Date
July 20, 2025, 11:12 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.628465] ================================================================== [ 18.628617] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.628677] Read of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.628732] [ 18.628764] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.628846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.628904] Hardware name: linux,dummy-virt (DT) [ 18.628946] Call trace: [ 18.628972] show_stack+0x20/0x38 (C) [ 18.629019] dump_stack_lvl+0x8c/0xd0 [ 18.629075] print_report+0x118/0x5d0 [ 18.629185] kasan_report+0xdc/0x128 [ 18.629231] kasan_check_range+0x100/0x1a8 [ 18.629278] __kasan_check_read+0x20/0x30 [ 18.629324] copy_user_test_oob+0x3c8/0xec8 [ 18.629371] kunit_try_run_case+0x170/0x3f0 [ 18.629420] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.629473] kthread+0x328/0x630 [ 18.629514] ret_from_fork+0x10/0x20 [ 18.629738] [ 18.629834] Allocated by task 285: [ 18.629915] kasan_save_stack+0x3c/0x68 [ 18.629957] kasan_save_track+0x20/0x40 [ 18.630098] kasan_save_alloc_info+0x40/0x58 [ 18.630300] __kasan_kmalloc+0xd4/0xd8 [ 18.630361] __kmalloc_noprof+0x198/0x4c8 [ 18.630405] kunit_kmalloc_array+0x34/0x88 [ 18.630618] copy_user_test_oob+0xac/0xec8 [ 18.630659] kunit_try_run_case+0x170/0x3f0 [ 18.630707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.630751] kthread+0x328/0x630 [ 18.630784] ret_from_fork+0x10/0x20 [ 18.630822] [ 18.630843] The buggy address belongs to the object at fff00000c7025e00 [ 18.630843] which belongs to the cache kmalloc-128 of size 128 [ 18.630902] The buggy address is located 0 bytes inside of [ 18.630902] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.630963] [ 18.630986] The buggy address belongs to the physical page: [ 18.631025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.631080] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.631126] page_type: f5(slab) [ 18.631166] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.631217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.631273] page dumped because: kasan: bad access detected [ 18.631342] [ 18.631382] Memory state around the buggy address: [ 18.631730] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.631776] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.631821] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.631861] ^ [ 18.631904] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.631950] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.632005] ================================================================== [ 18.623019] ================================================================== [ 18.623097] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.623153] Write of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.623207] [ 18.623240] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.623325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.623354] Hardware name: linux,dummy-virt (DT) [ 18.623387] Call trace: [ 18.623414] show_stack+0x20/0x38 (C) [ 18.623479] dump_stack_lvl+0x8c/0xd0 [ 18.623528] print_report+0x118/0x5d0 [ 18.623577] kasan_report+0xdc/0x128 [ 18.623623] kasan_check_range+0x100/0x1a8 [ 18.623837] __kasan_check_write+0x20/0x30 [ 18.623970] copy_user_test_oob+0x35c/0xec8 [ 18.624129] kunit_try_run_case+0x170/0x3f0 [ 18.624191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.624246] kthread+0x328/0x630 [ 18.624288] ret_from_fork+0x10/0x20 [ 18.624363] [ 18.624421] Allocated by task 285: [ 18.624477] kasan_save_stack+0x3c/0x68 [ 18.624653] kasan_save_track+0x20/0x40 [ 18.624725] kasan_save_alloc_info+0x40/0x58 [ 18.624831] __kasan_kmalloc+0xd4/0xd8 [ 18.624891] __kmalloc_noprof+0x198/0x4c8 [ 18.625063] kunit_kmalloc_array+0x34/0x88 [ 18.625129] copy_user_test_oob+0xac/0xec8 [ 18.625179] kunit_try_run_case+0x170/0x3f0 [ 18.625221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.625268] kthread+0x328/0x630 [ 18.625302] ret_from_fork+0x10/0x20 [ 18.625386] [ 18.625472] The buggy address belongs to the object at fff00000c7025e00 [ 18.625472] which belongs to the cache kmalloc-128 of size 128 [ 18.625577] The buggy address is located 0 bytes inside of [ 18.625577] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.626474] [ 18.626507] The buggy address belongs to the physical page: [ 