Date
July 19, 2025, 11:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.536275] ================================================================== [ 18.536543] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.536608] Read of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.536942] [ 18.537156] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.537256] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.537294] Hardware name: linux,dummy-virt (DT) [ 18.537328] Call trace: [ 18.537353] show_stack+0x20/0x38 (C) [ 18.537594] dump_stack_lvl+0x8c/0xd0 [ 18.537662] print_report+0x118/0x5d0 [ 18.537710] kasan_report+0xdc/0x128 [ 18.537756] kasan_check_range+0x100/0x1a8 [ 18.537813] __kasan_check_read+0x20/0x30 [ 18.537858] copy_user_test_oob+0x3c8/0xec8 [ 18.537915] kunit_try_run_case+0x170/0x3f0 [ 18.537972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.538027] kthread+0x328/0x630 [ 18.538071] ret_from_fork+0x10/0x20 [ 18.538119] [ 18.538140] Allocated by task 286: [ 18.538169] kasan_save_stack+0x3c/0x68 [ 18.538230] kasan_save_track+0x20/0x40 [ 18.538269] kasan_save_alloc_info+0x40/0x58 [ 18.538321] __kasan_kmalloc+0xd4/0xd8 [ 18.538362] __kmalloc_noprof+0x198/0x4c8 [ 18.538415] kunit_kmalloc_array+0x34/0x88 [ 18.538455] copy_user_test_oob+0xac/0xec8 [ 18.538503] kunit_try_run_case+0x170/0x3f0 [ 18.539138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.539816] kthread+0x328/0x630 [ 18.540102] ret_from_fork+0x10/0x20 [ 18.540240] [ 18.540266] The buggy address belongs to the object at fff00000c77d3500 [ 18.540266] which belongs to the cache kmalloc-128 of size 128 [ 18.540414] The buggy address is located 0 bytes inside of [ 18.540414] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.540498] [ 18.540984] The buggy address belongs to the physical page: [ 18.541126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.541502] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.541760] page_type: f5(slab) [ 18.541813] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.541995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.542164] page dumped because: kasan: bad access detected [ 18.542619] [ 18.542679] Memory state around the buggy address: [ 18.542985] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.543054] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.543144] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.543218] ^ [ 18.543411] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.543491] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.544172] ================================================================== [ 18.488611] ================================================================== [ 18.488751] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.488909] Write of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.489444] [ 18.489602] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.489715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.489803] Hardware name: linux,dummy-virt (DT) [ 18.489995] Call trace: [ 18.490084] show_stack+0x20/0x38 (C) [ 18.490291] dump_stack_lvl+0x8c/0xd0 [ 18.490436] print_report+0x118/0x5d0 [ 18.490768] kasan_report+0xdc/0x128 [ 18.490956] kasan_check_range+0x100/0x1a8 [ 18.491082] __kasan_check_write+0x20/0x30 [ 18.491252] copy_user_test_oob+0x234/0xec8 [ 18.491503] kunit_try_run_case+0x170/0x3f0 [ 18.491895] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.492021] kthread+0x328/0x630 [ 18.492174] ret_from_fork+0x10/0x20 [ 18.492330] [ 18.492410] Allocated by task 286: [ 18.492446] kasan_save_stack+0x3c/0x68 [ 18.493028] kasan_save_track+0x20/0x40 [ 18.493468] kasan_save_alloc_info+0x40/0x58 [ 18.493728] __kasan_kmalloc+0xd4/0xd8 [ 18.494098] __kmalloc_noprof+0x198/0x4c8 [ 18.494156] kunit_kmalloc_array+0x34/0x88 [ 18.494196] copy_user_test_oob+0xac/0xec8 [ 18.494238] kunit_try_run_case+0x170/0x3f0 [ 18.494476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.494591] kthread+0x328/0x630 [ 18.494966] ret_from_fork+0x10/0x20 [ 18.495121] [ 18.495489] The buggy address belongs to the object at fff00000c77d3500 [ 18.495489] which belongs to the cache kmalloc-128 of size 128 [ 18.495592] The buggy address is located 0 bytes inside of [ 18.495592] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.495891] [ 18.495940] The buggy address belongs to the physical page: [ 18.496010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.496079] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.496160] page_type: