Date
July 9, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.687492] ================================================================== [ 19.687546] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.687812] Read of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.687969] [ 19.688003] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.688086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.688136] Hardware name: linux,dummy-virt (DT) [ 19.688169] Call trace: [ 19.688400] show_stack+0x20/0x38 (C) [ 19.688582] dump_stack_lvl+0x8c/0xd0 [ 19.688631] print_report+0x118/0x608 [ 19.688749] kasan_report+0xdc/0x128 [ 19.688796] kasan_check_range+0x100/0x1a8 [ 19.688847] __kasan_check_read+0x20/0x30 [ 19.688891] copy_user_test_oob+0x4a0/0xec8 [ 19.688940] kunit_try_run_case+0x170/0x3f0 [ 19.689204] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.689284] kthread+0x328/0x630 [ 19.689330] ret_from_fork+0x10/0x20 [ 19.689390] [ 19.689486] Allocated by task 285: [ 19.689901] kasan_save_stack+0x3c/0x68 [ 19.689960] kasan_save_track+0x20/0x40 [ 19.690126] kasan_save_alloc_info+0x40/0x58 [ 19.690170] __kasan_kmalloc+0xd4/0xd8 [ 19.690208] __kmalloc_noprof+0x198/0x4c8 [ 19.690249] kunit_kmalloc_array+0x34/0x88 [ 19.690287] copy_user_test_oob+0xac/0xec8 [ 19.690492] kunit_try_run_case+0x170/0x3f0 [ 19.690590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.690766] kthread+0x328/0x630 [ 19.690803] ret_from_fork+0x10/0x20 [ 19.690840] [ 19.690896] The buggy address belongs to the object at fff00000c76aff00 [ 19.690896] which belongs to the cache kmalloc-128 of size 128 [ 19.690960] The buggy address is located 0 bytes inside of [ 19.690960] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.691024] [ 19.691364] The buggy address belongs to the physical page: [ 19.691717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.691801] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.691951] page_type: f5(slab) [ 19.691992] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.692045] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.692484] page dumped because: kasan: bad access detected [ 19.692527] [ 19.692547] Memory state around the buggy address: [ 19.692588] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.692895] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.693026] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.693101] ^ [ 19.693406] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.693618] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.693895] ================================================================== [ 19.674824] ================================================================== [ 19.674878] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.675201] Read of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.675466] [ 19.675629] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.675953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.676204] Hardware name: linux,dummy-virt (DT) [ 19.676242] Call trace: [ 19.676266] show_stack+0x20/0x38 (C) [ 19.676319] dump_stack_lvl+0x8c/0xd0 [ 19.676373] print_report+0x118/0x608 [ 19.676495] kasan_report+0xdc/0x128 [ 19.676808] kasan_check_range+0x100/0x1a8 [ 19.676861] __kasan_check_read+0x20/0x30 [ 19.676908] copy_user_test_oob+0x3c8/0xec8 [ 19.676957] kunit_try_run_case+0x170/0x3f0 [ 19.677338] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.677432] kthread+0x328/0x630 [ 19.677477] ret_from_fork+0x10/0x20 [ 19.677536] [ 19.677781] Allocated by task 285: [ 19.677831] kasan_save_stack+0x3c/0x68 [ 19.677909] kasan_save_track+0x20/0x40 [ 19.677992] kasan_save_alloc_info+0x40/0x58 [ 19.678192] __kasan_kmalloc+0xd4/0xd8 [ 19.678233] __kmalloc_noprof+0x198/0x4c8 [ 19.678274] kunit_kmalloc_array+0x34/0x88 [ 19.678312] copy_user_test_oob+0xac/0xec8 [ 19.678352] kunit_try_run_case+0x170/0x3f0 [ 19.678393] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.678440] kthread+0x328/0x630 [ 19.678485] ret_from_fork+0x10/0x20 [ 19.678522] [ 19.678617] The buggy address belongs to the object at fff00000c76aff00 [ 19.678617] which belongs to the cache kmalloc-128 of size 128 [ 19.679165] The buggy address is located 0 bytes inside of [ 19.679165] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.679400] [ 19.679431] The buggy address belongs to the physical page: [ 