18.626568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.626681] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.626733] page_type: f5(slab) [ 18.626773] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.626824] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.626870] page dumped because: kasan: bad access detected [ 18.626902] [ 18.626923] Memory state around the buggy address: [ 18.626959] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.627024] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.627135] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.627276] ^ [ 18.627466] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.627510] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.627604] ================================================================== [ 18.637205] ================================================================== [ 18.637256] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.637303] Read of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.637355] [ 18.637388] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.637697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.637730] Hardware name: linux,dummy-virt (DT) [ 18.637762] Call trace: [ 18.637786] show_stack+0x20/0x38 (C) [ 18.637835] dump_stack_lvl+0x8c/0xd0 [ 18.637881] print_report+0x118/0x5d0 [ 18.637927] kasan_report+0xdc/0x128 [ 18.637974] kasan_check_range+0x100/0x1a8 [ 18.638024] __kasan_check_read+0x20/0x30 [ 18.638078] copy_user_test_oob+0x4a0/0xec8 [ 18.638235] kunit_try_run_case+0x170/0x3f0 [ 18.638326] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.638581] kthread+0x328/0x630 [ 18.639194] ret_from_fork+0x10/0x20 [ 18.639566] [ 18.639928] Allocated by task 285: [ 18.639980] kasan_save_stack+0x3c/0x68 [ 18.640026] kasan_save_track+0x20/0x40 [ 18.640066] kasan_save_alloc_info+0x40/0x58 [ 18.640283] __kasan_kmalloc+0xd4/0xd8 [ 18.640493] __kmalloc_noprof+0x198/0x4c8 [ 18.640534] kunit_kmalloc_array+0x34/0x88 [ 18.640573] copy_user_test_oob+0xac/0xec8 [ 18.640772] kunit_try_run_case+0x170/0x3f0 [ 18.640815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.640881] kthread+0x328/0x630 [ 18.640915] ret_from_fork+0x10/0x20 [ 18.640953] [ 18.640975] The buggy address belongs to the object at fff00000c7025e00 [ 18.640975] which belongs to the cache kmalloc-128 of size 128 [ 18.641342] The buggy address is located 0 bytes inside of [ 18.641342] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.641408] [ 18.641430] The buggy address belongs to the physical page: [ 18.641462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.641515] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.641567] page_type: f5(slab) [ 18.641606] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.641884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.642051] page dumped because: kasan: bad access detected [ 18.642087] [ 18.642109] Memory state around the buggy address: [ 18.642168] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.642533] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.642695] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.642736] ^ [ 18.642782] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.643072] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.643135] ================================================================== [ 18.632329] ================================================================== [ 18.632382] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.632430] Write of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.632482] [ 18.632523] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.632606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.632635] Hardware name: linux,dummy-virt (DT) [ 18.632680] Call trace: [ 18.632703] show_stack+0x20/0x38 (C) [ 18.632750] dump_stack_lvl+0x8c/0xd0 [ 18.632808] print_report+0x118/0x5d0 [ 18.632856] kasan_report+0xdc/0x128 [ 18.632901] kasan_check_range+0x100/0x1a8 [ 18.632961] __kasan_check_write+0x20/0x30 [ 18.633008] copy_user_test_oob+0x434/0xec8 [ 18.633056] kunit_try_run_case+0x170/0x3f0 [ 18.633102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.633156] kthread+0x328/0x630 [ 18.633197] ret_from_fork+0x10/0x20 [ 18.633262] [ 18.633285] Allocated by task 285: [ 18.633313] kasan_save_stack+0x3c/0x68 [ 18.633354] kasan_save_track+0x20/0x40 [ 18.633393] kasan_save_alloc_info+0x40/0x58 [ 18.633435] __kasan_kmalloc+0xd4/0xd8 [ 18.633473] __kmalloc_noprof+0x198/0x4c8 [ 18.633514] kunit_kmalloc_array+0x34/0x88 [ 18.633553] copy_user_test_oob+0xac/0xec8 [ 18.633592] kunit_try_run_case+0x170/0x3f0 [ 18.633637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.633878] kthread+0x328/0x630 [ 18.633920] ret_from_fork+0x10/0x20 [ 18.634077] [ 18.634103] The buggy address belongs to the object at fff00000c7025e00 [ 18.634103] which belongs to the cache kmalloc-128 of size 128 [ 18.634260] The buggy address is located 0 bytes inside of [ 18.634260] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.634437] [ 18.634458] The buggy address belongs to the physical page: [ 18.634495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.635288] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.635735] page_type: f5(slab) [ 18.635847] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.635973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.636081] page dumped because: kasan: bad access detected [ 18.636135] [ 18.636256] Memory state around the buggy address: [ 18.636290] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.636342] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.636391] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.636709] ^ [ 18.636752] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.636797] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.636838] ================================================================== [ 18.606827] ================================================================== [ 18.606889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.606943] Read of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.606996] [ 18.608248] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.608354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.608691] Hardware name: linux,dummy-virt (DT) [ 18.609297] Call trace: [ 18.609414] show_stack+0x20/0x38 (C) [ 18.609831] dump_stack_lvl+0x8c/0xd0 [ 18.610066] print_report+0x118/0x5d0 [ 18.610318] kasan_report+0xdc/0x128 [ 18.610423] kasan_check_range+0x100/0x1a8 [ 18.610616] __kasan_check_read+0x20/0x30 [ 18.610782] copy_user_test_oob+0x728/0xec8 [ 18.611029] kunit_try_run_case+0x170/0x3f0 [ 18.611143] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.611308] kthread+0x328/0x630 [ 18.611585] ret_from_fork+0x10/0x20 [ 18.611705] [ 18.611778] Allocated by task 285: [ 18.611842] kasan_save_stack+0x3c/0x68 [ 18.612200] kasan_save_track+0x20/0x40 [ 18.612368] kasan_save_alloc_info+0x40/0x58 [ 18.612449] __kasan_kmalloc+0xd4/0xd8 [ 18.612605] __kmalloc_noprof+0x198/0x4c8 [ 18.612647] kunit_kmalloc_array+0x34/0x88 [ 18.612973] copy_user_test_oob+0xac/0xec8 [ 18.613034] kunit_try_run_case+0x170/0x3f0 [ 18.613077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.613123] kthread+0x328/0x630 [ 18.613157] ret_from_fork+0x10/0x20 [ 18.613195] [ 18.613218] The buggy address belongs to the object at fff00000c7025e00 [ 18.613218] which belongs to the cache kmalloc-128 of size 128 [ 18.613280] The buggy address is located 0 bytes inside of [ 18.613280] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.613345] [ 18.613369] The buggy address belongs to the physical page: [ 18.613499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.613582] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.613634] page_type: f5(slab) [ 18.613696] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.613760] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.613819] page dumped because: kasan: bad access detected [ 18.613852] [ 18.613872] Memory state around the buggy address: [ 18.613906] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.613952] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.614007] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.614057] ^ [ 18.614099] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.614143] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.614185] ================================================================== [ 18.589773] ================================================================== [ 18.590052] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.590467] Write of size 121 at addr fff00000c7025e00 by task kunit_try_catch/285 [ 18.590545] [ 18.590892] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.591007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.591038] Hardware name: linux,dummy-virt (DT) [ 18.591425] Call trace: [ 18.591493] show_stack+0x20/0x38 (C) [ 18.591731] dump_stack_lvl+0x8c/0xd0 [ 18.592085] print_report+0x118/0x5d0 [ 18.592190] kasan_report+0xdc/0x128 [ 18.592258] kasan_check_range+0x100/0x1a8 [ 18.592604] __kasan_check_write+0x20/0x30 [ 18.592728] copy_user_test_oob+0x234/0xec8 [ 18.592842] kunit_try_run_case+0x170/0x3f0 [ 18.593206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.593544] kthread+0x328/0x630 [ 18.593652] ret_from_fork+0x10/0x20 [ 18.594095] [ 18.594144] Allocated by task 285: [ 18.594232] kasan_save_stack+0x3c/0x68 [ 18.594329] kasan_save_track+0x20/0x40 [ 18.594482] kasan_save_alloc_info+0x40/0x58 [ 18.594541] __kasan_kmalloc+0xd4/0xd8 [ 18.594930] __kmalloc_noprof+0x198/0x4c8 [ 18.595063] kunit_kmalloc_array+0x34/0x88 [ 18.595156] copy_user_test_oob+0xac/0xec8 [ 18.595322] kunit_try_run_case+0x170/0x3f0 [ 18.595725] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.595808] kthread+0x328/0x630 [ 18.595950] ret_from_fork+0x10/0x20 [ 18.596028] [ 18.596142] The buggy address belongs to the object at fff00000c7025e00 [ 18.596142] which belongs to the cache kmalloc-128 of size 128 [ 18.596209] The buggy address is located 0 bytes inside of [ 18.596209] allocated 120-byte region [fff00000c7025e00, fff00000c7025e78) [ 18.596274] [ 18.597086] The buggy address belongs to the physical page: [ 18.597231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107025 [ 18.597328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.597894] page_type: f5(slab) [ 18.598004] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.598070] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.598204] page dumped because: kasan: bad access detected [ 18.598265] [ 18.598286] Memory state around the buggy address: [ 18.598371] fff00000c7025d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.598741] fff00000c7025d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.598951] >fff00000c7025e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.599037] ^ [ 18.599371] fff00000c7025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.599544] fff00000c7025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.599612] ==================================================================
[ 16.404614] ================================================================== [ 16.405085] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.405332] Read of size 121 at addr ffff888102ad4e00 by task kunit_try_catch/303 [ 16.405698] [ 16.405803] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.405845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.405857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.405878] Call Trace: [ 16.405892] <TASK> [ 16.405917] dump_stack_lvl+0x73/0xb0 [ 16.405944] print_report+0xd1/0x610 [ 16.405965] ? __virt_addr_valid+0x1db/0x2d0 [ 16.405988] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.406011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.406033] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.406056] kasan_report+0x141/0x180 [ 16.406078] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.406106] kasan_check_range+0x10c/0x1c0 [ 16.406129] __kasan_check_read+0x15/0x20 [ 16.406148] copy_user_test_oob+0x4aa/0x10f0 [ 16.406174] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.406197] ? finish_task_switch.isra.0+0x153/0x700 [ 16.406220] ? __switch_to+0x47/0xf50 [ 16.406245] ? __schedule+0x10cc/0x2b60 [ 16.406268] ? __pfx_read_tsc+0x10/0x10 [ 16.406288] ? ktime_get_ts64+0x86/0x230 [ 16.406311] kunit_try_run_case+0x1a5/0x480 [ 16.406335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.406357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.406379] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.406402] ? __kthread_parkme+0x82/0x180 [ 16.406422] ? preempt_count_sub+0x50/0x80 [ 16.406445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.406470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.406493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.406516] kthread+0x337/0x6f0 [ 16.406536] ? trace_preempt_on+0x20/0xc0 [ 16.406558] ? __pfx_kthread+0x10/0x10 [ 16.406579] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.406600] ? calculate_sigpending+0x7b/0xa0 [ 16.406624] ? __pfx_kthread+0x10/0x10 [ 16.406645] ret_from_fork+0x116/0x1d0 [ 16.406663] ? __pfx_kthread+0x10/0x10 [ 16.406694] ret_from_fork_asm+0x1a/0x30 [ 16.406724] </TASK> [ 16.406734] [ 16.413925] Allocated by task 303: [ 