Date
July 19, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.213235] ================================================================== [ 18.213305] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.213357] Read of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.213413] [ 18.213444] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.213529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.213559] Hardware name: linux,dummy-virt (DT) [ 18.213592] Call trace: [ 18.213621] show_stack+0x20/0x38 (C) [ 18.213669] dump_stack_lvl+0x8c/0xd0 [ 18.213740] print_report+0x118/0x5d0 [ 18.213789] kasan_report+0xdc/0x128 [ 18.213835] kasan_check_range+0x100/0x1a8 [ 18.213892] __kasan_check_read+0x20/0x30 [ 18.213946] copy_user_test_oob+0x3c8/0xec8 [ 18.213995] kunit_try_run_case+0x170/0x3f0 [ 18.214042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.214095] kthread+0x328/0x630 [ 18.214138] ret_from_fork+0x10/0x20 [ 18.214187] [ 18.214210] Allocated by task 285: [ 18.214238] kasan_save_stack+0x3c/0x68 [ 18.214280] kasan_save_track+0x20/0x40 [ 18.214318] kasan_save_alloc_info+0x40/0x58 [ 18.214370] __kasan_kmalloc+0xd4/0xd8 [ 18.214416] __kmalloc_noprof+0x198/0x4c8 [ 18.214465] kunit_kmalloc_array+0x34/0x88 [ 18.214505] copy_user_test_oob+0xac/0xec8 [ 18.214544] kunit_try_run_case+0x170/0x3f0 [ 18.214582] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.214627] kthread+0x328/0x630 [ 18.214662] ret_from_fork+0x10/0x20 [ 18.214909] [ 18.214937] The buggy address belongs to the object at fff00000c790e600 [ 18.214937] which belongs to the cache kmalloc-128 of size 128 [ 18.215000] The buggy address is located 0 bytes inside of [ 18.215000] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.215451] [ 18.215702] The buggy address belongs to the physical page: [ 18.215755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.216077] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.216590] page_type: f5(slab) [ 18.216992] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.217306] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.217934] page dumped because: kasan: bad access detected [ 18.218013] [ 18.218057] Memory state around the buggy address: [ 18.218377] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.218473] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.219369] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.219424] ^ [ 18.219473] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.219545] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.219608] ================================================================== [ 18.203402] ================================================================== [ 18.203498] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.203669] Write of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.203740] [ 18.203782] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.203873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.204304] Hardware name: linux,dummy-virt (DT) [ 18.204389] Call trace: [ 18.204491] show_stack+0x20/0x38 (C) [ 18.204551] dump_stack_lvl+0x8c/0xd0 [ 18.204627] print_report+0x118/0x5d0 [ 18.204677] kasan_report+0xdc/0x128 [ 18.204736] kasan_check_range+0x100/0x1a8 [ 18.205208] __kasan_check_write+0x20/0x30 [ 18.205304] copy_user_test_oob+0x35c/0xec8 [ 18.205466] kunit_try_run_case+0x170/0x3f0 [ 18.205558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.205945] kthread+0x328/0x630 [ 18.206018] ret_from_fork+0x10/0x20 [ 18.206083] [ 18.206436] Allocated by task 285: [ 18.206507] kasan_save_stack+0x3c/0x68 [ 18.206645] kasan_save_track+0x20/0x40 [ 18.206713] kasan_save_alloc_info+0x40/0x58 [ 18.206832] __kasan_kmalloc+0xd4/0xd8 [ 18.207176] __kmalloc_noprof+0x198/0x4c8 [ 18.207332] kunit_kmalloc_array+0x34/0x88 [ 18.207533] copy_user_test_oob+0xac/0xec8 [ 18.207716] kunit_try_run_case+0x170/0x3f0 [ 18.207796] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.207960] kthread+0x328/0x630 [ 18.208027] ret_from_fork+0x10/0x20 [ 18.208065] [ 18.208088] The buggy address belongs to the object at fff00000c790e600 [ 18.208088] which belongs to the cache kmalloc-128 of size 128 [ 18.208156] The buggy address is located 0 bytes inside of [ 18.208156] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.208393] [ 18.208607] The buggy address belongs to the physical page: [ 18.208658] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.209070] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.209230] page_type: