Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.751383] ================================================================== [ 18.751755] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.752329] Write of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.752532] [ 18.752791] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.753653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.753774] Hardware name: linux,dummy-virt (DT) [ 18.753859] Call trace: [ 18.753894] show_stack+0x20/0x38 (C) [ 18.754050] dump_stack_lvl+0x8c/0xd0 [ 18.754127] print_report+0x118/0x5d0 [ 18.754175] kasan_report+0xdc/0x128 [ 18.754232] kasan_check_range+0x100/0x1a8 [ 18.754562] __kasan_check_write+0x20/0x30 [ 18.754679] copy_user_test_oob+0x234/0xec8 [ 18.754728] kunit_try_run_case+0x170/0x3f0 [ 18.754783] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.754850] kthread+0x328/0x630 [ 18.754895] ret_from_fork+0x10/0x20 [ 18.755504] [ 18.755578] Allocated by task 286: [ 18.755662] kasan_save_stack+0x3c/0x68 [ 18.755763] kasan_save_track+0x20/0x40 [ 18.755930] kasan_save_alloc_info+0x40/0x58 [ 18.755992] __kasan_kmalloc+0xd4/0xd8 [ 18.756030] __kmalloc_noprof+0x198/0x4c8 [ 18.756137] kunit_kmalloc_array+0x34/0x88 [ 18.756177] copy_user_test_oob+0xac/0xec8 [ 18.756227] kunit_try_run_case+0x170/0x3f0 [ 18.756266] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.756312] kthread+0x328/0x630 [ 18.756345] ret_from_fork+0x10/0x20 [ 18.756590] [ 18.756839] The buggy address belongs to the object at fff00000c593d300 [ 18.756839] which belongs to the cache kmalloc-128 of size 128 [ 18.757254] The buggy address is located 0 bytes inside of [ 18.757254] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.757501] [ 18.757745] The buggy address belongs to the physical page: [ 18.757786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.757847] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.757931] page_type: f5(slab) [ 18.757975] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.758380] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.758552] page dumped because: kasan: bad access detected [ 18.758643] [ 18.758673] Memory state around the buggy address: [ 18.758727] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.758775] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.759175] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.759258] ^ [ 18.759409] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.759467] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.759749] ================================================================== [ 18.784054] ================================================================== [ 18.784119] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.784176] Write of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.784247] [ 18.784295] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.784383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.784665] Hardware name: linux,dummy-virt (DT) [ 18.785018] Call trace: [ 18.785616] show_stack+0x20/0x38 (C) [ 18.785776] dump_stack_lvl+0x8c/0xd0 [ 18.785824] print_report+0x118/0x5d0 [ 18.785871] kasan_report+0xdc/0x128 [ 18.785918] kasan_check_range+0x100/0x1a8 [ 18.786332] __kasan_check_write+0x20/0x30 [ 18.786523] copy_user_test_oob+0x35c/0xec8 [ 18.786575] kunit_try_run_case+0x170/0x3f0 [ 18.786654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.786709] kthread+0x328/0x630 [ 18.786754] ret_from_fork+0x10/0x20 [ 18.786803] [ 18.786878] Allocated by task 286: [ 18.787041] kasan_save_stack+0x3c/0x68 [ 18.787133] kasan_save_track+0x20/0x40 [ 18.787174] kasan_save_alloc_info+0x40/0x58 [ 18.787228] __kasan_kmalloc+0xd4/0xd8 [ 18.787266] __kmalloc_noprof+0x198/0x4c8 [ 18.787304] kunit_kmalloc_array+0x34/0x88 [ 18.787345] copy_user_test_oob+0xac/0xec8 [ 18.787384] kunit_try_run_case+0x170/0x3f0 [ 18.787956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.788196] kthread+0x328/0x630 [ 18.788233] ret_from_fork+0x10/0x20 [ 18.788315] [ 18.788712] The buggy address belongs to the object at fff00000c593d300 [ 18.788712] which belongs to the cache kmalloc-128 of size 128 [ 18.788782] The buggy address is located 0 bytes inside of [ 18.788782] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.789000] [ 18.789097] The buggy address belongs to the physical page: [ 18.789135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.789203] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.789255] page_type: f5(slab) [ 18.789297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.789484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.789553] page dumped because: kasan: bad access detected [ 18.789588] [ 18.789609] Memory state around the buggy address: [ 18.789644] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.789690] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.789736] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.789778] ^ [ 18.789892] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.790057] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.790099] ================================================================== [ 18.817773] ================================================================== [ 18.817829] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.817883] Read of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.817944] [ 18.818107] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.818262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.818324] Hardware name: linux,dummy-virt (DT) [ 18.818744] Call trace: [ 18.818790] show_stack+0x20/0x38 (C) [ 18.818977] dump_stack_lvl+0x8c/0xd0 [ 18.819374] print_report+0x118/0x5d0 [ 18.819469] kasan_report+0xdc/0x128 [ 18.819527] kasan_check_range+0x100/0x1a8 [ 18.819870] __kasan_check_read+0x20/0x30 [ 18.820115] copy_user_test_oob+0x4a0/0xec8 [ 18.820170] kunit_try_run_case+0x170/0x3f0 [ 18.820229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.820287] kthread+0x328/0x630 [ 18.820330] ret_from_fork+0x10/0x20 [ 18.820378] [ 18.820399] Allocated by task 286: [ 18.820428] kasan_save_stack+0x3c/0x68 [ 18.820489] kasan_save_track+0x20/0x40 [ 18.820528] kasan_save_alloc_info+0x40/0x58 [ 18.820680] __kasan_kmalloc+0xd4/0xd8 [ 18.821060] __kmalloc_noprof+0x198/0x4c8 [ 18.821409] kunit_kmalloc_array+0x34/0x88 [ 18.821456] copy_user_test_oob+0xac/0xec8 [ 18.821496] kunit_try_run_case+0x170/0x3f0 [ 18.821535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.821580] kthread+0x328/0x630 [ 18.821615] ret_from_fork+0x10/0x20 [ 18.821653] [ 18.821674] The buggy address belongs to the object at fff00000c593d300 [ 18.821674] which belongs to the cache kmalloc-128 of size 128 [ 18.822120] The buggy address is located 0 bytes inside of [ 18.822120] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.822231] [ 18.822253] The buggy address belongs to the physical page: [ 18.822588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.822651] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.822701] page_type: f5(slab) [ 18.822739] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.822793] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.822848] page dumped because: kasan: bad access detected [ 18.822882] [ 18.823331] Memory state around the buggy address: [ 18.823434] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.823482] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.823577] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.823619] ^ [ 18.823719] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.823765] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.823807] ================================================================== [ 18.806144] ================================================================== [ 18.806226] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.806284] Read of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.806338] [ 18.806371] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.806456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.806485] Hardware name: linux,dummy-virt (DT) [ 18.806519] Call trace: [ 18.806542] show_stack+0x20/0x38 (C) [ 18.806590] dump_stack_lvl+0x8c/0xd0 [ 18.806637] print_report+0x118/0x5d0 [ 18.806683] kasan_report+0xdc/0x128 [ 18.806728] kasan_check_range+0x100/0x1a8 [ 18.806777] __kasan_check_read+0x20/0x30 [ 18.806822] copy_user_test_oob+0x3c8/0xec8 [ 18.806870] kunit_try_run_case+0x170/0x3f0 [ 18.806916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.806970] kthread+0x328/0x630 [ 18.807012] ret_from_fork+0x10/0x20 [ 18.807061] [ 18.807081] Allocated by task 286: [ 18.807109] kasan_save_stack+0x3c/0x68 [ 18.807151] kasan_save_track+0x20/0x40 [ 18.807200] kasan_save_alloc_info+0x40/0x58 [ 18.807243] __kasan_kmalloc+0xd4/0xd8 [ 18.807427] __kmalloc_noprof+0x198/0x4c8 [ 