Date
July 17, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.553956] ================================================================== [ 19.554033] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.554148] Read of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.554201] [ 19.554235] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.554619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.554664] Hardware name: linux,dummy-virt (DT) [ 19.554705] Call trace: [ 19.554740] show_stack+0x20/0x38 (C) [ 19.554794] dump_stack_lvl+0x8c/0xd0 [ 19.554840] print_report+0x118/0x5d0 [ 19.554895] kasan_report+0xdc/0x128 [ 19.554943] kasan_check_range+0x100/0x1a8 [ 19.554990] __kasan_check_read+0x20/0x30 [ 19.555035] copy_user_test_oob+0x4a0/0xec8 [ 19.555091] kunit_try_run_case+0x170/0x3f0 [ 19.555149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.555203] kthread+0x328/0x630 [ 19.555261] ret_from_fork+0x10/0x20 [ 19.555330] [ 19.555353] Allocated by task 285: [ 19.555381] kasan_save_stack+0x3c/0x68 [ 19.555424] kasan_save_track+0x20/0x40 [ 19.555486] kasan_save_alloc_info+0x40/0x58 [ 19.555531] __kasan_kmalloc+0xd4/0xd8 [ 19.555568] __kmalloc_noprof+0x198/0x4c8 [ 19.555608] kunit_kmalloc_array+0x34/0x88 [ 19.555646] copy_user_test_oob+0xac/0xec8 [ 19.555685] kunit_try_run_case+0x170/0x3f0 [ 19.555782] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.555831] kthread+0x328/0x630 [ 19.555876] ret_from_fork+0x10/0x20 [ 19.555913] [ 19.555936] The buggy address belongs to the object at fff00000c79f8300 [ 19.555936] which belongs to the cache kmalloc-128 of size 128 [ 19.555993] The buggy address is located 0 bytes inside of [ 19.555993] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.556373] [ 19.556401] The buggy address belongs to the physical page: [ 19.556436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.556492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.556556] page_type: f5(slab) [ 19.556624] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.556677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.556720] page dumped because: kasan: bad access detected [ 19.556754] [ 19.556774] Memory state around the buggy address: [ 19.556809] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.556970] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.557097] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.557185] ^ [ 19.557296] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.557392] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.557434] ================================================================== [ 19.538772] ================================================================== [ 19.538847] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.538913] Read of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.539163] [ 19.539206] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.539304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.539430] Hardware name: linux,dummy-virt (DT) [ 19.539465] Call trace: [ 19.539506] show_stack+0x20/0x38 (C) [ 19.539556] dump_stack_lvl+0x8c/0xd0 [ 19.539604] print_report+0x118/0x5d0 [ 19.540018] kasan_report+0xdc/0x128 [ 19.540154] kasan_check_range+0x100/0x1a8 [ 19.540456] __kasan_check_read+0x20/0x30 [ 19.540511] copy_user_test_oob+0x3c8/0xec8 [ 19.540566] kunit_try_run_case+0x170/0x3f0 [ 19.540613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.540667] kthread+0x328/0x630 [ 19.540712] ret_from_fork+0x10/0x20 [ 19.541105] [ 19.541159] Allocated by task 285: [ 19.541209] kasan_save_stack+0x3c/0x68 [ 19.541446] kasan_save_track+0x20/0x40 [ 19.541620] kasan_save_alloc_info+0x40/0x58 [ 19.541706] __kasan_kmalloc+0xd4/0xd8 [ 19.541806] __kmalloc_noprof+0x198/0x4c8 [ 19.541884] kunit_kmalloc_array+0x34/0x88 [ 19.541956] copy_user_test_oob+0xac/0xec8 [ 19.542073] kunit_try_run_case+0x170/0x3f0 [ 19.542172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.542249] kthread+0x328/0x630 [ 19.542352] ret_from_fork+0x10/0x20 [ 19.542431] [ 19.542495] The buggy address belongs to the object at fff00000c79f8300 [ 19.542495] which belongs to the cache kmalloc-128 of size 128 [ 19.542555] The buggy address is located 0 bytes inside of [ 19.542555] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.542874] [ 19.543002] The buggy address belongs to the physical page: [ 19.543072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.543157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.543371] page_type: