Date
July 1, 2025, 12:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.765508] ================================================================== [ 20.765848] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.765910] Read of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.765965] [ 20.766281] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.766379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.766550] Hardware name: linux,dummy-virt (DT) [ 20.766616] Call trace: [ 20.766642] show_stack+0x20/0x38 (C) [ 20.767017] dump_stack_lvl+0x8c/0xd0 [ 20.767087] print_report+0x118/0x608 [ 20.767226] kasan_report+0xdc/0x128 [ 20.767280] kasan_check_range+0x100/0x1a8 [ 20.767331] __kasan_check_read+0x20/0x30 [ 20.767739] copy_user_test_oob+0x4a0/0xec8 [ 20.767821] kunit_try_run_case+0x170/0x3f0 [ 20.768059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.768351] kthread+0x328/0x630 [ 20.768582] ret_from_fork+0x10/0x20 [ 20.768661] [ 20.768682] Allocated by task 285: [ 20.768849] kasan_save_stack+0x3c/0x68 [ 20.769126] kasan_save_track+0x20/0x40 [ 20.769193] kasan_save_alloc_info+0x40/0x58 [ 20.769236] __kasan_kmalloc+0xd4/0xd8 [ 20.769512] __kmalloc_noprof+0x198/0x4c8 [ 20.770130] kunit_kmalloc_array+0x34/0x88 [ 20.770244] copy_user_test_oob+0xac/0xec8 [ 20.770404] kunit_try_run_case+0x170/0x3f0 [ 20.770464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.770547] kthread+0x328/0x630 [ 20.770879] ret_from_fork+0x10/0x20 [ 20.771078] [ 20.771427] The buggy address belongs to the object at fff00000c79f0a00 [ 20.771427] which belongs to the cache kmalloc-128 of size 128 [ 20.771592] The buggy address is located 0 bytes inside of [ 20.771592] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.771664] [ 20.771687] The buggy address belongs to the physical page: [ 20.771733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.771923] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.771986] page_type: f5(slab) [ 20.772170] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.772249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.772298] page dumped because: kasan: bad access detected [ 20.772422] [ 20.772472] Memory state around the buggy address: [ 20.772513] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.772561] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.772607] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.772649] ^ [ 20.772703] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.772750] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.772792] ================================================================== [ 20.717133] ================================================================== [ 20.717398] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.717464] Read of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.717518] [ 20.718121] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.718288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.718356] Hardware name: linux,dummy-virt (DT) [ 20.718394] Call trace: [ 20.718579] show_stack+0x20/0x38 (C) [ 20.718642] dump_stack_lvl+0x8c/0xd0 [ 20.718700] print_report+0x118/0x608 [ 20.718748] kasan_report+0xdc/0x128 [ 20.719189] kasan_check_range+0x100/0x1a8 [ 20.719372] __kasan_check_read+0x20/0x30 [ 20.719899] copy_user_test_oob+0x728/0xec8 [ 20.719989] kunit_try_run_case+0x170/0x3f0 [ 20.720186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.720328] kthread+0x328/0x630 [ 20.720384] ret_from_fork+0x10/0x20 [ 20.720488] [ 20.720509] Allocated by task 285: [ 20.720822] kasan_save_stack+0x3c/0x68 [ 20.721299] kasan_save_track+0x20/0x40 [ 20.721357] kasan_save_alloc_info+0x40/0x58 [ 20.721745] __kasan_kmalloc+0xd4/0xd8 [ 20.722062] __kmalloc_noprof+0x198/0x4c8 [ 20.722346] kunit_kmalloc_array+0x34/0x88 [ 20.722597] copy_user_test_oob+0xac/0xec8 [ 20.722723] kunit_try_run_case+0x170/0x3f0 [ 20.722943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.723035] kthread+0x328/0x630 [ 20.723073] ret_from_fork+0x10/0x20 [ 20.723118] [ 20.723140] The buggy address belongs to the object at fff00000c79f0a00 [ 20.723140] which belongs to the cache kmalloc-128 of size 128 [ 20.723209] The buggy address is located 0 bytes inside of [ 20.723209] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.723636] [ 20.723712] The buggy address belongs to the physical page: [ 