18.807484] kunit_kmalloc_array+0x34/0x88 [ 18.807526] copy_user_test_oob+0xac/0xec8 [ 18.807567] kunit_try_run_case+0x170/0x3f0 [ 18.807785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.807850] kthread+0x328/0x630 [ 18.808192] ret_from_fork+0x10/0x20 [ 18.808276] [ 18.808301] The buggy address belongs to the object at fff00000c593d300 [ 18.808301] which belongs to the cache kmalloc-128 of size 128 [ 18.808613] The buggy address is located 0 bytes inside of [ 18.808613] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.808718] [ 18.808767] The buggy address belongs to the physical page: [ 18.808816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.808875] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.808925] page_type: f5(slab) [ 18.808965] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.809019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.809207] page dumped because: kasan: bad access detected [ 18.809248] [ 18.809270] Memory state around the buggy address: [ 18.809306] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.809353] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.809398] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.809702] ^ [ 18.809757] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.810014] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.810061] ================================================================== [ 18.810985] ================================================================== [ 18.811052] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.811103] Write of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.811446] [ 18.811489] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.811586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.811617] Hardware name: linux,dummy-virt (DT) [ 18.811649] Call trace: [ 18.811673] show_stack+0x20/0x38 (C) [ 18.811722] dump_stack_lvl+0x8c/0xd0 [ 18.811771] print_report+0x118/0x5d0 [ 18.811816] kasan_report+0xdc/0x128 [ 18.811861] kasan_check_range+0x100/0x1a8 [ 18.811931] __kasan_check_write+0x20/0x30 [ 18.811978] copy_user_test_oob+0x434/0xec8 [ 18.812024] kunit_try_run_case+0x170/0x3f0 [ 18.812072] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.812129] kthread+0x328/0x630 [ 18.812173] ret_from_fork+0x10/0x20 [ 18.812232] [ 18.812263] Allocated by task 286: [ 18.812294] kasan_save_stack+0x3c/0x68 [ 18.812337] kasan_save_track+0x20/0x40 [ 18.812377] kasan_save_alloc_info+0x40/0x58 [ 18.812417] __kasan_kmalloc+0xd4/0xd8 [ 18.812460] __kmalloc_noprof+0x198/0x4c8 [ 18.812507] kunit_kmalloc_array+0x34/0x88 [ 18.812559] copy_user_test_oob+0xac/0xec8 [ 18.812597] kunit_try_run_case+0x170/0x3f0 [ 18.812637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.812728] kthread+0x328/0x630 [ 18.812768] ret_from_fork+0x10/0x20 [ 18.813193] [ 18.813229] The buggy address belongs to the object at fff00000c593d300 [ 18.813229] which belongs to the cache kmalloc-128 of size 128 [ 18.813351] The buggy address is located 0 bytes inside of [ 18.813351] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.813429] [ 18.813452] The buggy address belongs to the physical page: [ 18.813484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.813718] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.814333] page_type: f5(slab) [ 18.814387] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.814441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.814788] page dumped because: kasan: bad access detected [ 18.814828] [ 18.814927] Memory state around the buggy address: [ 18.815267] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.815358] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.815448] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.815492] ^ [ 18.815622] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.815729] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.815771] ================================================================== [ 18.767039] ================================================================== [ 18.767364] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.767524] Read of size 121 at addr fff00000c593d300 by task kunit_try_catch/286 [ 18.767834] [ 18.767904] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.768313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.768346] Hardware name: linux,dummy-virt (DT) [ 18.768380] Call trace: [ 18.768403] show_stack+0x20/0x38 (C) [ 