Date
July 17, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.566461] ================================================================== [ 18.566522] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.566575] Write of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.566629] [ 18.566659] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.566807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.566866] Hardware name: linux,dummy-virt (DT) [ 18.566898] Call trace: [ 18.566921] show_stack+0x20/0x38 (C) [ 18.566970] dump_stack_lvl+0x8c/0xd0 [ 18.567031] print_report+0x118/0x5d0 [ 18.567077] kasan_report+0xdc/0x128 [ 18.567122] kasan_check_range+0x100/0x1a8 [ 18.567171] __kasan_check_write+0x20/0x30 [ 18.567216] copy_user_test_oob+0x35c/0xec8 [ 18.567447] kunit_try_run_case+0x170/0x3f0 [ 18.567498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.567552] kthread+0x328/0x630 [ 18.567844] ret_from_fork+0x10/0x20 [ 18.567894] [ 18.567913] Allocated by task 286: [ 18.567941] kasan_save_stack+0x3c/0x68 [ 18.567994] kasan_save_track+0x20/0x40 [ 18.568035] kasan_save_alloc_info+0x40/0x58 [ 18.568076] __kasan_kmalloc+0xd4/0xd8 [ 18.568115] __kmalloc_noprof+0x198/0x4c8 [ 18.568161] kunit_kmalloc_array+0x34/0x88 [ 18.568364] copy_user_test_oob+0xac/0xec8 [ 18.568555] kunit_try_run_case+0x170/0x3f0 [ 18.568745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.568849] kthread+0x328/0x630 [ 18.568883] ret_from_fork+0x10/0x20 [ 18.568921] [ 18.568942] The buggy address belongs to the object at fff00000c65eec00 [ 18.568942] which belongs to the cache kmalloc-128 of size 128 [ 18.569013] The buggy address is located 0 bytes inside of [ 18.569013] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.569080] [ 18.569101] The buggy address belongs to the physical page: [ 18.569134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.569188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.569264] page_type: f5(slab) [ 18.569384] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.569438] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.569482] page dumped because: kasan: bad access detected [ 18.569515] [ 18.569536] Memory state around the buggy address: [ 18.569569] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.569617] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.569665] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.569709] ^ [ 18.569755] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.569801] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.569861] ================================================================== [ 18.575523] ================================================================== [ 18.575571] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.575618] Write of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.575692] [ 18.575760] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.575844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.575874] Hardware name: linux,dummy-virt (DT) [ 18.575907] Call trace: [ 18.575929] show_stack+0x20/0x38 (C) [ 18.575976] dump_stack_lvl+0x8c/0xd0 [ 18.576034] print_report+0x118/0x5d0 [ 18.576081] kasan_report+0xdc/0x128 [ 18.576126] kasan_check_range+0x100/0x1a8 [ 18.576174] __kasan_check_write+0x20/0x30 [ 18.576221] copy_user_test_oob+0x434/0xec8 [ 18.576267] kunit_try_run_case+0x170/0x3f0 [ 18.576379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.576588] kthread+0x328/0x630 [ 18.576632] ret_from_fork+0x10/0x20 [ 18.576960] [ 18.577058] Allocated by task 286: [ 18.577100] kasan_save_stack+0x3c/0x68 [ 18.577143] kasan_save_track+0x20/0x40 [ 18.577224] kasan_save_alloc_info+0x40/0x58 [ 18.577436] __kasan_kmalloc+0xd4/0xd8 [ 18.577477] __kmalloc_noprof+0x198/0x4c8 [ 18.577542] kunit_kmalloc_array+0x34/0x88 [ 18.577582] copy_user_test_oob+0xac/0xec8 [ 18.577686] kunit_try_run_case+0x170/0x3f0 [ 18.577769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.577815] kthread+0x328/0x630 [ 18.577849] ret_from_fork+0x10/0x20 [ 18.577887] [ 18.577908] The buggy address belongs to the object at fff00000c65eec00 [ 18.577908] which belongs to the cache kmalloc-128 of size 128 [ 18.577969] The buggy address is located 0 bytes inside of [ 18.577969] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.578047] [ 18.578071] The buggy address belongs to the physical page: [ 18.578105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.578160] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.578209] page_type: f5(slab) [ 18.578247] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.578302] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.578392] page dumped because: kasan: bad access detected [ 18.578479] [ 18.578562] Memory state around the buggy address: [ 18.578604] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.578693] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.578936] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.578988] ^ [ 18.579045] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.579096] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.579289] ================================================================== [ 18.570344] ================================================================== [ 18.570660] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.570811] Read of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.570864] [ 18.570895] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.570990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.571020] Hardware name: linux,dummy-virt (DT) [ 18.571052] Call trace: [ 18.571077] show_stack+0x20/0x38 (C) [ 18.571123] dump_stack_lvl+0x8c/0xd0 [ 18.571169] print_report+0x118/0x5d0 [ 18.571257] kasan_report+0xdc/0x128 [ 18.571305] kasan_check_range+0x100/0x1a8 [ 18.571492] __kasan_check_read+0x20/0x30 [ 18.571540] copy_user_test_oob+0x3c8/0xec8 [ 18.571589] kunit_try_run_case+0x170/0x3f0 [ 18.571644] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.571884] kthread+0x328/0x630 [ 18.572445] ret_from_fork+0x10/0x20 [ 18.572607] [ 18.572722] Allocated by task 286: [ 18.572758] kasan_save_stack+0x3c/0x68 [ 18.572883] kasan_save_track+0x20/0x40 [ 18.572933] kasan_save_alloc_info+0x40/0x58 [ 18.573006] __kasan_kmalloc+0xd4/0xd8 [ 18.573143] __kmalloc_noprof+0x198/0x4c8 [ 18.573184] kunit_kmalloc_array+0x34/0x88 [ 18.573233] copy_user_test_oob+0xac/0xec8 [ 18.573271] kunit_try_run_case+0x170/0x3f0 [ 18.573327] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.573373] kthread+0x328/0x630 [ 18.573532] ret_from_fork+0x10/0x20 [ 18.573716] [ 18.573748] The buggy address belongs to the object at fff00000c65eec00 [ 18.573748] which belongs to the cache kmalloc-128 of size 128 [ 18.573837] The buggy address is located 0 bytes inside of [ 18.573837] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.574159] [ 18.574211] The buggy address belongs to the physical page: [ 18.574243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.574296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.574345] page_type: f5(slab) [ 18.574391] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.574650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.574860] page dumped because: kasan: bad access detected [ 18.575000] [ 18.575020] Memory state around the buggy address: [ 18.575054] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.575101] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.575147] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.575187] ^ [ 18.575231] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.575276] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.575317] ================================================================== [ 18.558657] ================================================================== [ 18.558720] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.558774] Read of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.558829] [ 18.558863] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.558947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.558976] Hardware name: linux,dummy-virt (DT) [ 18.559035] Call trace: [ 18.559108] show_stack+0x20/0x38 (C) [ 18.559159] dump_stack_lvl+0x8c/0xd0 [ 18.559207] print_report+0x118/0x5d0 [ 18.559254] kasan_report+0xdc/0x128 [ 18.559300] kasan_check_range+0x100/0x1a8 [ 18.559348] __kasan_check_read+0x20/0x30 [ 18.559394] copy_user_test_oob+0x728/0xec8 [ 18.559445] kunit_try_run_case+0x170/0x3f0 [ 18.559493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.559546] kthread+0x328/0x630 [ 18.559677] ret_from_fork+0x10/0x20 [ 18.559772] [ 18.559792] Allocated by task 286: [ 18.559887] kasan_save_stack+0x3c/0x68 [ 18.559937] kasan_save_track+0x20/0x40 [ 18.560330] kasan_save_alloc_info+0x40/0x58 [ 18.560417] __kasan_kmalloc+0xd4/0xd8 [ 18.560457] __kmalloc_noprof+0x198/0x4c8 [ 18.560518] kunit_kmalloc_array+0x34/0x88 [ 18.560559] copy_user_test_oob+0xac/0xec8 [ 18.560597] kunit_try_run_case+0x170/0x3f0 [ 