f5(slab) [ 18.496205] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.496450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.496780] page dumped because: kasan: bad access detected [ 18.496831] [ 18.496852] Memory state around the buggy address: [ 18.496911] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.496959] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.497007] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.497049] ^ [ 18.497094] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.497139] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.497179] ================================================================== [ 18.525209] ================================================================== [ 18.525427] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.525503] Write of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.525678] [ 18.526094] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.526290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.526322] Hardware name: linux,dummy-virt (DT) [ 18.526980] Call trace: [ 18.527018] show_stack+0x20/0x38 (C) [ 18.527196] dump_stack_lvl+0x8c/0xd0 [ 18.527364] print_report+0x118/0x5d0 [ 18.527634] kasan_report+0xdc/0x128 [ 18.527900] kasan_check_range+0x100/0x1a8 [ 18.527964] __kasan_check_write+0x20/0x30 [ 18.528167] copy_user_test_oob+0x35c/0xec8 [ 18.528374] kunit_try_run_case+0x170/0x3f0 [ 18.528456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.528618] kthread+0x328/0x630 [ 18.528781] ret_from_fork+0x10/0x20 [ 18.528855] [ 18.528878] Allocated by task 286: [ 18.528955] kasan_save_stack+0x3c/0x68 [ 18.529184] kasan_save_track+0x20/0x40 [ 18.529385] kasan_save_alloc_info+0x40/0x58 [ 18.529542] __kasan_kmalloc+0xd4/0xd8 [ 18.529651] __kmalloc_noprof+0x198/0x4c8 [ 18.529714] kunit_kmalloc_array+0x34/0x88 [ 18.529829] copy_user_test_oob+0xac/0xec8 [ 18.529872] kunit_try_run_case+0x170/0x3f0 [ 18.529912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.530113] kthread+0x328/0x630 [ 18.530499] ret_from_fork+0x10/0x20 [ 18.530609] [ 18.530639] The buggy address belongs to the object at fff00000c77d3500 [ 18.530639] which belongs to the cache kmalloc-128 of size 128 [ 18.530920] The buggy address is located 0 bytes inside of [ 18.530920] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.531159] [ 18.531252] The buggy address belongs to the physical page: [ 18.531365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.531440] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.531491] page_type: f5(slab) [ 18.531548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.532068] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.532120] page dumped because: kasan: bad access detected [ 18.532253] [ 18.532397] Memory state around the buggy address: [ 18.532915] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.532982] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.533230] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.533504] ^ [ 18.533592] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.534044] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.534182] ================================================================== [ 18.546577] ================================================================== [ 18.546642] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.546876] Write of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.547046] [ 18.547090] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.547183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.547448] Hardware name: linux,dummy-virt (DT) [ 18.547524] Call trace: [ 18.547672] show_stack+0x20/0x38 (C) [ 18.547735] dump_stack_lvl+0x8c/0xd0 [ 18.547991] print_report+0x118/0x5d0 [ 18.548234] kasan_report+0xdc/0x128 [ 18.548296] kasan_check_range+0x100/0x1a8 [ 18.548609] __kasan_check_write+0x20/0x30 [ 18.548687] copy_user_test_oob+0x434/0xec8 [ 18.549035] kunit_try_run_case+0x170/0x3f0 [ 18.549206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.549402] kthread+0x328/0x630 [ 18.549464] ret_from_fork+0x10/0x20 [ 18.549562] [ 18.549612] Allocated by task 286: [ 18.549645] kasan_save_stack+0x3c/0x68 [ 18.549689] kasan_save_track+0x20/0x40 [ 18.549903] kasan_save_alloc_info+0x40/0x58 [ 18.549979] __kasan_kmalloc+0xd4/0xd8 [ 18.550183] __kmalloc_noprof+0x198/0x4c8 [ 18.550388] kunit_kmalloc_array+0x34/0x88 [ 18.550593] copy_user_test_oob+0xac/0xec8 [ 18.550854] kunit_try_run_case+0x170/0x3f0 [ 18.550905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.551099] kthread+0x328/0x630 [ 18.551210] ret_from_fork+0x10/0x20 [ 18.551299] [ 18.551810] The buggy address belongs to the object at fff00000c77d3500 [ 18.551810] which belongs to the cache kmalloc-128 of size 128 [ 18.551927] The buggy address is located 0 bytes inside of [ 18.551927] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.552044] [ 18.552173] The buggy address belongs to the physical page: [ 18.552207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.552285] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.552566] page_type: f5(slab) [ 18.552837] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.552904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.552969] page dumped because: kasan: bad access detected [ 18.553014] [ 18.553037] Memory state around the buggy address: [ 18.553072] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.553119] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553164] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.553205] ^ [ 18.553273] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553335] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553377] ================================================================== [ 18.556011] ================================================================== [ 18.556410] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.556499] Read of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.556603] [ 18.556638] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.556724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.556754] Hardware name: linux,dummy-virt (DT) [ 18.557014] Call trace: [ 18.557189] show_stack+0x20/0x38 (C) [ 18.557378] dump_stack_lvl+0x8c/0xd0 [ 18.557442] print_report+0x118/0x5d0 [ 18.557714] kasan_report+0xdc/0x128 [ 18.557822] kasan_check_range+0x100/0x1a8 [ 18.558032] __kasan_check_read+0x20/0x30 [ 18.558248] copy_user_test_oob+0x4a0/0xec8 [ 18.558339] kunit_try_run_case+0x170/0x3f0 [ 18.558517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.558915] kthread+0x328/0x630 [ 18.559018] ret_from_fork+0x10/0x20 [ 18.559169] [ 18.559773] Allocated by task 286: [ 18.560003] kasan_save_stack+0x3c/0x68 [ 18.560127] kasan_save_track+0x20/0x40 [ 18.560217] kasan_save_alloc_info+0x40/0x58 [ 18.560356] __kasan_kmalloc+0xd4/0xd8 [ 18.560559] __kmalloc_noprof+0x198/0x4c8 [ 18.560649] kunit_kmalloc_array+0x34/0x88 [ 18.560787] copy_user_test_oob+0xac/0xec8 [ 18.561088] kunit_try_run_case+0x170/0x3f0 [ 18.561182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.561348] kthread+0x328/0x630 [ 18.561491] ret_from_fork+0x10/0x20 [ 18.561597] [ 18.561623] The buggy address belongs to the object at fff00000c77d3500 [ 18.561623] which belongs to the cache kmalloc-128 of size 128 [ 18.561702] The buggy address is located 0 bytes inside of [ 18.561702] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.561783] [ 18.561813] The buggy address belongs to the physical page: [ 18.561847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.561911] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.561960] page_type: f5(slab) [ 18.562000] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.562052] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.562104] page dumped because: kasan: bad access detected [ 18.562150] [ 18.562180] Memory state around the buggy address: [ 18.562222] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.562269] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562316] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.562356] ^ [ 18.562408] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562472] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562521] ================================================================== [ 18.507104] ================================================================== [ 18.507169] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.507234] Read of size 121 at addr fff00000c77d3500 by task kunit_try_catch/286 [ 18.507288] [ 18.507336] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.507422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.507456] Hardware name: linux,dummy-virt (DT) [ 18.507491] Call trace: [ 18.507524] show_stack+0x20/0x38 (C) [ 18.508275] dump_stack_lvl+0x8c/0xd0 [ 18.508545] print_report+0x118/0x5d0 [ 18.508619] kasan_report+0xdc/0x128 [ 18.508724] kasan_check_range+0x100/0x1a8 [ 18.508779] __kasan_check_read+0x20/0x30 [ 18.508824] copy_user_test_oob+0x728/0xec8 [ 18.509035] kunit_try_run_case+0x170/0x3f0 [ 18.509371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.509440] kthread+0x328/0x630 [ 18.509650] ret_from_fork+0x10/0x20 [ 18.509700] [ 18.510109] Allocated by task 286: [ 18.510237] kasan_save_stack+0x3c/0x68 [ 18.510287] kasan_save_track+0x20/0x40 [ 18.510326] kasan_save_alloc_info+0x40/0x58 [ 18.510569] __kasan_kmalloc+0xd4/0xd8 [ 18.510695] __kmalloc_noprof+0x198/0x4c8 [ 18.510854] kunit_kmalloc_array+0x34/0x88 [ 18.511154] copy_user_test_oob+0xac/0xec8 [ 18.511272] kunit_try_run_case+0x170/0x3f0 [ 18.511334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.511416] kthread+0x328/0x630 [ 18.511484] ret_from_fork+0x10/0x20 [ 18.511555] [ 18.511896] The buggy address belongs to the object at fff00000c77d3500 [ 18.511896] which belongs to the cache kmalloc-128 of size 128 [ 18.512126] The buggy address is located 0 bytes inside of [ 18.512126] allocated 120-byte region [fff00000c77d3500, fff00000c77d3578) [ 18.512525] [ 18.512656] The buggy address belongs to the physical page: [ 18.512693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d3 [ 18.512767] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.513201] page_type: f5(slab) [ 18.513548] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.513654] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.513822] page dumped because: kasan: bad access detected [ 18.514144] [ 18.514336] Memory state around the buggy address: [ 18.514388] fff00000c77d3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.514442] fff00000c77d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.514489] >fff00000c77d3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.514948] ^ [ 18.515065] fff00000c77d3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.515117] fff00000c77d3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.515515] ==================================================================
[ 16.165295] ================================================================== [ 16.165839] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.166137] Write of size 121 at addr ffff888102f59b00 by task kunit_try_catch/303 [ 16.166875] [ 16.167077] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.167125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.167137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.167159] Call Trace: [ 16.167173] <TASK> [ 16.167190] dump_stack_lvl+0x73/0xb0 [ 16.167219] print_report+0xd1/0x610 [ 16.167253] ? __virt_addr_valid+0x1db/0x2d0 [ 16.167278] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.167302] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.167326] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.167349] kasan_report+0x141/0x180 [ 16.167372] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.167401] kasan_check_range+0x10c/0x1c0 [ 16.167426] __kasan_check_write+0x18/0x20 [ 16.167445] copy_user_test_oob+0x3fd/0x10f0 [ 16.167471] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.167495] ? finish_task_switch.isra.0+0x153/0x700 [ 16.167530] ? __switch_to+0x47/0xf50 [ 16.167555] ? __schedule+0x10cc/0x2b60 [ 16.167578] ? __pfx_read_tsc+0x10/0x10 [ 16.167600] ? ktime_get_ts64+0x86/0x230 [ 16.167625] kunit_try_run_case+0x1a5/0x480 [ 16.167650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.167673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.167698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.167723] ? __kthread_parkme+0x82/0x180 [ 16.167745] ? preempt_count_sub+0x50/0x80 [ 16.167769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.167793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.167818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.167848] kthread+0x337/0x6f0 [ 16.167870] ? trace_preempt_on+0x20/0xc0 [ 16.167894] ? __pfx_kthread+0x10/0x10 [ 16.167914] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.167936] ? calculate_sigpending+0x7b/0xa0 [ 16.167962] ? __pfx_kthread+0x10/0x10 [ 16.167984] ret_from_fork+0x116/0x1d0 [ 16.168003] ? __pfx_kthread+0x10/0x10 [ 16.168024] ret_from_fork_asm+0x1a/0x30 [ 16.168055] </TASK> [ 16.168066] [ 16.179003] Allocated by task 303: [ 16.179208] kasan_save_stack+0x45/0x70 [ 16.179415] kasan_save_track+0x18/0x40 [ 16.179619] kasan_save_alloc_info+0x3b/0x50 [ 16.179809] __kasan_kmalloc+0xb7/0xc0 [ 