18.768611] dump_stack_lvl+0x8c/0xd0 [ 18.768658] print_report+0x118/0x5d0 [ 18.768704] kasan_report+0xdc/0x128 [ 18.768751] kasan_check_range+0x100/0x1a8 [ 18.769055] __kasan_check_read+0x20/0x30 [ 18.769116] copy_user_test_oob+0x728/0xec8 [ 18.769166] kunit_try_run_case+0x170/0x3f0 [ 18.769611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.770176] kthread+0x328/0x630 [ 18.770340] ret_from_fork+0x10/0x20 [ 18.770530] [ 18.770551] Allocated by task 286: [ 18.770581] kasan_save_stack+0x3c/0x68 [ 18.770672] kasan_save_track+0x20/0x40 [ 18.770758] kasan_save_alloc_info+0x40/0x58 [ 18.770835] __kasan_kmalloc+0xd4/0xd8 [ 18.770873] __kmalloc_noprof+0x198/0x4c8 [ 18.770919] kunit_kmalloc_array+0x34/0x88 [ 18.771085] copy_user_test_oob+0xac/0xec8 [ 18.771132] kunit_try_run_case+0x170/0x3f0 [ 18.771189] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.771308] kthread+0x328/0x630 [ 18.771348] ret_from_fork+0x10/0x20 [ 18.771525] [ 18.771546] The buggy address belongs to the object at fff00000c593d300 [ 18.771546] which belongs to the cache kmalloc-128 of size 128 [ 18.771633] The buggy address is located 0 bytes inside of [ 18.771633] allocated 120-byte region [fff00000c593d300, fff00000c593d378) [ 18.771782] [ 18.771829] The buggy address belongs to the physical page: [ 18.771886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10593d [ 18.771998] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.772105] page_type: f5(slab) [ 18.772150] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.772236] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.772281] page dumped because: kasan: bad access detected [ 18.772315] [ 18.772335] Memory state around the buggy address: [ 18.772371] fff00000c593d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.772419] fff00000c593d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.772471] >fff00000c593d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.772512] ^ [ 18.772555] fff00000c593d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.772600] fff00000c593d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.772640] ==================================================================
[ 16.560649] ================================================================== [ 16.560915] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.561145] Read of size 121 at addr ffff8881038e2900 by task kunit_try_catch/302 [ 16.561692] [ 16.561875] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.561944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.561958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.561978] Call Trace: [ 16.562009] <TASK> [ 16.562023] dump_stack_lvl+0x73/0xb0 [ 16.562068] print_report+0xd1/0x610 [ 16.562106] ? __virt_addr_valid+0x1db/0x2d0 [ 16.562144] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.562183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.562235] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.562261] kasan_report+0x141/0x180 [ 16.562298] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.562342] kasan_check_range+0x10c/0x1c0 [ 16.562368] __kasan_check_read+0x15/0x20 [ 16.562395] copy_user_test_oob+0x4aa/0x10f0 [ 16.562424] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.562450] ? finish_task_switch.isra.0+0x153/0x700 [ 16.562474] ? __switch_to+0x47/0xf50 [ 16.562501] ? __schedule+0x10cc/0x2b60 [ 16.562524] ? __pfx_read_tsc+0x10/0x10 [ 16.562546] ? ktime_get_ts64+0x86/0x230 [ 16.562578] kunit_try_run_case+0x1a5/0x480 [ 16.562604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.562630] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.562655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.562681] ? __kthread_parkme+0x82/0x180 [ 16.562704] ? preempt_count_sub+0x50/0x80 [ 16.562729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.562766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.562794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.562821] kthread+0x337/0x6f0 [ 16.562842] ? trace_preempt_on+0x20/0xc0 [ 16.562866] ? __pfx_kthread+0x10/0x10 [ 16.562888] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.562912] ? calculate_sigpending+0x7b/0xa0 [ 16.562937] ? __pfx_kthread+0x10/0x10 [ 16.562960] ret_from_fork+0x116/0x1d0 [ 16.562980] ? __pfx_kthread+0x10/0x10 [ 16.563002] ret_from_fork_asm+0x1a/0x30 [ 16.563033] </TASK> [ 16.563043] [ 16.571002] Allocated by task 302: [ 