18.560638] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.560684] kthread+0x328/0x630 [ 18.560718] ret_from_fork+0x10/0x20 [ 18.560756] [ 18.560802] The buggy address belongs to the object at fff00000c65eec00 [ 18.560802] which belongs to the cache kmalloc-128 of size 128 [ 18.560916] The buggy address is located 0 bytes inside of [ 18.560916] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.561196] [ 18.561219] The buggy address belongs to the physical page: [ 18.561252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.561306] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.561357] page_type: f5(slab) [ 18.561396] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.561448] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.561519] page dumped because: kasan: bad access detected [ 18.561691] [ 18.561760] Memory state around the buggy address: [ 18.561849] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.561956] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562011] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.562075] ^ [ 18.562120] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562166] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.562208] ================================================================== [ 18.549370] ================================================================== [ 18.549680] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.549761] Write of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.549819] [ 18.549858] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.549948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.549990] Hardware name: linux,dummy-virt (DT) [ 18.550025] Call trace: [ 18.550049] show_stack+0x20/0x38 (C) [ 18.550101] dump_stack_lvl+0x8c/0xd0 [ 18.550154] print_report+0x118/0x5d0 [ 18.550205] kasan_report+0xdc/0x128 [ 18.550259] kasan_check_range+0x100/0x1a8 [ 18.550353] __kasan_check_write+0x20/0x30 [ 18.550401] copy_user_test_oob+0x234/0xec8 [ 18.550448] kunit_try_run_case+0x170/0x3f0 [ 18.550499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.550554] kthread+0x328/0x630 [ 18.550599] ret_from_fork+0x10/0x20 [ 18.550664] [ 18.550684] Allocated by task 286: [ 18.550718] kasan_save_stack+0x3c/0x68 [ 18.550760] kasan_save_track+0x20/0x40 [ 18.550800] kasan_save_alloc_info+0x40/0x58 [ 18.550843] __kasan_kmalloc+0xd4/0xd8 [ 18.550880] __kmalloc_noprof+0x198/0x4c8 [ 18.550921] kunit_kmalloc_array+0x34/0x88 [ 18.550961] copy_user_test_oob+0xac/0xec8 [ 18.551012] kunit_try_run_case+0x170/0x3f0 [ 18.551060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.551106] kthread+0x328/0x630 [ 18.551290] ret_from_fork+0x10/0x20 [ 18.551490] [ 18.551602] The buggy address belongs to the object at fff00000c65eec00 [ 18.551602] which belongs to the cache kmalloc-128 of size 128 [ 18.551667] The buggy address is located 0 bytes inside of [ 18.551667] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.551733] [ 18.551757] The buggy address belongs to the physical page: [ 18.551799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.552483] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.552667] page_type: f5(slab) [ 18.552747] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.552865] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.552929] page dumped because: kasan: bad access detected [ 18.552964] [ 18.552993] Memory state around the buggy address: [ 18.553028] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.553073] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553120] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.553162] ^ [ 18.553206] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553251] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.553293] ================================================================== [ 18.579824] ================================================================== [ 18.579884] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.580021] Read of size 121 at addr fff00000c65eec00 by task kunit_try_catch/286 [ 18.580074] [ 18.580105] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.580188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.580218] Hardware name: linux,dummy-virt (DT) [ 18.580249] Call trace: [ 18.580271] show_stack+0x20/0x38 (C) [ 18.580320] dump_stack_lvl+0x8c/0xd0 [ 18.580365] print_report+0x118/0x5d0 [ 18.580412] kasan_report+0xdc/0x128 [ 18.580459] kasan_check_range+0x100/0x1a8 [ 18.580508] __kasan_check_read+0x20/0x30 [ 18.580553] copy_user_test_oob+0x4a0/0xec8 [ 18.580599] kunit_try_run_case+0x170/0x3f0 [ 18.580648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.580804] kthread+0x328/0x630 [ 18.580855] ret_from_fork+0x10/0x20 [ 18.580903] [ 18.580923] Allocated by task 286: [ 18.580952] kasan_save_stack+0x3c/0x68 [ 18.581020] kasan_save_track+0x20/0x40 [ 18.581062] kasan_save_alloc_info+0x40/0x58 [ 18.581105] __kasan_kmalloc+0xd4/0xd8 [ 18.581145] __kmalloc_noprof+0x198/0x4c8 [ 18.581200] kunit_kmalloc_array+0x34/0x88 [ 18.581239] copy_user_test_oob+0xac/0xec8 [ 18.581279] kunit_try_run_case+0x170/0x3f0 [ 18.581319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.581364] kthread+0x328/0x630 [ 18.581397] ret_from_fork+0x10/0x20 [ 18.581436] [ 18.581456] The buggy address belongs to the object at fff00000c65eec00 [ 18.581456] which belongs to the cache kmalloc-128 of size 128 [ 18.581535] The buggy address is located 0 bytes inside of [ 18.581535] allocated 120-byte region [fff00000c65eec00, fff00000c65eec78) [ 18.581612] [ 18.581633] The buggy address belongs to the physical page: [ 18.581667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065ee [ 18.581720] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.581768] page_type: f5(slab) [ 18.581807] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.581858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.581901] page dumped because: kasan: bad access detected [ 18.581936] [ 18.581956] Memory state around the buggy address: [ 18.582000] fff00000c65eeb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.582046] fff00000c65eeb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.582092] >fff00000c65eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.582133] ^ [ 18.582186] fff00000c65eec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.582232] fff00000c65eed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.582273] ==================================================================
[ 17.219412] ================================================================== [ 17.219795] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 17.220042] Read of size 121 at addr ffff8881025ccc00 by task kunit_try_catch/302 [ 17.220408] [ 17.220491] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.220533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.220546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.220579] Call Trace: [ 17.220594] <TASK> [ 17.220610] dump_stack_lvl+0x73/0xb0 [ 17.220636] print_report+0xd1/0x610 [ 17.220659] ? __virt_addr_valid+0x1db/0x2d0 [ 17.220682] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.220706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.220730] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.220755] kasan_report+0x141/0x180 [ 17.220777] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.220805] kasan_check_range+0x10c/0x1c0 [ 17.220830] __kasan_check_read+0x15/0x20 [ 17.220862] copy_user_test_oob+0x4aa/0x10f0 [ 17.220890] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.220916] ? __kasan_check_write+0x18/0x20 [ 17.220937] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.220963] ? irqentry_exit+0x2a/0x60 [ 17.220986] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.221012] ? trace_hardirqs_on+0x37/0xe0 [ 17.221037] ? __pfx_read_tsc+0x10/0x10 [ 17.221060] ? ktime_get_ts64+0x86/0x230 [ 17.221085] kunit_try_run_case+0x1a5/0x480 [ 17.221110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.221137] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.221163] ? __kthread_parkme+0x82/0x180 [ 17.221185] ? preempt_count_sub+0x50/0x80 [ 17.221209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.221236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.221262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.221289] kthread+0x337/0x6f0 [ 17.221309] ? trace_preempt_on+0x20/0xc0 [ 17.221333] ? __pfx_kthread+0x10/0x10 [ 17.221355] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.221378] ? calculate_sigpending+0x7b/0xa0 [ 17.221403] ? __pfx_kthread+0x10/0x10 [ 17.221426] ret_from_fork+0x116/0x1d0 [ 17.221446] ? __pfx_kthread+0x10/0x10 [ 17.221468] ret_from_fork_asm+0x1a/0x30 [ 17.221500] </TASK> [ 17.221510] [ 17.229084] Allocated by task 302: [ 17.229265] kasan_save_stack+0x45/0x70 [ 17.229536] kasan_save_track+0x18/0x40 [ 17.229694] kasan_save_alloc_info+0x3b/0x50 [ 17.229845] __kasan_kmalloc+0xb7/0xc0 [ 17.229981] __kmalloc_noprof+0x1c9/0x500 [ 17.230122] kunit_kmalloc_array+0x25/0x60 [ 