20.723781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.723969] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.724495] page_type: f5(slab) [ 20.724628] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.724695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.724742] page dumped because: kasan: bad access detected [ 20.724777] [ 20.724821] Memory state around the buggy address: [ 20.724873] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.724927] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.724972] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.725014] ^ [ 20.725059] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.725105] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.725148] ================================================================== [ 20.736779] ================================================================== [ 20.736841] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.736899] Write of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.736954] [ 20.736987] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.737094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.737127] Hardware name: linux,dummy-virt (DT) [ 20.737161] Call trace: [ 20.737276] show_stack+0x20/0x38 (C) [ 20.737339] dump_stack_lvl+0x8c/0xd0 [ 20.737388] print_report+0x118/0x608 [ 20.737438] kasan_report+0xdc/0x128 [ 20.737505] kasan_check_range+0x100/0x1a8 [ 20.737556] __kasan_check_write+0x20/0x30 [ 20.737602] copy_user_test_oob+0x35c/0xec8 [ 20.737651] kunit_try_run_case+0x170/0x3f0 [ 20.737711] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.737766] kthread+0x328/0x630 [ 20.737807] ret_from_fork+0x10/0x20 [ 20.737856] [ 20.737876] Allocated by task 285: [ 20.737913] kasan_save_stack+0x3c/0x68 [ 20.737956] kasan_save_track+0x20/0x40 [ 20.737997] kasan_save_alloc_info+0x40/0x58 [ 20.738038] __kasan_kmalloc+0xd4/0xd8 [ 20.738077] __kmalloc_noprof+0x198/0x4c8 [ 20.738131] kunit_kmalloc_array+0x34/0x88 [ 20.738174] copy_user_test_oob+0xac/0xec8 [ 20.738221] kunit_try_run_case+0x170/0x3f0 [ 20.738261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.738307] kthread+0x328/0x630 [ 20.738340] ret_from_fork+0x10/0x20 [ 20.738378] [ 20.738406] The buggy address belongs to the object at fff00000c79f0a00 [ 20.738406] which belongs to the cache kmalloc-128 of size 128 [ 20.739906] The buggy address is located 0 bytes inside of [ 20.739906] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.740025] [ 20.740063] The buggy address belongs to the physical page: [ 20.740284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.740367] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.740491] page_type: f5(slab) [ 20.740562] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.741355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.741549] page dumped because: kasan: bad access detected [ 20.741624] [ 20.741694] Memory state around the buggy address: [ 20.741738] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.741804] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.742320] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.742524] ^ [ 20.742599] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.742921] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.743184] ================================================================== [ 20.744320] ================================================================== [ 20.744436] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.744502] Read of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.744557] [ 20.744773] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.744880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.745085] Hardware name: linux,dummy-virt (DT) [ 20.745128] Call trace: [ 20.745199] show_stack+0x20/0x38 (C) [ 20.745401] dump_stack_lvl+0x8c/0xd0 [ 20.745597] print_report+0x118/0x608 [ 20.745665] kasan_report+0xdc/0x128 [ 20.745815] kasan_check_range+0x100/0x1a8 [ 20.745907] __kasan_check_read+0x20/0x30 [ 20.746012] copy_user_test_oob+0x3c8/0xec8 [ 20.746067] kunit_try_run_case+0x170/0x3f0 [ 20.746114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.746550] kthread+0x328/0x630 [ 20.746785] ret_from_fork+0x10/0x20 [ 20.746855] [ 20.746948] Allocated by task 285: [ 20.746999] kasan_save_stack+0x3c/0x68 [ 20.747095] kasan_save_track+0x20/0x40 [ 20.747258] kasan_save_alloc_info+0x40/0x58 [ 20.747343] __kasan_kmalloc+0xd4/0xd8 [ 20.747535] __kmalloc_noprof+0x198/0x4c8 [ 