16.571194] kasan_save_stack+0x45/0x70 [ 16.571417] kasan_save_track+0x18/0x40 [ 16.571609] kasan_save_alloc_info+0x3b/0x50 [ 16.571842] __kasan_kmalloc+0xb7/0xc0 [ 16.572001] __kmalloc_noprof+0x1c9/0x500 [ 16.572143] kunit_kmalloc_array+0x25/0x60 [ 16.572292] copy_user_test_oob+0xab/0x10f0 [ 16.572543] kunit_try_run_case+0x1a5/0x480 [ 16.572771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.573032] kthread+0x337/0x6f0 [ 16.573201] ret_from_fork+0x116/0x1d0 [ 16.573425] ret_from_fork_asm+0x1a/0x30 [ 16.573683] [ 16.573804] The buggy address belongs to the object at ffff8881038e2900 [ 16.573804] which belongs to the cache kmalloc-128 of size 128 [ 16.574172] The buggy address is located 0 bytes inside of [ 16.574172] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.574700] [ 16.574836] The buggy address belongs to the physical page: [ 16.575076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.575316] flags: 0x200000000000000(node=0|zone=2) [ 16.575479] page_type: f5(slab) [ 16.575601] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.575993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.576337] page dumped because: kasan: bad access detected [ 16.576729] [ 16.576833] Memory state around the buggy address: [ 16.577021] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.577239] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.577489] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.577855] ^ [ 16.578269] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.578942] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.579284] ================================================================== [ 16.601671] ================================================================== [ 16.602000] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.602398] Read of size 121 at addr ffff8881038e2900 by task kunit_try_catch/302 [ 16.602830] [ 16.602914] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.602955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.602968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.603039] Call Trace: [ 16.603055] <TASK> [ 16.603070] dump_stack_lvl+0x73/0xb0 [ 16.603159] print_report+0xd1/0x610 [ 16.603195] ? __virt_addr_valid+0x1db/0x2d0 [ 16.603218] ? copy_user_test_oob+0x604/0x10f0 [ 16.603246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.603272] ? copy_user_test_oob+0x604/0x10f0 [ 16.603297] kasan_report+0x141/0x180 [ 16.603320] ? copy_user_test_oob+0x604/0x10f0 [ 16.603351] kasan_check_range+0x10c/0x1c0 [ 16.603377] __kasan_check_read+0x15/0x20 [ 16.603398] copy_user_test_oob+0x604/0x10f0 [ 16.603465] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.603490] ? finish_task_switch.isra.0+0x153/0x700 [ 16.603531] ? __switch_to+0x47/0xf50 [ 16.603558] ? __schedule+0x10cc/0x2b60 [ 16.603624] ? __pfx_read_tsc+0x10/0x10 [ 16.603647] ? ktime_get_ts64+0x86/0x230 [ 16.603682] kunit_try_run_case+0x1a5/0x480 [ 16.603710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.603734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.603769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.603796] ? __kthread_parkme+0x82/0x180 [ 16.603818] ? preempt_count_sub+0x50/0x80 [ 16.603842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.603869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.603895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.603922] kthread+0x337/0x6f0 [ 16.603943] ? trace_preempt_on+0x20/0xc0 [ 16.603967] ? __pfx_kthread+0x10/0x10 [ 16.603989] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.604013] ? calculate_sigpending+0x7b/0xa0 [ 16.604039] ? __pfx_kthread+0x10/0x10 [ 16.604062] ret_from_fork+0x116/0x1d0 [ 16.604082] ? __pfx_kthread+0x10/0x10 [ 16.604103] ret_from_fork_asm+0x1a/0x30 [ 16.604135] </TASK> [ 16.604146] [ 16.612921] Allocated by task 302: [ 16.613144] kasan_save_stack+0x45/0x70 [ 16.613443] kasan_save_track+0x18/0x40 [ 16.613807] kasan_save_alloc_info+0x3b/0x50 [ 16.614078] __kasan_kmalloc+0xb7/0xc0 [ 16.614214] __kmalloc_noprof+0x1c9/0x500 [ 16.614351] kunit_kmalloc_array+0x25/0x60 [ 16.614669] copy_user_test_oob+0xab/0x10f0 [ 16.615084] kunit_try_run_case+0x1a5/0x480 [ 16.615291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.615555] kthread+0x337/0x6f0 [ 16.615809] ret_from_fork+0x116/0x1d0 [ 16.615989] ret_from_fork_asm+0x1a/0x30 [ 16.616256] [ 16.616353] The buggy address belongs to the object at ffff8881038e2900 [ 