f5(slab) [ 18.209305] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.209384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.209429] page dumped because: kasan: bad access detected [ 18.209927] [ 18.209966] Memory state around the buggy address: [ 18.210186] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.210253] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.210385] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.210427] ^ [ 18.210475] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.210952] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.211139] ================================================================== [ 18.170657] ================================================================== [ 18.170798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.170892] Write of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.171546] [ 18.171671] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.172072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.172182] Hardware name: linux,dummy-virt (DT) [ 18.172268] Call trace: [ 18.172627] show_stack+0x20/0x38 (C) [ 18.172713] dump_stack_lvl+0x8c/0xd0 [ 18.172908] print_report+0x118/0x5d0 [ 18.173348] kasan_report+0xdc/0x128 [ 18.173466] kasan_check_range+0x100/0x1a8 [ 18.173585] __kasan_check_write+0x20/0x30 [ 18.173817] copy_user_test_oob+0x234/0xec8 [ 18.173986] kunit_try_run_case+0x170/0x3f0 [ 18.174083] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.174186] kthread+0x328/0x630 [ 18.174239] ret_from_fork+0x10/0x20 [ 18.174698] [ 18.174767] Allocated by task 285: [ 18.174822] kasan_save_stack+0x3c/0x68 [ 18.175270] kasan_save_track+0x20/0x40 [ 18.175609] kasan_save_alloc_info+0x40/0x58 [ 18.175762] __kasan_kmalloc+0xd4/0xd8 [ 18.176157] __kmalloc_noprof+0x198/0x4c8 [ 18.176213] kunit_kmalloc_array+0x34/0x88 [ 18.176256] copy_user_test_oob+0xac/0xec8 [ 18.176494] kunit_try_run_case+0x170/0x3f0 [ 18.176929] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.177107] kthread+0x328/0x630 [ 18.177217] ret_from_fork+0x10/0x20 [ 18.177391] [ 18.177415] The buggy address belongs to the object at fff00000c790e600 [ 18.177415] which belongs to the cache kmalloc-128 of size 128 [ 18.177629] The buggy address is located 0 bytes inside of [ 18.177629] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.177835] [ 18.177886] The buggy address belongs to the physical page: [ 18.177973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.178060] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.178127] page_type: f5(slab) [ 18.178189] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.178252] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.178309] page dumped because: kasan: bad access detected [ 18.178343] [ 18.178373] Memory state around the buggy address: [ 18.178419] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.178478] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.178536] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.178577] ^ [ 18.178631] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.178675] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.178744] ================================================================== [ 18.221922] ================================================================== [ 18.221987] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.222211] Write of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.222280] [ 18.222312] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.222718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.222770] Hardware name: linux,dummy-virt (DT) [ 18.222804] Call trace: [ 18.223100] show_stack+0x20/0x38 (C) [ 18.223256] dump_stack_lvl+0x8c/0xd0 [ 18.223312] print_report+0x118/0x5d0 [ 18.223359] kasan_report+0xdc/0x128 [ 18.223411] kasan_check_range+0x100/0x1a8 [ 18.223641] __kasan_check_write+0x20/0x30 [ 18.223910] copy_user_test_oob+0x434/0xec8 [ 18.223969] kunit_try_run_case+0x170/0x3f0 [ 18.224017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.224071] kthread+0x328/0x630 [ 18.224115] ret_from_fork+0x10/0x20 [ 18.224787] [ 18.224902] Allocated by task 285: [ 18.224972] kasan_save_stack+0x3c/0x68 [ 18.225131] kasan_save_track+0x20/0x40 [ 18.225174] kasan_save_alloc_info+0x40/0x58 [ 18.225217] __kasan_kmalloc+0xd4/0xd8 [ 18.225266] __kmalloc_noprof+0x198/0x4c8 [ 18.225307] kunit_kmalloc_array+0x34/0x88 [ 18.225356] copy_user_test_oob+0xac/0xec8 [ 18.225403] kunit_try_run_case+0x170/0x3f0 [ 18.225443] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.225497] kthread+0x328/0x630 [ 18.225533] ret_from_fork+0x10/0x20 [ 18.225569] [ 18.225593] The buggy address belongs to the object at fff00000c790e600 [ 18.225593] which belongs to the cache kmalloc-128 of size 128 [ 18.225656] The buggy address is located 0 bytes inside of [ 18.225656] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.225739] [ 18.225780] The buggy address belongs to the physical page: [ 18.225820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.225895] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.225958] page_type: f5(slab) [ 18.225997] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.226057] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.226108] page dumped because: kasan: bad access detected [ 18.226163] [ 18.226197] Memory state around the buggy address: [ 18.226233] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.226279] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.226325] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.226365] ^ [ 18.226409] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.226453] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.226495] ================================================================== [ 18.227381] ================================================================== [ 18.228084] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.228155] Read of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.228209] [ 18.228242] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.228326] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.228356] Hardware name: linux,dummy-virt (DT) [ 18.228387] Call trace: [ 18.228411] show_stack+0x20/0x38 (C) [ 18.228460] dump_stack_lvl+0x8c/0xd0 [ 18.228507] print_report+0x118/0x5d0 [ 18.228554] kasan_report+0xdc/0x128 [ 18.228601] kasan_check_range+0x100/0x1a8 [ 18.228651] __kasan_check_read+0x20/0x30 [ 18.228710] copy_user_test_oob+0x4a0/0xec8 [ 18.228757] kunit_try_run_case+0x170/0x3f0 [ 18.228806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.228860] kthread+0x328/0x630 [ 18.228904] ret_from_fork+0x10/0x20 [ 18.228952] [ 18.228973] Allocated by task 285: [ 18.229002] kasan_save_stack+0x3c/0x68 [ 18.229044] kasan_save_track+0x20/0x40 [ 18.229083] kasan_save_alloc_info+0x40/0x58 [ 18.229126] __kasan_kmalloc+0xd4/0xd8 [ 18.229165] __kmalloc_noprof+0x198/0x4c8 [ 18.229204] kunit_kmalloc_array+0x34/0x88 [ 18.229242] copy_user_test_oob+0xac/0xec8 [ 18.229281] kunit_try_run_case+0x170/0x3f0 [ 18.229319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.229364] kthread+0x328/0x630 [ 18.229397] ret_from_fork+0x10/0x20 [ 18.229434] [ 18.229455] The buggy address belongs to the object at fff00000c790e600 [ 18.229455] which belongs to the cache kmalloc-128 of size 128 [ 18.229514] The buggy address is located 0 bytes inside of [ 18.229514] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.229576] [ 18.229597] The buggy address belongs to the physical page: [ 18.229636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.229770] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.229846] page_type: f5(slab) [ 18.229995] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.230346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.230487] page dumped because: kasan: bad access detected [ 18.230741] [ 18.230803] Memory state around the buggy address: [ 18.230840] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.230895] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.231055] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.231122] ^ [ 18.231228] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.231305] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.231524] ================================================================== [ 18.186618] ================================================================== [ 18.186746] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.187213] Read of size 121 at addr fff00000c790e600 by task kunit_try_catch/285 [ 18.187310] [ 18.187345] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.187743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.187774] Hardware name: linux,dummy-virt (DT) [ 18.187808] Call trace: [ 18.188205] show_stack+0x20/0x38 (C) [ 18.188369] dump_stack_lvl+0x8c/0xd0 [ 18.188492] print_report+0x118/0x5d0 [ 