16.179943] __kmalloc_noprof+0x1c9/0x500 [ 16.180109] kunit_kmalloc_array+0x25/0x60 [ 16.180307] copy_user_test_oob+0xab/0x10f0 [ 16.180508] kunit_try_run_case+0x1a5/0x480 [ 16.180713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.180890] kthread+0x337/0x6f0 [ 16.181060] ret_from_fork+0x116/0x1d0 [ 16.181360] ret_from_fork_asm+0x1a/0x30 [ 16.181573] [ 16.181647] The buggy address belongs to the object at ffff888102f59b00 [ 16.181647] which belongs to the cache kmalloc-128 of size 128 [ 16.182118] The buggy address is located 0 bytes inside of [ 16.182118] allocated 120-byte region [ffff888102f59b00, ffff888102f59b78) [ 16.182639] [ 16.182713] The buggy address belongs to the physical page: [ 16.182889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 16.183174] flags: 0x200000000000000(node=0|zone=2) [ 16.183418] page_type: f5(slab) [ 16.183597] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.183939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.184211] page dumped because: kasan: bad access detected [ 16.184382] [ 16.184468] Memory state around the buggy address: [ 16.184705] ffff888102f59a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.185033] ffff888102f59a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.185423] >ffff888102f59b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.185729] ^ [ 16.185999] ffff888102f59b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.186238] ffff888102f59c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.186621] ================================================================== [ 16.205304] ================================================================== [ 16.205625] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.205919] Write of size 121 at addr ffff888102f59b00 by task kunit_try_catch/303 [ 16.206293] [ 16.206388] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.206434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.206446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.206469] Call Trace: [ 16.206488] <TASK> [ 16.206517] dump_stack_lvl+0x73/0xb0 [ 16.206546] print_report+0xd1/0x610 [ 16.206568] ? __virt_addr_valid+0x1db/0x2d0 [ 16.206593] ? copy_user_test_oob+0x557/0x10f0 [ 16.206616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.206639] ? copy_user_test_oob+0x557/0x10f0 [ 16.206664] kasan_report+0x141/0x180 [ 16.206685] ? copy_user_test_oob+0x557/0x10f0 [ 16.206713] kasan_check_range+0x10c/0x1c0 [ 16.206738] __kasan_check_write+0x18/0x20 [ 16.206759] copy_user_test_oob+0x557/0x10f0 [ 16.206785] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.206808] ? finish_task_switch.isra.0+0x153/0x700 [ 16.206832] ? __switch_to+0x47/0xf50 [ 16.206859] ? __schedule+0x10cc/0x2b60 [ 16.206882] ? __pfx_read_tsc+0x10/0x10 [ 16.206904] ? ktime_get_ts64+0x86/0x230 [ 16.206929] kunit_try_run_case+0x1a5/0x480 [ 16.206955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.206978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.207003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.207027] ? __kthread_parkme+0x82/0x180 [ 16.207049] ? preempt_count_sub+0x50/0x80 [ 16.207073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.207098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.207123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.207148] kthread+0x337/0x6f0 [ 16.207182] ? trace_preempt_on+0x20/0xc0 [ 16.207206] ? __pfx_kthread+0x10/0x10 [ 16.207227] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.207249] ? calculate_sigpending+0x7b/0xa0 [ 16.207274] ? __pfx_kthread+0x10/0x10 [ 16.207297] ret_from_fork+0x116/0x1d0 [ 16.207317] ? __pfx_kthread+0x10/0x10 [ 16.207337] ret_from_fork_asm+0x1a/0x30 [ 16.207369] </TASK> [ 16.207380] [ 16.214435] Allocated by task 303: [ 16.214624] kasan_save_stack+0x45/0x70 [ 16.214785] kasan_save_track+0x18/0x40 [ 16.214978] kasan_save_alloc_info+0x3b/0x50 [ 16.215155] __kasan_kmalloc+0xb7/0xc0 [ 16.215336] __kmalloc_noprof+0x1c9/0x500 [ 16.215547] kunit_kmalloc_array+0x25/0x60 [ 16.215727] copy_user_test_oob+0xab/0x10f0 [ 16.215900] kunit_try_run_case+0x1a5/0x480 [ 16.216118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.216339] kthread+0x337/0x6f0 [ 16.216514] ret_from_fork+0x116/0x1d0 [ 16.216682] ret_from_fork_asm+0x1a/0x30 [ 16.216870] [ 16.216941] The buggy address belongs to the object at ffff888102f59b00 [ 16.216941] which belongs to the cache kmalloc-128 of size 128 [ 16.217453] The buggy address is located 0 bytes