16.414106] kasan_save_stack+0x45/0x70 [ 16.414316] kasan_save_track+0x18/0x40 [ 16.414512] kasan_save_alloc_info+0x3b/0x50 [ 16.414681] __kasan_kmalloc+0xb7/0xc0 [ 16.414848] __kmalloc_noprof+0x1c9/0x500 [ 16.415019] kunit_kmalloc_array+0x25/0x60 [ 16.415232] copy_user_test_oob+0xab/0x10f0 [ 16.415408] kunit_try_run_case+0x1a5/0x480 [ 16.415555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.415757] kthread+0x337/0x6f0 [ 16.415948] ret_from_fork+0x116/0x1d0 [ 16.416136] ret_from_fork_asm+0x1a/0x30 [ 16.416331] [ 16.416427] The buggy address belongs to the object at ffff888102ad4e00 [ 16.416427] which belongs to the cache kmalloc-128 of size 128 [ 16.416965] The buggy address is located 0 bytes inside of [ 16.416965] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.417381] [ 16.417480] The buggy address belongs to the physical page: [ 16.417789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.418092] flags: 0x200000000000000(node=0|zone=2) [ 16.418316] page_type: f5(slab) [ 16.418451] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.418682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.419030] page dumped because: kasan: bad access detected [ 16.419307] [ 16.419399] Memory state around the buggy address: [ 16.419571] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.419961] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.420220] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.420514] ^ [ 16.420840] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.421146] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.421426] ================================================================== [ 16.387312] ================================================================== [ 16.387646] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.388057] Write of size 121 at addr ffff888102ad4e00 by task kunit_try_catch/303 [ 16.388373] [ 16.388495] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.388539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.388563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.388585] Call Trace: [ 16.388597] <TASK> [ 16.388614] dump_stack_lvl+0x73/0xb0 [ 16.388641] print_report+0xd1/0x610 [ 16.388673] ? __virt_addr_valid+0x1db/0x2d0 [ 16.388695] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.388718] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.388752] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.388776] kasan_report+0x141/0x180 [ 16.388798] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.388826] kasan_check_range+0x10c/0x1c0 [ 16.388849] __kasan_check_write+0x18/0x20 [ 16.388869] copy_user_test_oob+0x3fd/0x10f0 [ 16.388894] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.388925] ? finish_task_switch.isra.0+0x153/0x700 [ 16.388947] ? __switch_to+0x47/0xf50 [ 16.388973] ? __schedule+0x10cc/0x2b60 [ 16.389004] ? __pfx_read_tsc+0x10/0x10 [ 16.389025] ? ktime_get_ts64+0x86/0x230 [ 16.389049] kunit_try_run_case+0x1a5/0x480 [ 16.389078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.389101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.389123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.389147] ? __kthread_parkme+0x82/0x180 [ 16.389167] ? preempt_count_sub+0x50/0x80 [ 16.389190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.389214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.389238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.389263] kthread+0x337/0x6f0 [ 16.389283] ? trace_preempt_on+0x20/0xc0 [ 16.389304] ? __pfx_kthread+0x10/0x10 [ 16.389325] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.389346] ? calculate_sigpending+0x7b/0xa0 [ 16.389370] ? __pfx_kthread+0x10/0x10 [ 16.389392] ret_from_fork+0x116/0x1d0 [ 16.389410] ? __pfx_kthread+0x10/0x10 [ 16.389431] ret_from_fork_asm+0x1a/0x30 [ 16.389462] </TASK> [ 16.389472] [ 16.396390] Allocated by task 303: [ 16.396521] kasan_save_stack+0x45/0x70 [ 16.396665] kasan_save_track+0x18/0x40 [ 16.396865] kasan_save_alloc_info+0x3b/0x50 [ 16.397089] __kasan_kmalloc+0xb7/0xc0 [ 16.397276] __kmalloc_noprof+0x1c9/0x500 [ 16.397482] kunit_kmalloc_array+0x25/0x60 [ 16.397695] copy_user_test_oob+0xab/0x10f0 [ 16.397915] kunit_try_run_case+0x1a5/0x480 [ 16.398104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.398316] kthread+0x337/0x6f0 [ 16.398486] ret_from_fork+0x116/0x1d0 [ 16.398653] ret_from_fork_asm+0x1a/0x30 [ 16.398867] [ 16.398961] The buggy address