffff888103a67500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.867989] ^ [ 16.868338] ffff888103a67580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868664] ffff888103a67600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868961] ==================================================================