f5(slab) [ 19.543545] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.543681] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.543781] page dumped because: kasan: bad access detected [ 19.543845] [ 19.543955] Memory state around the buggy address: [ 19.544001] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.544069] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.544122] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.544228] ^ [ 19.544278] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.544324] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.544375] ================================================================== [ 19.534573] ================================================================== [ 19.534639] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.534696] Write of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.534749] [ 19.534785] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.534882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.534911] Hardware name: linux,dummy-virt (DT) [ 19.534944] Call trace: [ 19.534970] show_stack+0x20/0x38 (C) [ 19.535020] dump_stack_lvl+0x8c/0xd0 [ 19.535067] print_report+0x118/0x5d0 [ 19.535113] kasan_report+0xdc/0x128 [ 19.535172] kasan_check_range+0x100/0x1a8 [ 19.535229] __kasan_check_write+0x20/0x30 [ 19.535287] copy_user_test_oob+0x35c/0xec8 [ 19.535336] kunit_try_run_case+0x170/0x3f0 [ 19.535384] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.535445] kthread+0x328/0x630 [ 19.535491] ret_from_fork+0x10/0x20 [ 19.535549] [ 19.535573] Allocated by task 285: [ 19.535611] kasan_save_stack+0x3c/0x68 [ 19.535658] kasan_save_track+0x20/0x40 [ 19.535699] kasan_save_alloc_info+0x40/0x58 [ 19.535769] __kasan_kmalloc+0xd4/0xd8 [ 19.535810] __kmalloc_noprof+0x198/0x4c8 [ 19.535850] kunit_kmalloc_array+0x34/0x88 [ 19.536320] copy_user_test_oob+0xac/0xec8 [ 19.536381] kunit_try_run_case+0x170/0x3f0 [ 19.536448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.536536] kthread+0x328/0x630 [ 19.536573] ret_from_fork+0x10/0x20 [ 19.536645] [ 19.536690] The buggy address belongs to the object at fff00000c79f8300 [ 19.536690] which belongs to the cache kmalloc-128 of size 128 [ 19.536751] The buggy address is located 0 bytes inside of [ 19.536751] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.536813] [ 19.536968] The buggy address belongs to the physical page: [ 19.537011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.537065] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.537121] page_type: f5(slab) [ 19.537162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.537214] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.537255] page dumped because: kasan: bad access detected [ 19.537288] [ 19.537310] Memory state around the buggy address: [ 19.537397] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.537500] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.537546] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.537616] ^ [ 19.537693] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.537818] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.537899] ================================================================== [ 19.547876] ================================================================== [ 19.547932] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.547984] Write of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.548035] [ 19.548068] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.548152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.548182] Hardware name: linux,dummy-virt (DT) [ 19.548213] Call trace: [ 19.548237] show_stack+0x20/0x38 (C) [ 19.548284] dump_stack_lvl+0x8c/0xd0 [ 19.548332] print_report+0x118/0x5d0 [ 19.548378] kasan_report+0xdc/0x128 [ 19.548424] kasan_check_range+0x100/0x1a8 [ 19.548475] __kasan_check_write+0x20/0x30 [ 19.548521] copy_user_test_oob+0x434/0xec8 [ 19.548570] kunit_try_run_case+0x170/0x3f0 [ 19.548620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.548674] kthread+0x328/0x630 [ 19.548717] ret_from_fork+0x10/0x20 [ 19.548765] [ 19.548786] Allocated by task 285: [ 19.548816] kasan_save_stack+0x3c/0x68 [ 19.548857] kasan_save_track+0x20/0x40 [ 19.548905] kasan_save_alloc_info+0x40/0x58 [ 19.548946] __kasan_kmalloc+0xd4/0xd8 [ 19.548985] __kmalloc_noprof+0x198/0x4c8 [ 19.549024] kunit_kmalloc_array+0x34/0x88 [ 