18.188544] kasan_report+0xdc/0x128 [ 18.188591] kasan_check_range+0x100/0x1a8 [ 18.188876] __kasan_check_read+0x20/0x30 [ 18.189046] copy_user_test_oob+0x728/0xec8 [ 18.189146] kunit_try_run_case+0x170/0x3f0 [ 18.189222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.189403] kthread+0x328/0x630 [ 18.189569] ret_from_fork+0x10/0x20 [ 18.189655] [ 18.189677] Allocated by task 285: [ 18.189729] kasan_save_stack+0x3c/0x68 [ 18.190041] kasan_save_track+0x20/0x40 [ 18.190136] kasan_save_alloc_info+0x40/0x58 [ 18.190298] __kasan_kmalloc+0xd4/0xd8 [ 18.190343] __kmalloc_noprof+0x198/0x4c8 [ 18.190383] kunit_kmalloc_array+0x34/0x88 [ 18.190558] copy_user_test_oob+0xac/0xec8 [ 18.190638] kunit_try_run_case+0x170/0x3f0 [ 18.190708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.190754] kthread+0x328/0x630 [ 18.190788] ret_from_fork+0x10/0x20 [ 18.190828] [ 18.190870] The buggy address belongs to the object at fff00000c790e600 [ 18.190870] which belongs to the cache kmalloc-128 of size 128 [ 18.190941] The buggy address is located 0 bytes inside of [ 18.190941] allocated 120-byte region [fff00000c790e600, fff00000c790e678) [ 18.191014] [ 18.191045] The buggy address belongs to the physical page: [ 18.191079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10790e [ 18.191152] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.191203] page_type: f5(slab) [ 18.191242] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.191295] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.191338] page dumped because: kasan: bad access detected [ 18.191381] [ 18.191403] Memory state around the buggy address: [ 18.191437] fff00000c790e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.191483] fff00000c790e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.191529] >fff00000c790e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.191570] ^ [ 18.191613] fff00000c790e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.191659] fff00000c790e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.191710] ==================================================================
[ 16.023436] ================================================================== [ 16.023779] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.024121] Read of size 121 at addr ffff888102fd1e00 by task kunit_try_catch/303 [ 16.024464] [ 16.024551] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.024592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.024605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.024626] Call Trace: [ 16.024640] <TASK> [ 16.024655] dump_stack_lvl+0x73/0xb0 [ 16.024681] print_report+0xd1/0x610 [ 16.024705] ? __virt_addr_valid+0x1db/0x2d0 [ 16.024727] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.024752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.024774] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.024798] kasan_report+0x141/0x180 [ 16.024820] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.024848] kasan_check_range+0x10c/0x1c0 [ 16.024872] __kasan_check_read+0x15/0x20 [ 16.024891] copy_user_test_oob+0x4aa/0x10f0 [ 16.024918] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.024941] ? finish_task_switch.isra.0+0x153/0x700 [ 16.024963] ? __switch_to+0x47/0xf50 [ 16.024995] ? __schedule+0x10cc/0x2b60 [ 16.025028] ? __pfx_read_tsc+0x10/0x10 [ 16.025050] ? ktime_get_ts64+0x86/0x230 [ 16.025073] kunit_try_run_case+0x1a5/0x480 [ 16.025097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.025120] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.025144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.025168] ? __kthread_parkme+0x82/0x180 [ 16.025189] ? preempt_count_sub+0x50/0x80 [ 16.025213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.025237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.025261] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.025285] kthread+0x337/0x6f0 [ 16.025306] ? trace_preempt_on+0x20/0xc0 [ 16.025329] ? __pfx_kthread+0x10/0x10 [ 16.025350] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.025371] ? calculate_sigpending+0x7b/0xa0 [ 16.025408] ? __pfx_kthread+0x10/0x10 [ 16.025430] ret_from_fork+0x116/0x1d0 [ 16.025450] ? __pfx_kthread+0x10/0x10 [ 16.025470] ret_from_fork_asm+0x1a/0x30 [ 16.025500] </TASK> [ 16.025510] [ 16.032757] Allocated by task 303: [ 16.032934] kasan_save_stack+0x45/0x70 [ 16.033121] kasan_save_track+0x18/0x40 [ 16.033289] kasan_save_alloc_info+0x3b/0x50 [ 16.033566] __kasan_kmalloc+0xb7/0xc0 [ 16.033745] __kmalloc_noprof+0x1c9/0x500 [ 16.033907] kunit_kmalloc_array+0x25/0x60 [ 16.034059] copy_user_test_oob+0xab/0x10f0 [ 16.034274] kunit_try_run_case+0x1a5/0x480 [ 16.034576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.034775] kthread+0x337/0x6f0 [ 16.034942] ret_from_fork+0x116/0x1d0 [ 16.035104] ret_from_fork_asm+0x1a/0x30 [ 16.035302] [ 16.035394] The buggy address belongs to the object at ffff888102fd1e00 [ 16.035394] which belongs to the cache kmalloc-128 of size 128 [ 16.035844] The buggy address is located 0 bytes inside of [ 16.035844] allocated 120-byte region [ffff888102fd1e00, ffff888102fd1e78) [ 16.036329] [ 16.036404] The buggy address belongs to the physical page: [ 16.036653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 16.036949] flags: 0x200000000000000(node=0|zone=2) [ 16.037174] page_type: f5(slab) [ 16.037313] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.037713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.037947] page dumped because: kasan: bad access detected [ 16.038184] [ 16.038279] Memory state around the buggy address: [ 16.038620] ffff888102fd1d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.038850] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.039180] >ffff888102fd1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.039497] ^ [ 16.039719] ffff888102fd1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.039941] ffff888102fd1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.040240] ================================================================== [ 16.006103] ================================================================== [ 16.006476] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.006757] Write of size 121 at addr ffff888102fd1e00 by task kunit_try_catch/303 [ 16.007087] [ 16.007172] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.007214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.007226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.007246] Call Trace: [ 16.007259] <TASK> [ 16.007273] dump_stack_lvl+0x73/0xb0 [ 16.007302] print_report+0xd1/0x610 [ 16.007324] ? __virt_addr_valid+0x1db/0x2d0 [ 16.007347] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.007371] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.007393] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.007431] kasan_report+0x141/0x180 [ 16.007454] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.007482] kasan_check_range+0x10c/0x1c0 [ 16.007506] __kasan_check_write+0x18/0x20 [ 16.007525] copy_user_test_oob+0x3fd/0x10f0 [ 16.007550] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.007573] ? finish_task_switch.isra.0+0x153/0x700 [ 16.007595] ? __switch_to+0x47/0xf50 [ 16.007620] ? __schedule+0x10cc/0x2b60 [ 16.007643] ? __pfx_read_tsc+0x10/0x10 [ 16.007665] ? ktime_get_ts64+0x86/0x230 [ 16.007688] kunit_try_run_case+0x1a5/0x480 [ 16.007713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.007736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.007760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.007784] ? __kthread_parkme+0x82/0x180 [ 16.007804] ? preempt_count_sub+0x50/0x80 [ 16.007828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.007852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.007877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.007902] kthread+0x337/0x6f0 [ 16.007921] ? trace_preempt_on+0x20/0xc0 [ 16.007944] ? __pfx_kthread+0x10/0x10 [ 16.007966] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.007987] ? calculate_sigpending+0x7b/0xa0 [ 16.008021] ? __pfx_kthread+0x10/0x10 [ 16.008043] ret_from_fork+0x116/0x1d0 [ 16.008062] ? __pfx_kthread+0x10/0x10 [ 16.008083] ret_from_fork_asm+0x1a/0x30 [ 16.008113] </TASK> [ 16.008123] [ 16.015242] Allocated by task 303: [ 16.015452] kasan_save_stack+0x45/0x70 [ 16.015652] kasan_save_track+0x18/0x40 [ 16.015850] kasan_save_alloc_info+0x3b/0x50 [ 16.016074] __kasan_kmalloc+0xb7/0xc0 [ 16.016237] __kmalloc_noprof+0x1c9/0x500 [ 16.016376] kunit_kmalloc_array+0x25/0x60 [ 16.016588] copy_user_test_oob+0xab/0x10f0 [ 16.016800] kunit_try_run_case+0x1a5/0x480 [ 16.017001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.017188] kthread+0x337/0x6f0 [ 16.017360] ret_from_fork+0x116/0x1d0 [ 16.017558] ret_from_fork_asm+0x1a/0x30 [ 16.017737] [ 16.017825] The buggy address belongs to the object at ffff888102fd1e00 [ 16.017825] which belongs to the cache kmalloc-128 of