20.747784] kunit_kmalloc_array+0x34/0x88 [ 20.747934] copy_user_test_oob+0xac/0xec8 [ 20.747994] kunit_try_run_case+0x170/0x3f0 [ 20.748303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.748546] kthread+0x328/0x630 [ 20.748674] ret_from_fork+0x10/0x20 [ 20.748875] [ 20.749094] The buggy address belongs to the object at fff00000c79f0a00 [ 20.749094] which belongs to the cache kmalloc-128 of size 128 [ 20.749376] The buggy address is located 0 bytes inside of [ 20.749376] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.749663] [ 20.749708] The buggy address belongs to the physical page: [ 20.749820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.749961] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.750023] page_type: f5(slab) [ 20.750486] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.750616] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.750787] page dumped because: kasan: bad access detected [ 20.751496] [ 20.751573] Memory state around the buggy address: [ 20.751652] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.751717] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.751765] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.751807] ^ [ 20.752281] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.752641] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.752972] ================================================================== [ 20.755526] ================================================================== [ 20.755715] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.755863] Write of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.755923] [ 20.755956] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.756616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.756772] Hardware name: linux,dummy-virt (DT) [ 20.756868] Call trace: [ 20.756978] show_stack+0x20/0x38 (C) [ 20.757298] dump_stack_lvl+0x8c/0xd0 [ 20.757483] print_report+0x118/0x608 [ 20.757621] kasan_report+0xdc/0x128 [ 20.757745] kasan_check_range+0x100/0x1a8 [ 20.757917] __kasan_check_write+0x20/0x30 [ 20.757973] copy_user_test_oob+0x434/0xec8 [ 20.758022] kunit_try_run_case+0x170/0x3f0 [ 20.758242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.758362] kthread+0x328/0x630 [ 20.758409] ret_from_fork+0x10/0x20 [ 20.758497] [ 20.758530] Allocated by task 285: [ 20.758579] kasan_save_stack+0x3c/0x68 [ 20.758629] kasan_save_track+0x20/0x40 [ 20.758670] kasan_save_alloc_info+0x40/0x58 [ 20.758727] __kasan_kmalloc+0xd4/0xd8 [ 20.758765] __kmalloc_noprof+0x198/0x4c8 [ 20.758805] kunit_kmalloc_array+0x34/0x88 [ 20.758844] copy_user_test_oob+0xac/0xec8 [ 20.758884] kunit_try_run_case+0x170/0x3f0 [ 20.758922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.758969] kthread+0x328/0x630 [ 20.759486] ret_from_fork+0x10/0x20 [ 20.759765] [ 20.759932] The buggy address belongs to the object at fff00000c79f0a00 [ 20.759932] which belongs to the cache kmalloc-128 of size 128 [ 20.760204] The buggy address is located 0 bytes inside of [ 20.760204] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.760480] [ 20.760701] The buggy address belongs to the physical page: [ 20.761091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.761227] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.761344] page_type: f5(slab) [ 20.761482] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.761538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.761984] page dumped because: kasan: bad access detected [ 20.762210] [ 20.762273] Memory state around the buggy address: [ 20.762353] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.762403] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.762972] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.763223] ^ [ 20.763378] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.763429] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.763484] ================================================================== [ 20.699820] ================================================================== [ 20.699918] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.700600] Write of size 121 at addr fff00000c79f0a00 by task kunit_try_catch/285 [ 20.701037] [ 20.701137] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.701359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.701392] Hardware name: linux,dummy-virt (DT) [ 20.701429] Call trace: [ 20.701470] show_stack+0x20/0x38 (C) [ 