19.679610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.679710] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.679759] page_type: f5(slab) [ 19.679798] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.679886] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.680250] page dumped because: kasan: bad access detected [ 19.680290] [ 19.680421] Memory state around the buggy address: [ 19.680482] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.680529] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.680574] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.680721] ^ [ 19.680770] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.680818] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.680875] ================================================================== [ 19.638505] ================================================================== [ 19.638617] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.638710] Write of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.638766] [ 19.638815] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.638906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.638936] Hardware name: linux,dummy-virt (DT) [ 19.638974] Call trace: [ 19.639000] show_stack+0x20/0x38 (C) [ 19.639056] dump_stack_lvl+0x8c/0xd0 [ 19.639110] print_report+0x118/0x608 [ 19.639184] kasan_report+0xdc/0x128 [ 19.639424] kasan_check_range+0x100/0x1a8 [ 19.639604] __kasan_check_write+0x20/0x30 [ 19.639896] copy_user_test_oob+0x234/0xec8 [ 19.639951] kunit_try_run_case+0x170/0x3f0 [ 19.640011] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.640456] kthread+0x328/0x630 [ 19.640506] ret_from_fork+0x10/0x20 [ 19.640565] [ 19.640636] Allocated by task 285: [ 19.640744] kasan_save_stack+0x3c/0x68 [ 19.640791] kasan_save_track+0x20/0x40 [ 19.640832] kasan_save_alloc_info+0x40/0x58 [ 19.640873] __kasan_kmalloc+0xd4/0xd8 [ 19.640913] __kmalloc_noprof+0x198/0x4c8 [ 19.640991] kunit_kmalloc_array+0x34/0x88 [ 19.641050] copy_user_test_oob+0xac/0xec8 [ 19.641151] kunit_try_run_case+0x170/0x3f0 [ 19.641189] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.641234] kthread+0x328/0x630 [ 19.641495] ret_from_fork+0x10/0x20 [ 19.641637] [ 19.641684] The buggy address belongs to the object at fff00000c76aff00 [ 19.641684] which belongs to the cache kmalloc-128 of size 128 [ 19.641748] The buggy address is located 0 bytes inside of [ 19.641748] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.642047] [ 19.642111] The buggy address belongs to the physical page: [ 19.642158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.642238] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.642523] page_type: f5(slab) [ 19.642702] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.642792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.642860] page dumped because: kasan: bad access detected [ 19.642957] [ 19.642977] Memory state around the buggy address: [ 19.643015] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.643326] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.643910] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.644213] ^ [ 19.644267] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.644338] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.644381] ================================================================== [ 19.681918] ================================================================== [ 19.681973] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.682023] Write of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.682076] [ 19.682204] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.682467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.682497] Hardware name: linux,dummy-virt (DT) [ 19.682528] Call trace: [ 19.682552] show_stack+0x20/0x38 (C) [ 19.683046] dump_stack_lvl+0x8c/0xd0 [ 19.683358] print_report+0x118/0x608 [ 19.683409] kasan_report+0xdc/0x128 [ 19.683481] kasan_check_range+0x100/0x1a8 [ 19.683749] __kasan_check_write+0x20/0x30 [ 19.683799] copy_user_test_oob+0x434/0xec8 [ 19.683851] kunit_try_run_case+0x170/0x3f0 [ 19.683898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.683952] kthread+0x328/0x630 [ 19.683994] ret_from_fork+0x10/0x20 [ 19.684044] [ 19.684065] Allocated by task 285: [ 19.684096] kasan_save_stack+0x3c/0x68 [ 19.684150] kasan_save_track+0x20/0x40 [ 19.684190] kasan_save_alloc_info+0x40/0x58 [ 19.684232] __kasan_kmalloc+0xd4/0xd8 [ 19.684272] __kmalloc_noprof+0x198/0x4c8 [ 