17.230268] copy_user_test_oob+0xab/0x10f0 [ 17.230415] kunit_try_run_case+0x1a5/0x480 [ 17.230677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.230932] kthread+0x337/0x6f0 [ 17.231101] ret_from_fork+0x116/0x1d0 [ 17.231286] ret_from_fork_asm+0x1a/0x30 [ 17.231481] [ 17.231589] The buggy address belongs to the object at ffff8881025ccc00 [ 17.231589] which belongs to the cache kmalloc-128 of size 128 [ 17.232195] The buggy address is located 0 bytes inside of [ 17.232195] allocated 120-byte region [ffff8881025ccc00, ffff8881025ccc78) [ 17.232546] [ 17.232625] The buggy address belongs to the physical page: [ 17.232795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 17.233523] flags: 0x200000000000000(node=0|zone=2) [ 17.233768] page_type: f5(slab) [ 17.233940] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.234291] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.234735] page dumped because: kasan: bad access detected [ 17.234984] [ 17.235064] Memory state around the buggy address: [ 17.235274] ffff8881025ccb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.235613] ffff8881025ccb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.235889] >ffff8881025ccc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.236202] ^ [ 17.236536] ffff8881025ccc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.236814] ffff8881025ccd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.237084] ================================================================== [ 17.255888] ================================================================== [ 17.256150] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 17.257071] Read of size 121 at addr ffff8881025ccc00 by task kunit_try_catch/302 [ 17.257447] [ 17.257575] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.257621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.257635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.257657] Call Trace: [ 17.257672] <TASK> [ 17.257687] dump_stack_lvl+0x73/0xb0 [ 17.257717] print_report+0xd1/0x610 [ 17.257741] ? __virt_addr_valid+0x1db/0x2d0 [ 17.257765] ? copy_user_test_oob+0x604/0x10f0 [ 17.257790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.257816] ? copy_user_test_oob+0x604/0x10f0 [ 17.257842] kasan_report+0x141/0x180 [ 17.257866] ? copy_user_test_oob+0x604/0x10f0 [ 17.257897] kasan_check_range+0x10c/0x1c0 [ 17.257924] __kasan_check_read+0x15/0x20 [ 17.257946] copy_user_test_oob+0x604/0x10f0 [ 17.257975] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.258003] ? __kasan_check_write+0x18/0x20 [ 17.258025] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.258050] ? irqentry_exit+0x2a/0x60 [ 17.258073] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.258099] ? trace_hardirqs_on+0x37/0xe0 [ 17.258124] ? __pfx_read_tsc+0x10/0x10 [ 17.258148] ? ktime_get_ts64+0x86/0x230 [ 17.258174] kunit_try_run_case+0x1a5/0x480 [ 17.258200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.258228] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.258254] ? __kthread_parkme+0x82/0x180 [ 17.258276] ? preempt_count_sub+0x50/0x80 [ 17.258302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.258329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.258356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.258383] kthread+0x337/0x6f0 [ 17.258404] ? trace_preempt_on+0x20/0xc0 [ 17.258439] ? __pfx_kthread+0x10/0x10 [ 17.258461] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.258485] ? calculate_sigpending+0x7b/0xa0 [ 17.258510] ? __pfx_kthread+0x10/0x10 [ 17.258533] ret_from_fork+0x116/0x1d0 [ 17.258564] ? __pfx_kthread+0x10/0x10 [ 17.258587] ret_from_fork_asm+0x1a/0x30 [ 17.258621] </TASK> [ 17.258632] [ 17.265919] Allocated by task 302: [ 17.266047] kasan_save_stack+0x45/0x70 [ 17.266189] kasan_save_track+0x18/0x40 [ 17.266327] kasan_save_alloc_info+0x3b/0x50 [ 17.266594] __kasan_kmalloc+0xb7/0xc0 [ 17.266787] __kmalloc_noprof+0x1c9/0x500 [ 17.266990] kunit_kmalloc_array+0x25/0x60 [ 17.267290] copy_user_test_oob+0xab/0x10f0 [ 17.267659] kunit_try_run_case+0x1a5/0x480 [ 17.267875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.268070] kthread+0x337/0x6f0 [ 17.268193] ret_from_fork+0x116/0x1d0 [ 17.268329] ret_from_fork_asm+0x1a/0x30 [ 17.268472] [ 17.268543] The buggy address belongs to the object at ffff8881025ccc00 [ 17.268543] which belongs to the cache kmalloc-128 of size 128 [ 17.269005] The buggy address is located 0 bytes inside of [ 17.269005] allocated 120-byte region [ffff8881025ccc00, ffff8881025ccc78) [ 17.269692] [ 17.269788] The buggy address belongs to the physical page: [ 17.270041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 17.270390] flags: 0x200000000000000(node=0|zone=2) [ 17.270586] page_type: f5(slab) [ 17.270709] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.270944] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.271174] page dumped because: kasan: bad access detected [ 17.271348] [ 17.271418] Memory state around the buggy address: [ 17.271652] ffff8881025ccb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.271975] ffff8881025ccb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.272310] >ffff8881025ccc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.272643] ^ [ 17.272939] ffff8881025ccc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.273158] ffff8881025ccd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.273473] ================================================================== [ 17.237624] ================================================================== [ 17.237908] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 17.238217] Write of size 121 at addr ffff8881025ccc00 by task kunit_try_catch/302 [ 17.238519] [ 17.238611] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.238653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.238666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.238688] Call Trace: [ 17.238701] <TASK> [ 17.238714] dump_stack_lvl+0x73/0xb0 [ 17.238742] print_report+0xd1/0x610 [ 17.238764] ? __virt_addr_valid+0x1db/0x2d0 [ 17.238787] ? copy_user_test_oob+0x557/0x10f0 [ 17.238811] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.238834] ? copy_user_test_oob+0x557/0x10f0 [ 17.238859] kasan_report+0x141/0x180 [ 17.238881] ? copy_user_test_oob+0x557/0x10f0 [ 17.238910] kasan_check_range+0x10c/0x1c0 [ 17.238935] __kasan_check_write+0x18/0x20 [ 17.238955] copy_user_test_oob+0x557/0x10f0 [ 17.238981] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.239006] ? __kasan_check_write+0x18/0x20 [ 17.239026] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.239065] ? irqentry_exit+0x2a/0x60 [ 17.239089] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.239116] ? trace_hardirqs_on+0x37/0xe0 [ 17.239140] ? __pfx_read_tsc+0x10/0x10 [ 17.239162] ? ktime_get_ts64+0x86/0x230 [ 17.239186] kunit_try_run_case+0x1a5/0x480 [ 17.239213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.239239] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.239265] ? __kthread_parkme+0x82/0x180 [ 17.239287] ? preempt_count_sub+0x50/0x80 [ 17.239312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.239339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.239365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.239393] kthread+0x337/0x6f0 [ 17.239422] ? trace_preempt_on+0x20/0xc0 [ 17.239445] ? __pfx_kthread+0x10/0x10 [ 17.239467] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.239491] ? calculate_sigpending+0x7b/0xa0 [ 17.239516] ? __pfx_kthread+0x10/0x10 [ 17.239539] ret_from_fork+0x116/0x1d0 [ 17.239570] ? __pfx_kthread+0x10/0x10 [ 17.239592] ret_from_fork_asm+0x1a/0x30 [ 17.239625] </TASK> [ 17.239635] [ 17.247557] Allocated by task 302: [ 17.247742] kasan_save_stack+0x45/0x70 [ 17.247941] kasan_save_track+0x18/0x40 [ 17.248130] kasan_save_alloc_info+0x3b/0x50 [ 17.248313] __kasan_kmalloc+0xb7/0xc0 [ 17.248537] __kmalloc_noprof+0x1c9/0x500 [ 17.248747] kunit_kmalloc_array+0x25/0x60 [ 17.248894] copy_user_test_oob+0xab/0x10f0 [ 17.249042] kunit_try_run_case+0x1a5/0x480 [ 17.249188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.249365] kthread+0x337/0x6f0 [ 17.249527] ret_from_fork+0x116/0x1d0 [ 17.249722] ret_from_fork_asm+0x1a/0x30 [ 17.249919] [ 17.250019] The buggy address belongs to the object at ffff8881025ccc00 [ 17.250019] which belongs to the cache kmalloc-128 of size 128 [ 17.250572] The buggy address is located 0 bytes inside of [ 17.250572] allocated 120-byte region [ffff8881025ccc00, ffff8881025ccc78) [ 17.250925] [ 17.250996] The buggy address belongs to the physical page: [ 17.251166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 17.251403] flags: 0x200000000000000(node=0|zone=2) [ 17.251725] page_type: f5(slab) [ 17.251896] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.252243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.252790] page dumped because: kasan: bad access detected [ 17.253056] [ 17.253156] Memory state around the buggy address: [ 