19.549063] copy_user_test_oob+0xac/0xec8 [ 19.549100] kunit_try_run_case+0x170/0x3f0 [ 19.549146] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.549192] kthread+0x328/0x630 [ 19.549225] ret_from_fork+0x10/0x20 [ 19.549262] [ 19.549283] The buggy address belongs to the object at fff00000c79f8300 [ 19.549283] which belongs to the cache kmalloc-128 of size 128 [ 19.549341] The buggy address is located 0 bytes inside of [ 19.549341] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.549404] [ 19.549425] The buggy address belongs to the physical page: [ 19.549458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.549510] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.549559] page_type: f5(slab) [ 19.549597] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.549648] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.549689] page dumped because: kasan: bad access detected [ 19.549724] [ 19.549744] Memory state around the buggy address: [ 19.549778] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.549822] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.549910] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.549951] ^ [ 19.550331] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.550381] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.550422] ================================================================== [ 19.523554] ================================================================== [ 19.523851] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.523957] Read of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.524044] [ 19.524110] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.524210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.524263] Hardware name: linux,dummy-virt (DT) [ 19.524339] Call trace: [ 19.524363] show_stack+0x20/0x38 (C) [ 19.524437] dump_stack_lvl+0x8c/0xd0 [ 19.524511] print_report+0x118/0x5d0 [ 19.524617] kasan_report+0xdc/0x128 [ 19.524664] kasan_check_range+0x100/0x1a8 [ 19.524712] __kasan_check_read+0x20/0x30 [ 19.524756] copy_user_test_oob+0x728/0xec8 [ 19.524805] kunit_try_run_case+0x170/0x3f0 [ 19.525065] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.525177] kthread+0x328/0x630 [ 19.525242] ret_from_fork+0x10/0x20 [ 19.525315] [ 19.525354] Allocated by task 285: [ 19.525385] kasan_save_stack+0x3c/0x68 [ 19.525634] kasan_save_track+0x20/0x40 [ 19.525765] kasan_save_alloc_info+0x40/0x58 [ 19.525833] __kasan_kmalloc+0xd4/0xd8 [ 19.525910] __kmalloc_noprof+0x198/0x4c8 [ 19.526022] kunit_kmalloc_array+0x34/0x88 [ 19.526108] copy_user_test_oob+0xac/0xec8 [ 19.526211] kunit_try_run_case+0x170/0x3f0 [ 19.526290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.526373] kthread+0x328/0x630 [ 19.526448] ret_from_fork+0x10/0x20 [ 19.526526] [ 19.526574] The buggy address belongs to the object at fff00000c79f8300 [ 19.526574] which belongs to the cache kmalloc-128 of size 128 [ 19.526634] The buggy address is located 0 bytes inside of [ 19.526634] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.526991] [ 19.527027] The buggy address belongs to the physical page: [ 19.527087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.527168] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.527509] page_type: f5(slab) [ 19.527564] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.527659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.527752] page dumped because: kasan: bad access detected [ 19.527806] [ 19.527851] Memory state around the buggy address: [ 19.527918] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.528001] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.528085] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.528164] ^ [ 19.528248] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.528294] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.528334] ================================================================== [ 19.514816] ================================================================== [ 19.514982] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.515082] Write of size 121 at addr fff00000c79f8300 by task kunit_try_catch/285 [ 19.515148] [ 19.515196] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.515479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.515528] Hardware name: linux,dummy-virt (DT) [ 19.515604] Call trace: [ 19.515641] show_stack+0x20/0x38 (C) [ 19.515704] dump_stack_lvl+0x8c/0xd0 [ 19.515791] print_report+0x118/0x5d0 [ 19.516016] kasan_report+0xdc/0x128 [ 19.516093] kasan_check_range+0x100/0x1a8 [ 19.516144] __kasan_check_write+0x20/0x30 [ 19.516191] copy_user_test_oob+0x234/0xec8 [ 19.516247] kunit_try_run_case+0x170/0x3f0 [ 19.516305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.516369] kthread+0x328/0x630 [ 19.516422] ret_from_fork+0x10/0x20 [ 19.516501] [ 19.516532] Allocated by task 285: [ 19.516582] kasan_save_stack+0x3c/0x68 [ 19.516638] kasan_save_track+0x20/0x40 [ 19.516677] kasan_save_alloc_info+0x40/0x58 [ 19.516719] __kasan_kmalloc+0xd4/0xd8 [ 19.516762] __kmalloc_noprof+0x198/0x4c8 [ 19.516802] kunit_kmalloc_array+0x34/0x88 [ 19.516850] copy_user_test_oob+0xac/0xec8 [ 19.516903] kunit_try_run_case+0x170/0x3f0 [ 19.516945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.516991] kthread+0x328/0x630 [ 19.517038] ret_from_fork+0x10/0x20 [ 19.517093] [ 19.517129] The buggy address belongs to the object at fff00000c79f8300 [ 19.517129] which belongs to the cache kmalloc-128 of size 128 [ 19.517213] The buggy address is located 0 bytes inside of [ 19.517213] allocated 120-byte region [fff00000c79f8300, fff00000c79f8378) [ 19.517277] [ 19.517302] The buggy address belongs to the physical page: [ 19.517348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f8 [ 19.517419] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.517474] page_type: f5(slab) [ 19.517528] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.517589] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.517632] page dumped because: kasan: bad access detected [ 19.517665] [ 19.517692] Memory state around the buggy address: [ 19.517734] fff00000c79f8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.517780] fff00000c79f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.517825] >fff00000c79f8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.517887] ^ [ 19.517930] fff00000c79f8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.517974] fff00000c79f8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.518488] ==================================================================
[ 16.406607] ================================================================== [ 16.406854] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.407228] Write of size 121 at addr ffff888102f5e000 by task kunit_try_catch/302 [ 16.407541] [ 16.407665] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.407708] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.407720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.407742] Call Trace: [ 16.407759] <TASK> [ 16.407776] dump_stack_lvl+0x73/0xb0 [ 16.407805] print_report+0xd1/0x610 [ 16.407828] ? __virt_addr_valid+0x1db/0x2d0 [ 16.407851] ? copy_user_test_oob+0x557/0x10f0 [ 16.407875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.407899] ? copy_user_test_oob+0x557/0x10f0 [ 16.407923] kasan_report+0x141/0x180 [ 16.407946] ? copy_user_test_oob+0x557/0x10f0 [ 16.407975] kasan_check_range+0x10c/0x1c0 [ 16.408000] __kasan_check_write+0x18/0x20 [ 16.408020] copy_user_test_oob+0x557/0x10f0 [ 16.408046] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.408081] ? finish_task_switch.isra.0+0x153/0x700 [ 16.408105] ? __switch_to+0x47/0xf50 [ 16.408133] ? __schedule+0x10cc/0x2b60 [ 16.408156] ? __pfx_read_tsc+0x10/0x10 [ 16.408178] ? ktime_get_ts64+0x86/0x230 [ 16.408202] kunit_try_run_case+0x1a5/0x480 [ 16.408228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.408252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.408277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.408302] ? __kthread_parkme+0x82/0x180 [ 16.408324] ? preempt_count_sub+0x50/0x80 [ 16.408348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.408373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.408397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.408422] kthread+0x337/0x6f0 [ 16.408442] ? trace_preempt_on+0x20/0xc0 [ 16.408467] ? __pfx_kthread+0x10/0x10 [ 16.408488] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.408510] ? calculate_sigpending+0x7b/0xa0 [ 16.408535] ? __pfx_kthread+0x10/0x10 [ 16.408557] ret_from_fork+0x116/0x1d0 [ 16.408576] ? __pfx_kthread+0x10/0x10 [ 16.408606] ret_from_fork_asm+0x1a/0x30 [ 16.408639] </TASK> [ 16.408649] [ 16.415994] Allocated by task 302: [ 16.416185] kasan_save_stack+0x45/0x70 [ 16.416390] kasan_save_track+0x18/0x40 [ 16.416538] kasan_save_alloc_info+0x3b/0x50 [ 16.416772] __kasan_kmalloc+0xb7/0xc0 [ 16.416907] __kmalloc_noprof+0x1c9/0x500 [ 16.417047] kunit_kmalloc_array+0x25/0x60 [ 16.417200] copy_user_test_oob+0xab/0x10f0 [ 16.417616] kunit_try_run_case+0x1a5/0x480 [ 16.417810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.418025] kthread+0x337/0x6f0 [ 16.418167] ret_from_fork+0x116/0x1d0 [ 16.418308] ret_from_fork_asm+0x1a/0x30 [ 16.418449] [ 16.418522] The buggy address belongs to the object at ffff888102f5e000 [ 16.418522] which belongs to the cache kmalloc-128 of size 128 [ 16.419260] The buggy address is located 0 bytes inside of [ 16.419260] allocated 120-byte region [ffff888102f5e000, ffff888102f5e078) [ 16.419863] [ 16.419936] The buggy address belongs to the physical page: [ 16.420121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f5e [ 16.420483] flags: 0x200000000000000(node=0|zone=2) [ 16.420913] page_type: f5(slab) [ 16.421089] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.421428] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.421730] page dumped because: kasan: bad access detected [ 16.421940] [ 16.422011] Memory state around the buggy address: [ 16.422255] ffff888102f5df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.422569] ffff888102f5df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.422844] >ffff888102f5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.423162] ^ [ 16.423417] ffff888102f5e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.423742] ffff888102f5e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.424043] ================================================================== [ 16.424609] ================================================================== [ 16.424974] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.425291] Read of size 121 at addr ffff888102f5e000 by task kunit_try_catch/302 [ 16.425666] [ 16.425787] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.425833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.425846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.425869] Call Trace: [ 16.425887] <TASK> [ 16.425906] dump_stack_lvl+0x73/0xb0 [ 16.425935] print_report+0xd1/0x610 [ 16.425958] ? __virt_addr_valid+0x1db/0x2d0 [ 16.425983] ? copy_user_test_oob+0x604/0x10f0 [ 16.426007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.426031] ? copy_user_test_oob+0x604/0x10f0 [ 16.426069] kasan_report+0x141/0x180 [ 16.426094] ? copy_user_test_oob+0x604/0x10f0 [ 16.426126] kasan_check_range+0x10c/0x1c0 [ 16.426152] __kasan_check_read+0x15/0x20 [ 16.426172] copy_user_test_oob+0x604/0x10f0 [ 16.426203] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.426226] ? finish_task_switch.isra.0+0x153/0x700 [ 16.426251] ? __switch_to+0x47/0xf50 [ 16.426280] ? __schedule+0x10cc/0x2b60 [ 16.426304] ? __pfx_read_tsc+0x10/0x10 [ 16.426326] ? ktime_get_ts64+0x86/0x230 [ 16.426352] kunit_try_run_case+0x1a5/0x480 [ 16.426378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.426427] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.426452] ? __kthread_parkme+0x82/0x180 [ 16.426474] ? preempt_count_sub+0x50/0x80 [ 16.426498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.426548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.426574] kthread+0x337/0x6f0 [ 16.426606] ? trace_preempt_on+0x20/0xc0 [ 16.426632] ? __pfx_kthread+0x10/0x10 [ 16.426653] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.426676] ? calculate_sigpending+0x7b/0xa0 [ 16.426702] ? __pfx_kthread+0x10/0x10 [ 16.426724] ret_from_fork+0x116/0x1d0 [ 16.426744] ? __pfx_kthread+0x10/0x10 [ 16.426764] ret_from_fork_asm+0x1a/0x30 [ 16.426798] </TASK> [ 16.426809] [ 16.434132] Allocated by task 302: [ 16.434325] kasan_save_stack+0x45/0x70 [ 16.434542] kasan_save_track+0x18/0x40 [ 16.434735] kasan_save_alloc_info+0x3b/0x50 [ 16.434902] __kasan_kmalloc+0xb7/0xc0 [ 16.435098] __kmalloc_noprof+0x1c9/0x500 [ 16.435312] kunit_kmalloc_array+0x25/0x60 [ 16.435512] copy_user_test_oob+0xab/0x10f0 [ 16.435741] kunit_try_run_case+0x1a5/0x480 [ 16.435942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.436203] kthread+0x337/0x6f0 [ 16.436330] ret_from_fork+0x116/0x1d0 [ 16.436465] ret_from_fork_asm+0x1a/0x30 [ 16.436608] [ 16.436681] The buggy address belongs to the object at ffff888102f5e000 [ 16.436681] which belongs to the cache kmalloc-128 of size 128 [ 16.437046] The buggy address is located 0 bytes inside of [ 16.437046] allocated 120-byte region [ffff888102f5e000, ffff888102f5e078) [ 