belongs to the object at ffff888102ad4e00 [ 16.398961] which belongs to the cache kmalloc-128 of size 128 [ 16.399429] The buggy address is located 0 bytes inside of [ 16.399429] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.399945] [ 16.400024] The buggy address belongs to the physical page: [ 16.400238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.400551] flags: 0x200000000000000(node=0|zone=2) [ 16.400812] page_type: f5(slab) [ 16.400970] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.401280] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.401509] page dumped because: kasan: bad access detected [ 16.401687] [ 16.401785] Memory state around the buggy address: [ 16.402142] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.402462] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.402775] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.403132] ^ [ 16.403389] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.403687] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.403961] ================================================================== [ 16.421883] ================================================================== [ 16.422190] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.422553] Write of size 121 at addr ffff888102ad4e00 by task kunit_try_catch/303 [ 16.422857] [ 16.422948] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.422990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.423002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.423023] Call Trace: [ 16.423036] <TASK> [ 16.423054] dump_stack_lvl+0x73/0xb0 [ 16.423081] print_report+0xd1/0x610 [ 16.423102] ? __virt_addr_valid+0x1db/0x2d0 [ 16.423124] ? copy_user_test_oob+0x557/0x10f0 [ 16.423148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.423170] ? copy_user_test_oob+0x557/0x10f0 [ 16.423193] kasan_report+0x141/0x180 [ 16.423216] ? copy_user_test_oob+0x557/0x10f0 [ 16.423243] kasan_check_range+0x10c/0x1c0 [ 16.423267] __kasan_check_write+0x18/0x20 [ 16.423288] copy_user_test_oob+0x557/0x10f0 [ 16.423313] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.423336] ? finish_task_switch.isra.0+0x153/0x700 [ 16.423358] ? __switch_to+0x47/0xf50 [ 16.423382] ? __schedule+0x10cc/0x2b60 [ 16.423405] ? __pfx_read_tsc+0x10/0x10 [ 16.423426] ? ktime_get_ts64+0x86/0x230 [ 16.423450] kunit_try_run_case+0x1a5/0x480 [ 16.423474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.423496] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.423518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.423543] ? __kthread_parkme+0x82/0x180 [ 16.423563] ? preempt_count_sub+0x50/0x80 [ 16.423585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.423609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.423633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.423655] kthread+0x337/0x6f0 [ 16.423675] ? trace_preempt_on+0x20/0xc0 [ 16.423697] ? __pfx_kthread+0x10/0x10 [ 16.423718] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.423739] ? calculate_sigpending+0x7b/0xa0 [ 16.423763] ? __pfx_kthread+0x10/0x10 [ 16.423785] ret_from_fork+0x116/0x1d0 [ 16.423811] ? __pfx_kthread+0x10/0x10 [ 16.423832] ret_from_fork_asm+0x1a/0x30 [ 16.423862] </TASK> [ 16.423872] [ 16.431284] Allocated by task 303: [ 16.431411] kasan_save_stack+0x45/0x70 [ 16.431554] kasan_save_track+0x18/0x40 [ 16.431689] kasan_save_alloc_info+0x3b/0x50 [ 16.431836] __kasan_kmalloc+0xb7/0xc0 [ 16.432023] __kmalloc_noprof+0x1c9/0x500 [ 16.432227] kunit_kmalloc_array+0x25/0x60 [ 16.432431] copy_user_test_oob+0xab/0x10f0 [ 16.432636] kunit_try_run_case+0x1a5/0x480 [ 16.432842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.433107] kthread+0x337/0x6f0 [ 16.433236] ret_from_fork+0x116/0x1d0 [ 16.433368] ret_from_fork_asm+0x1a/0x30 [ 16.433507] [ 16.433577] The buggy address belongs to the object at ffff888102ad4e00 [ 16.433577] which belongs to the cache kmalloc-128 of size 128 [ 16.433939] The buggy address is located 0 bytes inside of [ 16.433939] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.435121] [ 16.435220] The buggy address belongs to the physical page: [ 16.435475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.435796] flags: 0x200000000000000(node=0|zone=2) [ 16.435968] page_type: f5(slab) [ 16.436088] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.436319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.436543] page dumped