size 128 [ 16.018307] The buggy address is located 0 bytes inside of [ 16.018307] allocated 120-byte region [ffff888102fd1e00, ffff888102fd1e78) [ 16.018805] [ 16.018904] The buggy address belongs to the physical page: [ 16.019118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 16.019478] flags: 0x200000000000000(node=0|zone=2) [ 16.019647] page_type: f5(slab) [ 16.019767] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.019998] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.020233] page dumped because: kasan: bad access detected [ 16.020404] [ 16.020473] Memory state around the buggy address: [ 16.020670] ffff888102fd1d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.021356] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.021673] >ffff888102fd1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.021985] ^ [ 16.022305] ffff888102fd1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.022619] ffff888102fd1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.022955] ================================================================== [ 16.040890] ================================================================== [ 16.041427] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.041706] Write of size 121 at addr ffff888102fd1e00 by task kunit_try_catch/303 [ 16.041994] [ 16.042114] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.042157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.042168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.042190] Call Trace: [ 16.042203] <TASK> [ 16.042218] dump_stack_lvl+0x73/0xb0 [ 16.042245] print_report+0xd1/0x610 [ 16.042268] ? __virt_addr_valid+0x1db/0x2d0 [ 16.042290] ? copy_user_test_oob+0x557/0x10f0 [ 16.042313] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.042335] ? copy_user_test_oob+0x557/0x10f0 [ 16.042359] kasan_report+0x141/0x180 [ 16.042383] ? copy_user_test_oob+0x557/0x10f0 [ 16.042419] kasan_check_range+0x10c/0x1c0 [ 16.042443] __kasan_check_write+0x18/0x20 [ 16.042462] copy_user_test_oob+0x557/0x10f0 [ 16.042488] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.042511] ? finish_task_switch.isra.0+0x153/0x700 [ 16.042532] ? __switch_to+0x47/0xf50 [ 16.042557] ? __schedule+0x10cc/0x2b60 [ 16.042579] ? __pfx_read_tsc+0x10/0x10 [ 16.042602] ? ktime_get_ts64+0x86/0x230 [ 16.042626] kunit_try_run_case+0x1a5/0x480 [ 16.042651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.042674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.042698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.042722] ? __kthread_parkme+0x82/0x180 [ 16.042743] ? preempt_count_sub+0x50/0x80 [ 16.042766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.042790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.042814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.042838] kthread+0x337/0x6f0 [ 16.042857] ? trace_preempt_on+0x20/0xc0 [ 16.042880] ? __pfx_kthread+0x10/0x10 [ 16.042901] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.042923] ? calculate_sigpending+0x7b/0xa0 [ 16.042947] ? __pfx_kthread+0x10/0x10 [ 16.042968] ret_from_fork+0x116/0x1d0 [ 16.042987] ? __pfx_kthread+0x10/0x10 [ 16.043018] ret_from_fork_asm+0x1a/0x30 [ 16.043049] </TASK> [ 16.043059] [ 16.049852] Allocated by task 303: [ 16.050040] kasan_save_stack+0x45/0x70 [ 16.050304] kasan_save_track+0x18/0x40 [ 16.050626] kasan_save_alloc_info+0x3b/0x50 [ 16.050836] __kasan_kmalloc+0xb7/0xc0 [ 16.051036] __kmalloc_noprof+0x1c9/0x500 [ 16.051191] kunit_kmalloc_array+0x25/0x60 [ 16.051336] copy_user_test_oob+0xab/0x10f0 [ 16.051722] kunit_try_run_case+0x1a5/0x480 [ 16.051927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.052113] kthread+0x337/0x6f0 [ 16.052235] ret_from_fork+0x116/0x1d0 [ 16.052367] ret_from_fork_asm+0x1a/0x30 [ 16.052572] [ 16.052666] The buggy address belongs to the object at ffff888102fd1e00 [ 16.052666] which belongs to the cache kmalloc-128 of size 128 [ 16.053226] The buggy address is located 0 bytes inside of [ 16.053226] allocated 120-byte region [ffff888102fd1e00, ffff888102fd1e78) [ 16.053738] [ 16.053826] The buggy address belongs to the physical page: [ 16.054049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 16.054290] flags: 0x200000000000000(node=0|zone=2) [ 16.054682] page_type: f5(slab) [ 16.054848] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.055178] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.055503] page dumped because: kasan: bad access