16.437562] [ 16.437672] The buggy address belongs to the physical page: [ 16.437928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f5e [ 16.438300] flags: 0x200000000000000(node=0|zone=2) [ 16.438545] page_type: f5(slab) [ 16.438855] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.439125] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.439354] page dumped because: kasan: bad access detected [ 16.439528] [ 16.439619] Memory state around the buggy address: [ 16.439849] ffff888102f5df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440186] ffff888102f5df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440512] >ffff888102f5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.441103] ^ [ 16.441389] ffff888102f5e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.441679] ffff888102f5e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.441986] ================================================================== [ 16.366234] ================================================================== [ 16.366571] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.366960] Write of size 121 at addr ffff888102f5e000 by task kunit_try_catch/302 [ 16.367277] [ 16.367399] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.367445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.367458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.367481] Call Trace: [ 16.367495] <TASK> [ 16.367513] dump_stack_lvl+0x73/0xb0 [ 16.367542] print_report+0xd1/0x610 [ 16.367565] ? __virt_addr_valid+0x1db/0x2d0 [ 16.367589] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.367626] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.367650] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.367674] kasan_report+0x141/0x180 [ 16.367697] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.367727] kasan_check_range+0x10c/0x1c0 [ 16.367751] __kasan_check_write+0x18/0x20 [ 16.367771] copy_user_test_oob+0x3fd/0x10f0 [ 16.367798] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.367821] ? finish_task_switch.isra.0+0x153/0x700 [ 16.367845] ? __switch_to+0x47/0xf50 [ 16.367872] ? __schedule+0x10cc/0x2b60 [ 16.367896] ? __pfx_read_tsc+0x10/0x10 [ 16.367916] ? ktime_get_ts64+0x86/0x230 [ 16.367942] kunit_try_run_case+0x1a5/0x480 [ 16.367967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.367990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.368016] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.368040] ? __kthread_parkme+0x82/0x180 [ 16.368073] ? preempt_count_sub+0x50/0x80 [ 16.368098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.368123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.368148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.368173] kthread+0x337/0x6f0 [ 16.368193] ? trace_preempt_on+0x20/0xc0 [ 16.368217] ? __pfx_kthread+0x10/0x10 [ 16.368239] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.368261] ? calculate_sigpending+0x7b/0xa0 [ 16.368286] ? __pfx_kthread+0x10/0x10 [ 16.368309] ret_from_fork+0x116/0x1d0 [ 16.368328] ? __pfx_kthread+0x10/0x10 [ 16.368349] ret_from_fork_asm+0x1a/0x30 [ 16.368382] </TASK> [ 16.368392] [ 16.375674] Allocated by task 302: [ 16.375859] kasan_save_stack+0x45/0x70 [ 16.376072] kasan_save_track+0x18/0x40 [ 16.376238] kasan_save_alloc_info+0x3b/0x50 [ 16.376388] __kasan_kmalloc+0xb7/0xc0 [ 16.376522] __kmalloc_noprof+0x1c9/0x500 [ 16.376867] kunit_kmalloc_array+0x25/0x60 [ 16.377086] copy_user_test_oob+0xab/0x10f0 [ 16.377295] kunit_try_run_case+0x1a5/0x480 [ 16.377504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.377770] kthread+0x337/0x6f0 [ 16.377910] ret_from_fork+0x116/0x1d0 [ 16.378100] ret_from_fork_asm+0x1a/0x30 [ 16.378292] [ 16.378377] The buggy address belongs to the object at ffff888102f5e000 [ 16.378377] which belongs to the cache kmalloc-128 of size 128 [ 16.378863] The buggy address is located 0 bytes inside of [ 16.378863] allocated 120-byte region [ffff888102f5e000, ffff888102f5e078) [ 16.379351] [ 16.379426] The buggy address belongs to the physical page: [ 16.379612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f5e [ 16.379964] flags: 0x200000000000000(node=0|zone=2) [ 16.380322] page_type: f5(slab) [ 16.380448] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.380705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.381086] page dumped because: kasan: bad access detected [ 16.381463] [ 16.381558] Memory state around the buggy address: [ 16.381795] ffff888102f5df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.382041] ffff888102f5df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.382365] >ffff888102f5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.382687] ^ [ 16.382903] ffff888102f5e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.383158] ffff888102f5e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.383473] ================================================================== [ 16.384306] ================================================================== [ 16.384768] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.385095] Read of size 121 at addr ffff888102f5e000 by task kunit_try_catch/302 [ 16.385390] [ 16.385480] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.385526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.385538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.385561] Call Trace: [ 16.385578] <TASK> [ 16.385597] dump_stack_lvl+0x73/0xb0 [ 16.385625] print_report+0xd1/0x610 [ 16.385649] ? __virt_addr_valid+0x1db/0x2d0 [ 16.385672] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.385697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.385720] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.385745] kasan_report+0x141/0x180 [ 16.385768] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.385798] kasan_check_range+0x10c/0x1c0 [ 16.385823] __kasan_check_read+0x15/0x20 [ 16.385842] copy_user_test_oob+0x4aa/0x10f0 [ 16.385868] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.385891] ? finish_task_switch.isra.0+0x153/0x700 [ 16.385915] ? __switch_to+0x47/0xf50 [ 16.385942] ? __schedule+0x10cc/0x2b60 [ 16.385980] ? __pfx_read_tsc+0x10/0x10 [ 16.386002] ? ktime_get_ts64+0x86/0x230 [ 16.386027] kunit_try_run_case+0x1a5/0x480 [ 16.386065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.386088] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.386114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.386139] ? __kthread_parkme+0x82/0x180 [ 16.386160] ? preempt_count_sub+0x50/0x80 [ 16.386185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.386213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.386238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.386263] kthread+0x337/0x6f0 [ 16.386282] ? trace_preempt_on+0x20/0xc0 [ 16.386307] ? __pfx_kthread+0x10/0x10 [ 16.386328] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.386350] ? calculate_sigpending+0x7b/0xa0 [ 16.386376] ? __pfx_kthread+0x10/0x10 [ 16.386398] ret_from_fork+0x116/0x1d0 [ 16.386417] ? __pfx_kthread+0x10/0x10 [ 16.386438] ret_from_fork_asm+0x1a/0x30 [ 16.386471] </TASK> [ 16.386481] [ 16.394215] Allocated by task 302: [ 16.394375] kasan_save_stack+0x45/0x70 [ 16.394544] kasan_save_track+0x18/0x40 [ 16.394778] kasan_save_alloc_info+0x3b/0x50 [ 16.394960] __kasan_kmalloc+0xb7/0xc0 [ 16.395154] __kmalloc_noprof+0x1c9/0x500 [ 16.395307] kunit_kmalloc_array+0x25/0x60 [ 16.395482] copy_user_test_oob+0xab/0x10f0 [ 16.395693] kunit_try_run_case+0x1a5/0x480 [ 16.395901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.396128] kthread+0x337/0x6f0 [ 16.396288] ret_from_fork+0x116/0x1d0 [ 16.396467] ret_from_fork_asm+0x1a/0x30 [ 16.398251] [ 16.398383] The buggy address belongs to the object at ffff888102f5e000 [ 16.398383] which belongs to the cache kmalloc-128 of size 128 [ 16.398802] The buggy address is located 0 bytes inside of [ 16.398802] allocated 120-byte region [ffff888102f5e000, ffff888102f5e078) [ 16.399177] [ 16.399253] The buggy address belongs to the physical page: [ 16.399429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f5e [ 16.400440] flags: 0x200000000000000(node=0|zone=2) [ 16.401163] page_type: f5(slab) [ 16.401405] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.402124] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.402467] page dumped because: kasan: bad access detected [ 16.402869] [ 16.403116] Memory state around the buggy address: [ 16.403453] ffff888102f5df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.403929] ffff888102f5df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.404372] >ffff888102f5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.404810] ^ [ 16.405314] ffff888102f5e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.405781] ffff888102f5e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.406091] ==================================================================