16.616353] which belongs to the cache kmalloc-128 of size 128 [ 16.616828] The buggy address is located 0 bytes inside of [ 16.616828] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.617294] [ 16.617394] The buggy address belongs to the physical page: [ 16.617692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.617936] flags: 0x200000000000000(node=0|zone=2) [ 16.618172] page_type: f5(slab) [ 16.618342] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.618875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.619234] page dumped because: kasan: bad access detected [ 16.619555] [ 16.619643] Memory state around the buggy address: [ 16.619930] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.620208] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.620640] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.620907] ^ [ 16.621357] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.621717] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.622093] ================================================================== [ 16.579682] ================================================================== [ 16.580204] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.580739] Write of size 121 at addr ffff8881038e2900 by task kunit_try_catch/302 [ 16.581133] [ 16.581346] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.581444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.581458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.581480] Call Trace: [ 16.581495] <TASK> [ 16.581510] dump_stack_lvl+0x73/0xb0 [ 16.581540] print_report+0xd1/0x610 [ 16.581563] ? __virt_addr_valid+0x1db/0x2d0 [ 16.581587] ? copy_user_test_oob+0x557/0x10f0 [ 16.581613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.581638] ? copy_user_test_oob+0x557/0x10f0 [ 16.581663] kasan_report+0x141/0x180 [ 16.581687] ? copy_user_test_oob+0x557/0x10f0 [ 16.581717] kasan_check_range+0x10c/0x1c0 [ 16.581742] __kasan_check_write+0x18/0x20 [ 16.581775] copy_user_test_oob+0x557/0x10f0 [ 16.581837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.581862] ? finish_task_switch.isra.0+0x153/0x700 [ 16.581888] ? __switch_to+0x47/0xf50 [ 16.581914] ? __schedule+0x10cc/0x2b60 [ 16.581970] ? __pfx_read_tsc+0x10/0x10 [ 16.581993] ? ktime_get_ts64+0x86/0x230 [ 16.582018] kunit_try_run_case+0x1a5/0x480 [ 16.582045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.582070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.582127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.582154] ? __kthread_parkme+0x82/0x180 [ 16.582177] ? preempt_count_sub+0x50/0x80 [ 16.582202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.582259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.582286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.582314] kthread+0x337/0x6f0 [ 16.582335] ? trace_preempt_on+0x20/0xc0 [ 16.582360] ? __pfx_kthread+0x10/0x10 [ 16.582420] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.582445] ? calculate_sigpending+0x7b/0xa0 [ 16.582470] ? __pfx_kthread+0x10/0x10 [ 16.582504] ret_from_fork+0x116/0x1d0 [ 16.582526] ? __pfx_kthread+0x10/0x10 [ 16.582580] ret_from_fork_asm+0x1a/0x30 [ 16.582613] </TASK> [ 16.582625] [ 16.591876] Allocated by task 302: [ 16.592062] kasan_save_stack+0x45/0x70 [ 16.592359] kasan_save_track+0x18/0x40 [ 16.592589] kasan_save_alloc_info+0x3b/0x50 [ 16.592861] __kasan_kmalloc+0xb7/0xc0 [ 16.592996] __kmalloc_noprof+0x1c9/0x500 [ 16.593176] kunit_kmalloc_array+0x25/0x60 [ 16.593489] copy_user_test_oob+0xab/0x10f0 [ 16.593776] kunit_try_run_case+0x1a5/0x480 [ 16.593971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.594191] kthread+0x337/0x6f0 [ 16.594310] ret_from_fork+0x116/0x1d0 [ 16.594616] ret_from_fork_asm+0x1a/0x30 [ 16.594913] [ 16.594987] The buggy address belongs to the object at ffff8881038e2900 [ 16.594987] which belongs to the cache kmalloc-128 of size 128 [ 16.595489] The buggy address is located 0 bytes inside of [ 16.595489] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.596117] [ 16.596273] The buggy address belongs to the physical page: [ 16.596523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.596944] flags: 0x200000000000000(node=0|zone=2) [ 16.597142] page_type: f5(slab) [ 16.597351] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.597780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.598146] page dumped because: kasan: bad access detected [ 16.598359] [ 