inside of [ 16.217453] allocated 120-byte region [ffff888102f59b00, ffff888102f59b78) [ 16.217949] [ 16.218023] The buggy address belongs to the physical page: [ 16.218393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 16.218712] flags: 0x200000000000000(node=0|zone=2) [ 16.218922] page_type: f5(slab) [ 16.219088] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.219458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.219762] page dumped because: kasan: bad access detected [ 16.220000] [ 16.220085] Memory state around the buggy address: [ 16.220341] ffff888102f59a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.220609] ffff888102f59a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.220831] >ffff888102f59b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.221046] ^ [ 16.221313] ffff888102f59b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.221819] ffff888102f59c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.222097] ================================================================== [ 16.222589] ================================================================== [ 16.223105] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.223729] Read of size 121 at addr ffff888102f59b00 by task kunit_try_catch/303 [ 16.224066] [ 16.224171] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.224216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.224228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.224250] Call Trace: [ 16.224271] <TASK> [ 16.224287] dump_stack_lvl+0x73/0xb0 [ 16.224316] print_report+0xd1/0x610 [ 16.224340] ? __virt_addr_valid+0x1db/0x2d0 [ 16.224365] ? copy_user_test_oob+0x604/0x10f0 [ 16.224390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.224413] ? copy_user_test_oob+0x604/0x10f0 [ 16.224437] kasan_report+0x141/0x180 [ 16.224459] ? copy_user_test_oob+0x604/0x10f0 [ 16.224487] kasan_check_range+0x10c/0x1c0 [ 16.224522] __kasan_check_read+0x15/0x20 [ 16.224542] copy_user_test_oob+0x604/0x10f0 [ 16.224567] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.224591] ? finish_task_switch.isra.0+0x153/0x700 [ 16.224615] ? __switch_to+0x47/0xf50 [ 16.224642] ? __schedule+0x10cc/0x2b60 [ 16.224665] ? __pfx_read_tsc+0x10/0x10 [ 16.224687] ? ktime_get_ts64+0x86/0x230 [ 16.224712] kunit_try_run_case+0x1a5/0x480 [ 16.224737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.224760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.224785] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.224810] ? __kthread_parkme+0x82/0x180 [ 16.224831] ? preempt_count_sub+0x50/0x80 [ 16.224855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.224880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.224904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.224929] kthread+0x337/0x6f0 [ 16.224950] ? trace_preempt_on+0x20/0xc0 [ 16.224974] ? __pfx_kthread+0x10/0x10 [ 16.224995] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.225016] ? calculate_sigpending+0x7b/0xa0 [ 16.225042] ? __pfx_kthread+0x10/0x10 [ 16.225063] ret_from_fork+0x116/0x1d0 [ 16.225083] ? __pfx_kthread+0x10/0x10 [ 16.225104] ret_from_fork_asm+0x1a/0x30 [ 16.225136] </TASK> [ 16.225146] [ 16.232119] Allocated by task 303: [ 16.232489] kasan_save_stack+0x45/0x70 [ 16.232703] kasan_save_track+0x18/0x40 [ 16.232899] kasan_save_alloc_info+0x3b/0x50 [ 16.233112] __kasan_kmalloc+0xb7/0xc0 [ 16.233387] __kmalloc_noprof+0x1c9/0x500 [ 16.233560] kunit_kmalloc_array+0x25/0x60 [ 16.233732] copy_user_test_oob+0xab/0x10f0 [ 16.233943] kunit_try_run_case+0x1a5/0x480 [ 16.234122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.234463] kthread+0x337/0x6f0 [ 16.234622] ret_from_fork+0x116/0x1d0 [ 16.234797] ret_from_fork_asm+0x1a/0x30 [ 16.234993] [ 16.235071] The buggy address belongs to the object at ffff888102f59b00 [ 16.235071] which belongs to the cache kmalloc-128 of size 128 [ 16.235625] The buggy address is located 0 bytes inside of [ 16.235625] allocated 120-byte region [ffff888102f59b00, ffff888102f59b78) [ 16.235985] [ 16.236059] The buggy address belongs to the physical page: [ 16.236234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 16.236477] flags: 0x200000000000000(node=0|zone=2) [ 16.236651] page_type: f5(slab) [ 16.236775] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.237109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.237857] page dumped because: kasan: bad access detected [ 16.238102] [ 16.238199] Memory state around