17.253340] ffff8881025ccb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.253782] ffff8881025ccb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.254078] >ffff8881025ccc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.254357] ^ [ 17.254694] ffff8881025ccc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.254983] ffff8881025ccd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.255255] ================================================================== [ 17.201515] ================================================================== [ 17.202053] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 17.202370] Write of size 121 at addr ffff8881025ccc00 by task kunit_try_catch/302 [ 17.202734] [ 17.202852] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.202895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.202908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.202933] Call Trace: [ 17.202947] <TASK> [ 17.202964] dump_stack_lvl+0x73/0xb0 [ 17.202996] print_report+0xd1/0x610 [ 17.203019] ? __virt_addr_valid+0x1db/0x2d0 [ 17.203044] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.203071] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.203096] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.203123] kasan_report+0x141/0x180 [ 17.203148] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.203178] kasan_check_range+0x10c/0x1c0 [ 17.203204] __kasan_check_write+0x18/0x20 [ 17.203226] copy_user_test_oob+0x3fd/0x10f0 [ 17.203253] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.203281] ? __kasan_check_write+0x18/0x20 [ 17.203313] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.203339] ? irqentry_exit+0x2a/0x60 [ 17.203362] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.203388] ? trace_hardirqs_on+0x37/0xe0 [ 17.203412] ? __pfx_read_tsc+0x10/0x10 [ 17.203435] ? ktime_get_ts64+0x86/0x230 [ 17.203460] kunit_try_run_case+0x1a5/0x480 [ 17.203487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.203514] ? queued_spin_lock_slowpath+0x116/0xb40 [ 17.203547] ? __kthread_parkme+0x82/0x180 [ 17.203581] ? preempt_count_sub+0x50/0x80 [ 17.203606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.203632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.203659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.203686] kthread+0x337/0x6f0 [ 17.203714] ? trace_preempt_on+0x20/0xc0 [ 17.203738] ? __pfx_kthread+0x10/0x10 [ 17.203759] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.203783] ? calculate_sigpending+0x7b/0xa0 [ 17.203809] ? __pfx_kthread+0x10/0x10 [ 17.203831] ret_from_fork+0x116/0x1d0 [ 17.203852] ? __pfx_kthread+0x10/0x10 [ 17.203873] ret_from_fork_asm+0x1a/0x30 [ 17.203905] </TASK> [ 17.203916] [ 17.211009] Allocated by task 302: [ 17.211204] kasan_save_stack+0x45/0x70 [ 17.211408] kasan_save_track+0x18/0x40 [ 17.211624] kasan_save_alloc_info+0x3b/0x50 [ 17.211839] __kasan_kmalloc+0xb7/0xc0 [ 17.212031] __kmalloc_noprof+0x1c9/0x500 [ 17.212248] kunit_kmalloc_array+0x25/0x60 [ 17.212505] copy_user_test_oob+0xab/0x10f0 [ 17.212729] kunit_try_run_case+0x1a5/0x480 [ 17.212909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.213140] kthread+0x337/0x6f0 [ 17.213261] ret_from_fork+0x116/0x1d0 [ 17.213490] ret_from_fork_asm+0x1a/0x30 [ 17.213704] [ 17.213800] The buggy address belongs to the object at ffff8881025ccc00 [ 17.213800] which belongs to the cache kmalloc-128 of size 128 [ 17.214290] The buggy address is located 0 bytes inside of [ 17.214290] allocated 120-byte region [ffff8881025ccc00, ffff8881025ccc78) [ 17.214811] [ 17.214886] The buggy address belongs to the physical page: [ 17.215130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 17.215422] flags: 0x200000000000000(node=0|zone=2) [ 17.215666] page_type: f5(slab) [ 17.215827] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.216097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.216442] page dumped because: kasan: bad access detected [ 17.216689] [ 17.216781] Memory state around the buggy address: [ 17.216969] ffff8881025ccb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.217229] ffff8881025ccb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.217640] >ffff8881025ccc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.217911] ^ [ 17.218174] ffff8881025ccc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.218508] ffff8881025ccd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.218820] ==================================================================