16.598495] Memory state around the buggy address: [ 16.598773] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.599115] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599398] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.599988] ^ [ 16.600271] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.600708] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.601007] ================================================================== [ 16.541997] ================================================================== [ 16.542334] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.542672] Write of size 121 at addr ffff8881038e2900 by task kunit_try_catch/302 [ 16.542978] [ 16.543093] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.543139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.543152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.543174] Call Trace: [ 16.543186] <TASK> [ 16.543204] dump_stack_lvl+0x73/0xb0 [ 16.543234] print_report+0xd1/0x610 [ 16.543257] ? __virt_addr_valid+0x1db/0x2d0 [ 16.543282] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.543308] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.543333] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.543359] kasan_report+0x141/0x180 [ 16.543382] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.543412] kasan_check_range+0x10c/0x1c0 [ 16.543448] __kasan_check_write+0x18/0x20 [ 16.543470] copy_user_test_oob+0x3fd/0x10f0 [ 16.543498] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.543522] ? finish_task_switch.isra.0+0x153/0x700 [ 16.543548] ? __switch_to+0x47/0xf50 [ 16.543574] ? __schedule+0x10cc/0x2b60 [ 16.543598] ? __pfx_read_tsc+0x10/0x10 [ 16.543620] ? ktime_get_ts64+0x86/0x230 [ 16.543646] kunit_try_run_case+0x1a5/0x480 [ 16.543672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.543697] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.543723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.543749] ? __kthread_parkme+0x82/0x180 [ 16.543784] ? preempt_count_sub+0x50/0x80 [ 16.543809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.543836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.543862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.543890] kthread+0x337/0x6f0 [ 16.543911] ? trace_preempt_on+0x20/0xc0 [ 16.543936] ? __pfx_kthread+0x10/0x10 [ 16.543958] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.543982] ? calculate_sigpending+0x7b/0xa0 [ 16.544008] ? __pfx_kthread+0x10/0x10 [ 16.544031] ret_from_fork+0x116/0x1d0 [ 16.544051] ? __pfx_kthread+0x10/0x10 [ 16.544073] ret_from_fork_asm+0x1a/0x30 [ 16.544105] </TASK> [ 16.544116] [ 16.551457] Allocated by task 302: [ 16.551630] kasan_save_stack+0x45/0x70 [ 16.551825] kasan_save_track+0x18/0x40 [ 16.551996] kasan_save_alloc_info+0x3b/0x50 [ 16.552184] __kasan_kmalloc+0xb7/0xc0 [ 16.552339] __kmalloc_noprof+0x1c9/0x500 [ 16.552560] kunit_kmalloc_array+0x25/0x60 [ 16.552896] copy_user_test_oob+0xab/0x10f0 [ 16.553085] kunit_try_run_case+0x1a5/0x480 [ 16.553264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.553587] kthread+0x337/0x6f0 [ 16.553768] ret_from_fork+0x116/0x1d0 [ 16.553930] ret_from_fork_asm+0x1a/0x30 [ 16.554153] [ 16.554233] The buggy address belongs to the object at ffff8881038e2900 [ 16.554233] which belongs to the cache kmalloc-128 of size 128 [ 16.554827] The buggy address is located 0 bytes inside of [ 16.554827] allocated 120-byte region [ffff8881038e2900, ffff8881038e2978) [ 16.555572] [ 16.555669] The buggy address belongs to the physical page: [ 16.555992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e2 [ 16.556247] flags: 0x200000000000000(node=0|zone=2) [ 16.556411] page_type: f5(slab) [ 16.556763] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.557122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.557396] page dumped because: kasan: bad access detected [ 16.557568] [ 16.557699] Memory state around the buggy address: [ 16.557957] ffff8881038e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.558317] ffff8881038e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.558849] >ffff8881038e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.559111] ^ [ 16.559326] ffff8881038e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.559584] ffff8881038e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.559912] ==================================================================