because: kasan: bad access detected [ 16.436716] [ 16.436784] Memory state around the buggy address: [ 16.436957] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.437283] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.437602] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.438253] ^ [ 16.438566] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.439170] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.439485] ================================================================== [ 16.440053] ================================================================== [ 16.440379] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.440672] Read of size 121 at addr ffff888102ad4e00 by task kunit_try_catch/303 [ 16.440944] [ 16.441030] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.441070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.441082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.441104] Call Trace: [ 16.441117] <TASK> [ 16.441137] dump_stack_lvl+0x73/0xb0 [ 16.441162] print_report+0xd1/0x610 [ 16.441184] ? __virt_addr_valid+0x1db/0x2d0 [ 16.441207] ? copy_user_test_oob+0x604/0x10f0 [ 16.441230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.441253] ? copy_user_test_oob+0x604/0x10f0 [ 16.441276] kasan_report+0x141/0x180 [ 16.441298] ? copy_user_test_oob+0x604/0x10f0 [ 16.441325] kasan_check_range+0x10c/0x1c0 [ 16.441349] __kasan_check_read+0x15/0x20 [ 16.441368] copy_user_test_oob+0x604/0x10f0 [ 16.441393] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.441415] ? finish_task_switch.isra.0+0x153/0x700 [ 16.441438] ? __switch_to+0x47/0xf50 [ 16.441463] ? __schedule+0x10cc/0x2b60 [ 16.441485] ? __pfx_read_tsc+0x10/0x10 [ 16.441506] ? ktime_get_ts64+0x86/0x230 [ 16.441530] kunit_try_run_case+0x1a5/0x480 [ 16.441554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.441576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.441598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.441622] ? __kthread_parkme+0x82/0x180 [ 16.441642] ? preempt_count_sub+0x50/0x80 [ 16.441665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.441689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.441712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.441735] kthread+0x337/0x6f0 [ 16.441755] ? trace_preempt_on+0x20/0xc0 [ 16.441777] ? __pfx_kthread+0x10/0x10 [ 16.441798] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.441819] ? calculate_sigpending+0x7b/0xa0 [ 16.441842] ? __pfx_kthread+0x10/0x10 [ 16.441864] ret_from_fork+0x116/0x1d0 [ 16.441882] ? __pfx_kthread+0x10/0x10 [ 16.441903] ret_from_fork_asm+0x1a/0x30 [ 16.441942] </TASK> [ 16.441953] [ 16.454363] Allocated by task 303: [ 16.454801] kasan_save_stack+0x45/0x70 [ 16.455129] kasan_save_track+0x18/0x40 [ 16.455295] kasan_save_alloc_info+0x3b/0x50 [ 16.455506] __kasan_kmalloc+0xb7/0xc0 [ 16.455926] __kmalloc_noprof+0x1c9/0x500 [ 16.456119] kunit_kmalloc_array+0x25/0x60 [ 16.456430] copy_user_test_oob+0xab/0x10f0 [ 16.456629] kunit_try_run_case+0x1a5/0x480 [ 16.456955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.457365] kthread+0x337/0x6f0 [ 16.457528] ret_from_fork+0x116/0x1d0 [ 16.457808] ret_from_fork_asm+0x1a/0x30 [ 16.457979] [ 16.458070] The buggy address belongs to the object at ffff888102ad4e00 [ 16.458070] which belongs to the cache kmalloc-128 of size 128 [ 16.458586] The buggy address is located 0 bytes inside of [ 16.458586] allocated 120-byte region [ffff888102ad4e00, ffff888102ad4e78) [ 16.459346] [ 16.459641] The buggy address belongs to the physical page: [ 16.460029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 16.460410] flags: 0x200000000000000(node=0|zone=2) [ 16.460695] page_type: f5(slab) [ 16.460929] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.461262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.461570] page dumped because: kasan: bad access detected [ 16.462020] [ 16.462110] Memory state around the buggy address: [ 16.462452] ffff888102ad4d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.462969] ffff888102ad4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.463371] >ffff888102ad4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.463677] ^ [ 16.463987] ffff888102ad4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.464290] ffff888102ad4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.464600] ==================================================================