detected [ 16.055719] [ 16.055789] Memory state around the buggy address: [ 16.056021] ffff888102fd1d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.056308] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.056603] >ffff888102fd1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.056903] ^ [ 16.057204] ffff888102fd1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.057529] ffff888102fd1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.057812] ================================================================== [ 16.058280] ================================================================== [ 16.058614] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.058898] Read of size 121 at addr ffff888102fd1e00 by task kunit_try_catch/303 [ 16.059221] [ 16.059304] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.059343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.059356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.059375] Call Trace: [ 16.059388] <TASK> [ 16.059401] dump_stack_lvl+0x73/0xb0 [ 16.059427] print_report+0xd1/0x610 [ 16.059450] ? __virt_addr_valid+0x1db/0x2d0 [ 16.059472] ? copy_user_test_oob+0x604/0x10f0 [ 16.059496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.059518] ? copy_user_test_oob+0x604/0x10f0 [ 16.059542] kasan_report+0x141/0x180 [ 16.059564] ? copy_user_test_oob+0x604/0x10f0 [ 16.059592] kasan_check_range+0x10c/0x1c0 [ 16.059616] __kasan_check_read+0x15/0x20 [ 16.059635] copy_user_test_oob+0x604/0x10f0 [ 16.059660] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.059683] ? finish_task_switch.isra.0+0x153/0x700 [ 16.059705] ? __switch_to+0x47/0xf50 [ 16.059730] ? __schedule+0x10cc/0x2b60 [ 16.059753] ? __pfx_read_tsc+0x10/0x10 [ 16.059774] ? ktime_get_ts64+0x86/0x230 [ 16.059798] kunit_try_run_case+0x1a5/0x480 [ 16.059823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.059846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.059870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.059894] ? __kthread_parkme+0x82/0x180 [ 16.059916] ? preempt_count_sub+0x50/0x80 [ 16.059941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.059967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.059991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.060025] kthread+0x337/0x6f0 [ 16.060046] ? trace_preempt_on+0x20/0xc0 [ 16.060068] ? __pfx_kthread+0x10/0x10 [ 16.060090] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.060111] ? calculate_sigpending+0x7b/0xa0 [ 16.060135] ? __pfx_kthread+0x10/0x10 [ 16.060158] ret_from_fork+0x116/0x1d0 [ 16.060178] ? __pfx_kthread+0x10/0x10 [ 16.060198] ret_from_fork_asm+0x1a/0x30 [ 16.060229] </TASK> [ 16.060239] [ 16.067554] Allocated by task 303: [ 16.067762] kasan_save_stack+0x45/0x70 [ 16.067962] kasan_save_track+0x18/0x40 [ 16.068164] kasan_save_alloc_info+0x3b/0x50 [ 16.068372] __kasan_kmalloc+0xb7/0xc0 [ 16.068565] __kmalloc_noprof+0x1c9/0x500 [ 16.068713] kunit_kmalloc_array+0x25/0x60 [ 16.068856] copy_user_test_oob+0xab/0x10f0 [ 16.069016] kunit_try_run_case+0x1a5/0x480 [ 16.069230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.069601] kthread+0x337/0x6f0 [ 16.069770] ret_from_fork+0x116/0x1d0 [ 16.069962] ret_from_fork_asm+0x1a/0x30 [ 16.070142] [ 16.070235] The buggy address belongs to the object at ffff888102fd1e00 [ 16.070235] which belongs to the cache kmalloc-128 of size 128 [ 16.070714] The buggy address is located 0 bytes inside of [ 16.070714] allocated 120-byte region [ffff888102fd1e00, ffff888102fd1e78) [ 16.071178] [ 16.071272] The buggy address belongs to the physical page: [ 16.071518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fd1 [ 16.071838] flags: 0x200000000000000(node=0|zone=2) [ 16.072039] page_type: f5(slab) [ 16.072196] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.072519] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.072836] page dumped because: kasan: bad access detected [ 16.073081] [ 16.073151] Memory state around the buggy address: [ 16.073304] ffff888102fd1d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.073761] ffff888102fd1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.074114] >ffff888102fd1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.074338] ^ [ 16.074725] ffff888102fd1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.075151] ffff888102fd1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.075393] ==================================================================