19.684311] kunit_kmalloc_array+0x34/0x88 [ 19.684351] copy_user_test_oob+0xac/0xec8 [ 19.684391] kunit_try_run_case+0x170/0x3f0 [ 19.684750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.685015] kthread+0x328/0x630 [ 19.685111] ret_from_fork+0x10/0x20 [ 19.685163] [ 19.685194] The buggy address belongs to the object at fff00000c76aff00 [ 19.685194] which belongs to the cache kmalloc-128 of size 128 [ 19.685326] The buggy address is located 0 bytes inside of [ 19.685326] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.685471] [ 19.685529] The buggy address belongs to the physical page: [ 19.685562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.685613] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.685662] page_type: f5(slab) [ 19.685726] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.685781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.685948] page dumped because: kasan: bad access detected [ 19.686132] [ 19.686232] Memory state around the buggy address: [ 19.686357] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.686404] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.686449] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.686490] ^ [ 19.686589] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.686766] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.686809] ================================================================== [ 19.667938] ================================================================== [ 19.668000] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.668055] Write of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.668147] [ 19.668188] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.668817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.668849] Hardware name: linux,dummy-virt (DT) [ 19.668882] Call trace: [ 19.668908] show_stack+0x20/0x38 (C) [ 19.669073] dump_stack_lvl+0x8c/0xd0 [ 19.669137] print_report+0x118/0x608 [ 19.669234] kasan_report+0xdc/0x128 [ 19.669315] kasan_check_range+0x100/0x1a8 [ 19.669372] __kasan_check_write+0x20/0x30 [ 19.669566] copy_user_test_oob+0x35c/0xec8 [ 19.669615] kunit_try_run_case+0x170/0x3f0 [ 19.669708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.669763] kthread+0x328/0x630 [ 19.669812] ret_from_fork+0x10/0x20 [ 19.670048] [ 19.670069] Allocated by task 285: [ 19.670099] kasan_save_stack+0x3c/0x68 [ 19.670230] kasan_save_track+0x20/0x40 [ 19.670319] kasan_save_alloc_info+0x40/0x58 [ 19.670363] __kasan_kmalloc+0xd4/0xd8 [ 19.670402] __kmalloc_noprof+0x198/0x4c8 [ 19.670447] kunit_kmalloc_array+0x34/0x88 [ 19.670644] copy_user_test_oob+0xac/0xec8 [ 19.670737] kunit_try_run_case+0x170/0x3f0 [ 19.670810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.670860] kthread+0x328/0x630 [ 19.670989] ret_from_fork+0x10/0x20 [ 19.671050] [ 19.671072] The buggy address belongs to the object at fff00000c76aff00 [ 19.671072] which belongs to the cache kmalloc-128 of size 128 [ 19.671513] The buggy address is located 0 bytes inside of [ 19.671513] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.671640] [ 19.671671] The buggy address belongs to the physical page: [ 19.671705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.671769] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.672381] page_type: f5(slab) [ 19.672754] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.672822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.672866] page dumped because: kasan: bad access detected [ 19.672901] [ 19.672934] Memory state around the buggy address: [ 19.672970] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.673293] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.673346] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.673387] ^ [ 19.673431] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.673679] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.673762] ================================================================== [ 19.655088] ================================================================== [ 19.655452] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.655589] Read of size 121 at addr fff00000c76aff00 by task kunit_try_catch/285 [ 19.655731] [ 19.655809] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.656296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.656395] Hardware name: linux,dummy-virt (DT) [ 19.656490] Call trace: [ 19.656516] show_stack+0x20/0x38 (C) [ 19.656609] dump_stack_lvl+0x8c/0xd0 [ 19.656663] print_report+0x118/0x608 [ 19.656866] kasan_report+0xdc/0x128 [ 19.656932] kasan_check_range+0x100/0x1a8 [ 19.656981] __kasan_check_read+0x20/0x30 [ 19.657028] copy_user_test_oob+0x728/0xec8 [ 19.657075] kunit_try_run_case+0x170/0x3f0 [ 19.657136] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.657192] kthread+0x328/0x630 [ 19.657234] ret_from_fork+0x10/0x20 [ 19.657285] [ 19.657317] Allocated by task 285: [ 19.657349] kasan_save_stack+0x3c/0x68 [ 19.657569] kasan_save_track+0x20/0x40 [ 19.657651] kasan_save_alloc_info+0x40/0x58 [ 19.657920] __kasan_kmalloc+0xd4/0xd8 [ 19.658047] __kmalloc_noprof+0x198/0x4c8 [ 19.658219] kunit_kmalloc_array+0x34/0x88 [ 19.658258] copy_user_test_oob+0xac/0xec8 [ 19.658442] kunit_try_run_case+0x170/0x3f0 [ 19.658626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.658671] kthread+0x328/0x630 [ 19.658708] ret_from_fork+0x10/0x20 [ 19.658746] [ 19.658769] The buggy address belongs to the object at fff00000c76aff00 [ 19.658769] which belongs to the cache kmalloc-128 of size 128 [ 19.658831] The buggy address is located 0 bytes inside of [ 19.658831] allocated 120-byte region [fff00000c76aff00, fff00000c76aff78) [ 19.658895] [ 19.658949] The buggy address belongs to the physical page: [ 19.658991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af [ 19.659429] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.659799] page_type: f5(slab) [ 19.660029] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.660148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.660202] page dumped because: kasan: bad access detected [ 19.660331] [ 19.660351] Memory state around the buggy address: [ 19.660387] fff00000c76afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.660433] fff00000c76afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.660478] >fff00000c76aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.660545] ^ [ 19.660626] fff00000c76aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.660674] fff00000c76b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.660716] ==================================================================
[ 16.642934] ================================================================== [ 16.643626] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.643954] Read of size 121 at addr ffff8881031fd400 by task kunit_try_catch/302 [ 16.644258] [ 16.644392] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.644432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.644444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.644465] Call Trace: [ 16.644478] <TASK> [ 16.644492] dump_stack_lvl+0x73/0xb0 [ 16.644532] print_report+0xd1/0x650 [ 16.644555] ? __virt_addr_valid+0x1db/0x2d0 [ 16.644578] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.644614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.644639] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.644664] kasan_report+0x141/0x180 [ 16.644687] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.644735] kasan_check_range+0x10c/0x1c0 [ 16.644760] __kasan_check_read+0x15/0x20 [ 16.644781] copy_user_test_oob+0x4aa/0x10f0 [ 16.644817] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.644841] ? finish_task_switch.isra.0+0x153/0x700 [ 16.644865] ? __switch_to+0x47/0xf50 [ 16.644891] ? __schedule+0x10cc/0x2b60 [ 16.644922] ? __pfx_read_tsc+0x10/0x10 [ 16.644944] ? ktime_get_ts64+0x86/0x230 [ 16.644968] kunit_try_run_case+0x1a5/0x480 [ 16.645005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.645030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.645067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.645101] ? __kthread_parkme+0x82/0x180 [ 16.645123] ? preempt_count_sub+0x50/0x80 [ 16.645148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.645184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.645210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.645237] kthread+0x337/0x6f0 [ 16.645256] ? trace_preempt_on+0x20/0xc0 [ 16.645280] ? __pfx_kthread+0x10/0x10 [ 16.645301] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.645324] ? calculate_sigpending+0x7b/0xa0 [ 16.645350] ? __pfx_kthread+0x10/0x10 [ 16.645372] ret_from_fork+0x116/0x1d0 [ 16.645392] ? __pfx_kthread+0x10/0x10 [ 16.645422] ret_from_fork_asm+0x1a/0x30 [ 16.645454] </TASK> [ 16.645464] [ 16.652918] Allocated by task 302: [ 