the buggy address: [ 16.238419] ffff888102f59a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.238741] ffff888102f59a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.239052] >ffff888102f59b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.239362] ^ [ 16.239763] ffff888102f59b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.240019] ffff888102f59c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.240425] ================================================================== [ 16.187382] ================================================================== [ 16.187734] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.187971] Read of size 121 at addr ffff888102f59b00 by task kunit_try_catch/303 [ 16.188198] [ 16.188286] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.188330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.188342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.188364] Call Trace: [ 16.188384] <TASK> [ 16.188402] dump_stack_lvl+0x73/0xb0 [ 16.188429] print_report+0xd1/0x610 [ 16.188451] ? __virt_addr_valid+0x1db/0x2d0 [ 16.188473] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.188496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.188529] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.188552] kasan_report+0x141/0x180 [ 16.188573] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.188602] kasan_check_range+0x10c/0x1c0 [ 16.188626] __kasan_check_read+0x15/0x20 [ 16.188645] copy_user_test_oob+0x4aa/0x10f0 [ 16.188670] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.188693] ? finish_task_switch.isra.0+0x153/0x700 [ 16.188716] ? __switch_to+0x47/0xf50 [ 16.188741] ? __schedule+0x10cc/0x2b60 [ 16.188783] ? __pfx_read_tsc+0x10/0x10 [ 16.188805] ? ktime_get_ts64+0x86/0x230 [ 16.188830] kunit_try_run_case+0x1a5/0x480 [ 16.188855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.188879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.188904] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.188928] ? __kthread_parkme+0x82/0x180 [ 16.188950] ? preempt_count_sub+0x50/0x80 [ 16.188974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.188998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.189023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.189048] kthread+0x337/0x6f0 [ 16.189068] ? trace_preempt_on+0x20/0xc0 [ 16.189092] ? __pfx_kthread+0x10/0x10 [ 16.189113] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.189135] ? calculate_sigpending+0x7b/0xa0 [ 16.189161] ? __pfx_kthread+0x10/0x10 [ 16.189182] ret_from_fork+0x116/0x1d0 [ 16.189202] ? __pfx_kthread+0x10/0x10 [ 16.189223] ret_from_fork_asm+0x1a/0x30 [ 16.189255] </TASK> [ 16.189266] [ 16.196955] Allocated by task 303: [ 16.197094] kasan_save_stack+0x45/0x70 [ 16.197354] kasan_save_track+0x18/0x40 [ 16.197573] kasan_save_alloc_info+0x3b/0x50 [ 16.197791] __kasan_kmalloc+0xb7/0xc0 [ 16.197976] __kmalloc_noprof+0x1c9/0x500 [ 16.198151] kunit_kmalloc_array+0x25/0x60 [ 16.198355] copy_user_test_oob+0xab/0x10f0 [ 16.198539] kunit_try_run_case+0x1a5/0x480 [ 16.198739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.198972] kthread+0x337/0x6f0 [ 16.199096] ret_from_fork+0x116/0x1d0 [ 16.199398] ret_from_fork_asm+0x1a/0x30 [ 16.199604] [ 16.199691] The buggy address belongs to the object at ffff888102f59b00 [ 16.199691] which belongs to the cache kmalloc-128 of size 128 [ 16.200158] The buggy address is located 0 bytes inside of [ 16.200158] allocated 120-byte region [ffff888102f59b00, ffff888102f59b78) [ 16.200568] [ 16.200642] The buggy address belongs to the physical page: [ 16.200816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 16.201059] flags: 0x200000000000000(node=0|zone=2) [ 16.201263] page_type: f5(slab) [ 16.201517] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.201855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.202231] page dumped because: kasan: bad access detected [ 16.202482] [ 16.202582] Memory state around the buggy address: [ 16.202931] ffff888102f59a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.203214] ffff888102f59a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.203520] >ffff888102f59b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.203763] ^ [ 16.204081] ffff888102f59b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.204410] ffff888102f59c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.204697] ==================================================================