16.653047] kasan_save_stack+0x45/0x70 [ 16.653191] kasan_save_track+0x18/0x40 [ 16.653366] kasan_save_alloc_info+0x3b/0x50 [ 16.653618] __kasan_kmalloc+0xb7/0xc0 [ 16.653830] __kmalloc_noprof+0x1c9/0x500 [ 16.654036] kunit_kmalloc_array+0x25/0x60 [ 16.654318] copy_user_test_oob+0xab/0x10f0 [ 16.654496] kunit_try_run_case+0x1a5/0x480 [ 16.654643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.654830] kthread+0x337/0x6f0 [ 16.654950] ret_from_fork+0x116/0x1d0 [ 16.655247] ret_from_fork_asm+0x1a/0x30 [ 16.655445] [ 16.655539] The buggy address belongs to the object at ffff8881031fd400 [ 16.655539] which belongs to the cache kmalloc-128 of size 128 [ 16.656242] The buggy address is located 0 bytes inside of [ 16.656242] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.656733] [ 16.656830] The buggy address belongs to the physical page: [ 16.657143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.657384] flags: 0x200000000000000(node=0|zone=2) [ 16.657546] page_type: f5(slab) [ 16.657667] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.657909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.658288] page dumped because: kasan: bad access detected [ 16.658537] [ 16.658628] Memory state around the buggy address: [ 16.658858] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.659344] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.659628] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.659928] ^ [ 16.660257] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.660479] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.660693] ================================================================== [ 16.625117] ================================================================== [ 16.625461] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.625798] Write of size 121 at addr ffff8881031fd400 by task kunit_try_catch/302 [ 16.626111] [ 16.626238] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.626281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.626294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.626316] Call Trace: [ 16.626330] <TASK> [ 16.626347] dump_stack_lvl+0x73/0xb0 [ 16.626390] print_report+0xd1/0x650 [ 16.626414] ? __virt_addr_valid+0x1db/0x2d0 [ 16.626451] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.626476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.626502] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.626538] kasan_report+0x141/0x180 [ 16.626560] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.626590] kasan_check_range+0x10c/0x1c0 [ 16.626616] __kasan_check_write+0x18/0x20 [ 16.626637] copy_user_test_oob+0x3fd/0x10f0 [ 16.626664] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.626696] ? finish_task_switch.isra.0+0x153/0x700 [ 16.626739] ? __switch_to+0x47/0xf50 [ 16.626765] ? __schedule+0x10cc/0x2b60 [ 16.626801] ? __pfx_read_tsc+0x10/0x10 [ 16.626823] ? ktime_get_ts64+0x86/0x230 [ 16.626848] kunit_try_run_case+0x1a5/0x480 [ 16.626883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.626908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.626934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.626959] ? __kthread_parkme+0x82/0x180 [ 16.626981] ? preempt_count_sub+0x50/0x80 [ 16.627006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.627032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.627067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.627094] kthread+0x337/0x6f0 [ 16.627114] ? trace_preempt_on+0x20/0xc0 [ 16.627139] ? __pfx_kthread+0x10/0x10 [ 16.627160] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.627183] ? calculate_sigpending+0x7b/0xa0 [ 16.627209] ? __pfx_kthread+0x10/0x10 [ 16.627231] ret_from_fork+0x116/0x1d0 [ 16.627251] ? __pfx_kthread+0x10/0x10 [ 16.627273] ret_from_fork_asm+0x1a/0x30 [ 16.627305] </TASK> [ 16.627316] [ 16.634757] Allocated by task 302: [ 16.634932] kasan_save_stack+0x45/0x70 [ 16.635157] kasan_save_track+0x18/0x40 [ 16.635295] kasan_save_alloc_info+0x3b/0x50 [ 16.635466] __kasan_kmalloc+0xb7/0xc0 [ 16.635668] __kmalloc_noprof+0x1c9/0x500 [ 16.635887] kunit_kmalloc_array+0x25/0x60 [ 16.636142] copy_user_test_oob+0xab/0x10f0 [ 16.636322] kunit_try_run_case+0x1a5/0x480 [ 16.636528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.636778] kthread+0x337/0x6f0 [ 16.636900] ret_from_fork+0x116/0x1d0 [ 16.637112] ret_from_fork_asm+0x1a/0x30 [ 16.637323] [ 16.637433] The buggy address belongs to the object at ffff8881031fd400 [ 16.637433] which belongs to the cache kmalloc-128 of size 128 [ 16.637945] The buggy address is located 0 bytes inside of [ 16.637945] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.638435] [ 16.638508] The buggy address belongs to the physical page: [ 16.638681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.639071] flags: 0x200000000000000(node=0|zone=2) [ 16.639285] page_type: f5(slab) [ 16.639406] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.639767] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.640139] page dumped because: kasan: bad access detected [ 16.640426] [ 16.640522] Memory state around the buggy address: [ 16.640748] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.640965] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641181] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.641499] ^ [ 16.641819] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.642304] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.642517] ================================================================== [ 16.690324] ================================================================== [ 16.690796] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.691435] Read of size 121 at addr ffff8881031fd400 by task kunit_try_catch/302 [ 16.692166] [ 16.692300] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.692352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.692366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.692387] Call Trace: [ 16.692401] <TASK> [ 16.692416] dump_stack_lvl+0x73/0xb0 [ 16.692448] print_report+0xd1/0x650 [ 16.692471] ? __virt_addr_valid+0x1db/0x2d0 [ 16.692495] ? copy_user_test_oob+0x604/0x10f0 [ 16.692521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.692545] ? copy_user_test_oob+0x604/0x10f0 [ 16.692570] kasan_report+0x141/0x180 [ 16.692593] ? copy_user_test_oob+0x604/0x10f0 [ 16.692623] kasan_check_range+0x10c/0x1c0 [ 16.692648] __kasan_check_read+0x15/0x20 [ 16.692670] copy_user_test_oob+0x604/0x10f0 [ 16.692696] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.692735] ? finish_task_switch.isra.0+0x153/0x700 [ 16.692758] ? __switch_to+0x47/0xf50 [ 16.692784] ? __schedule+0x10cc/0x2b60 [ 16.692806] ? __pfx_read_tsc+0x10/0x10 [ 16.692828] ? ktime_get_ts64+0x86/0x230 [ 16.692853] kunit_try_run_case+0x1a5/0x480 [ 16.692878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.692902] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.692939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.692964] ? __kthread_parkme+0x82/0x180 [ 16.692986] ? preempt_count_sub+0x50/0x80 [ 16.693022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.693049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.693075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.693111] kthread+0x337/0x6f0 [ 16.693131] ? trace_preempt_on+0x20/0xc0 [ 16.693155] ? __pfx_kthread+0x10/0x10 [ 16.693177] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.693199] ? calculate_sigpending+0x7b/0xa0 [ 16.693225] ? __pfx_kthread+0x10/0x10 [ 16.693248] ret_from_fork+0x116/0x1d0 [ 16.693267] ? __pfx_kthread+0x10/0x10 [ 16.693289] ret_from_fork_asm+0x1a/0x30 [ 16.693320] </TASK> [ 16.693332] [ 16.700725] Allocated by task 302: [ 16.700907] kasan_save_stack+0x45/0x70 [ 16.701129] kasan_save_track+0x18/0x40 [ 16.701333] kasan_save_alloc_info+0x3b/0x50 [ 16.701732] __kasan_kmalloc+0xb7/0xc0 [ 16.701947] __kmalloc_noprof+0x1c9/0x500 [ 16.702094] kunit_kmalloc_array+0x25/0x60 [ 16.702253] copy_user_test_oob+0xab/0x10f0 [ 16.702500] kunit_try_run_case+0x1a5/0x480 [ 16.702719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.702977] kthread+0x337/0x6f0 [ 16.703165] ret_from_fork+0x116/0x1d0 [ 16.703353] ret_from_fork_asm+0x1a/0x30 [ 16.703541] [ 16.703642] The buggy address belongs to the object at ffff8881031fd400 [ 16.703642] which belongs to the cache kmalloc-128 of size 128 [ 16.704071] The buggy address is located 0 bytes inside of [ 16.704071] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.704432] [ 16.704521] The buggy address belongs to the physical page: [ 16.704816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.705160] flags: 0x200000000000000(node=0|zone=2) [ 16.705429] page_type: f5(slab) [ 16.705550] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.705790] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.706319] page dumped because: kasan: bad access detected [ 16.706573] [ 16.706679] Memory state around the buggy address: [ 16.706918] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.707292] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.707504] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.707993] ^ [ 16.708671] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.708941] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.709456] ================================================================== [ 16.661340] ================================================================== [ 16.662802] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.663580] Write of size 121 at addr ffff8881031fd400 by task kunit_try_catch/302 [ 16.664530] [ 16.664891] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.665084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.665099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.665158] Call Trace: [ 16.665176] <TASK> [ 16.665192] dump_stack_lvl+0x73/0xb0 [ 16.665225] print_report+0xd1/0x650 [ 16.665249] ? __virt_addr_valid+0x1db/0x2d0 [ 16.665273] ? copy_user_test_oob+0x557/0x10f0 [ 16.665298] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.665323] ? copy_user_test_oob+0x557/0x10f0 [ 16.665348] kasan_report+0x141/0x180 [ 16.665370] ? copy_user_test_oob+0x557/0x10f0 [ 16.665399] kasan_check_range+0x10c/0x1c0 [ 16.665424] __kasan_check_write+0x18/0x20 [ 16.665445] copy_user_test_oob+0x557/0x10f0 [ 16.665471] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.665495] ? finish_task_switch.isra.0+0x153/0x700 [ 16.665519] ? __switch_to+0x47/0xf50 [ 16.665546] ? __schedule+0x10cc/0x2b60 [ 16.665569] ? __pfx_read_tsc+0x10/0x10 [ 16.665591] ? ktime_get_ts64+0x86/0x230 [ 16.665616] kunit_try_run_case+0x1a5/0x480 [ 16.665641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.665666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.665692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.665729] ? __kthread_parkme+0x82/0x180 [ 16.665752] ? preempt_count_sub+0x50/0x80 [ 16.665777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.665802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.665828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.665855] kthread+0x337/0x6f0 [ 16.665875] ? trace_preempt_on+0x20/0xc0 [ 16.665900] ? __pfx_kthread+0x10/0x10 [ 16.665922] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.665945] ? calculate_sigpending+0x7b/0xa0 [ 16.665970] ? __pfx_kthread+0x10/0x10 [ 16.665993] ret_from_fork+0x116/0x1d0 [ 16.666013] ? __pfx_kthread+0x10/0x10 [ 16.666034] ret_from_fork_asm+0x1a/0x30 [ 16.666079] </TASK> [ 16.666090] [ 16.676643] Allocated by task 302: [ 16.677105] kasan_save_stack+0x45/0x70 [ 16.677380] kasan_save_track+0x18/0x40 [ 16.677808] kasan_save_alloc_info+0x3b/0x50 [ 16.678103] __kasan_kmalloc+0xb7/0xc0 [ 16.678426] __kmalloc_noprof+0x1c9/0x500 [ 16.678611] kunit_kmalloc_array+0x25/0x60 [ 16.678815] copy_user_test_oob+0xab/0x10f0 [ 16.679014] kunit_try_run_case+0x1a5/0x480 [ 16.679504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.679983] kthread+0x337/0x6f0 [ 16.680257] ret_from_fork+0x116/0x1d0 [ 16.680549] ret_from_fork_asm+0x1a/0x30 [ 16.680959] [ 16.681202] The buggy address belongs to the object at ffff8881031fd400 [ 16.681202] which belongs to the cache kmalloc-128 of size 128 [ 16.682018] The buggy address is located 0 bytes inside of [ 16.682018] allocated 120-byte region [ffff8881031fd400, ffff8881031fd478) [ 16.682510] [ 16.682604] The buggy address belongs to the physical page: [ 16.683232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031fd [ 16.683710] flags: 0x200000000000000(node=0|zone=2) [ 16.684140] page_type: f5(slab) [ 16.684459] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.684805] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.685328] page dumped because: kasan: bad access detected [ 16.685774] [ 16.685872] Memory state around the buggy address: [ 16.686497] ffff8881031fd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.686840] ffff8881031fd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.687279] >ffff8881031fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.687873] ^ [ 16.688321] ffff8881031fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.688619] ffff8881031fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.688919] ==================================================================