20.701529] dump_stack_lvl+0x8c/0xd0 [ 20.701581] print_report+0x118/0x608 [ 20.701774] kasan_report+0xdc/0x128 [ 20.701842] kasan_check_range+0x100/0x1a8 [ 20.701892] __kasan_check_write+0x20/0x30 [ 20.701939] copy_user_test_oob+0x234/0xec8 [ 20.701986] kunit_try_run_case+0x170/0x3f0 [ 20.702052] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.702109] kthread+0x328/0x630 [ 20.702163] ret_from_fork+0x10/0x20 [ 20.702220] [ 20.702248] Allocated by task 285: [ 20.702279] kasan_save_stack+0x3c/0x68 [ 20.702325] kasan_save_track+0x20/0x40 [ 20.702366] kasan_save_alloc_info+0x40/0x58 [ 20.702411] __kasan_kmalloc+0xd4/0xd8 [ 20.702873] __kmalloc_noprof+0x198/0x4c8 [ 20.703172] kunit_kmalloc_array+0x34/0x88 [ 20.703589] copy_user_test_oob+0xac/0xec8 [ 20.703646] kunit_try_run_case+0x170/0x3f0 [ 20.703717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.703992] kthread+0x328/0x630 [ 20.704151] ret_from_fork+0x10/0x20 [ 20.704503] [ 20.704583] The buggy address belongs to the object at fff00000c79f0a00 [ 20.704583] which belongs to the cache kmalloc-128 of size 128 [ 20.704697] The buggy address is located 0 bytes inside of [ 20.704697] allocated 120-byte region [fff00000c79f0a00, fff00000c79f0a78) [ 20.704831] [ 20.704867] The buggy address belongs to the physical page: [ 20.704904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079f0 [ 20.705160] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.705643] page_type: f5(slab) [ 20.705901] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.706289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.706751] page dumped because: kasan: bad access detected [ 20.706930] [ 20.706968] Memory state around the buggy address: [ 20.707116] fff00000c79f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.707287] fff00000c79f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.707341] >fff00000c79f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.707519] ^ [ 20.707629] fff00000c79f0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.707743] fff00000c79f0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.708125] ==================================================================
[ 15.371428] ================================================================== [ 15.371920] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.372358] Read of size 121 at addr ffff888103917500 by task kunit_try_catch/302 [ 15.372598] [ 15.372683] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.372724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.372736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.372757] Call Trace: [ 15.372771] <TASK> [ 15.372787] dump_stack_lvl+0x73/0xb0 [ 15.372813] print_report+0xd1/0x650 [ 15.372836] ? __virt_addr_valid+0x1db/0x2d0 [ 15.372859] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.372883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.372905] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.372929] kasan_report+0x141/0x180 [ 15.372952] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.372980] kasan_check_range+0x10c/0x1c0 [ 15.373004] __kasan_check_read+0x15/0x20 [ 15.373368] copy_user_test_oob+0x4aa/0x10f0 [ 15.373395] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.373424] ? finish_task_switch.isra.0+0x153/0x700 [ 15.373448] ? __switch_to+0x47/0xf50 [ 15.373473] ? __schedule+0x10cc/0x2b60 [ 15.373496] ? __pfx_read_tsc+0x10/0x10 [ 15.373517] ? ktime_get_ts64+0x86/0x230 [ 15.373541] kunit_try_run_case+0x1a5/0x480 [ 15.373565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.373588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.373620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.373644] ? __kthread_parkme+0x82/0x180 [ 15.373665] ? preempt_count_sub+0x50/0x80 [ 15.373688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.373713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.373736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.373760] kthread+0x337/0x6f0 [ 15.373779] ? trace_preempt_on+0x20/0xc0 [ 15.373812] ? __pfx_kthread+0x10/0x10 [ 15.373834] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.373855] ? calculate_sigpending+0x7b/0xa0 [ 15.373890] ? __pfx_kthread+0x10/0x10 [ 15.373913] ret_from_fork+0x116/0x1d0 [ 15.373932] ? __pfx_kthread+0x10/0x10 [ 15.373952] ret_from_fork_asm+0x1a/0x30 [ 15.373983] </TASK> [ 15.373996] [ 15.381965] Allocated by task 302: [ 15.382147] kasan_save_stack+0x45/0x70 [ 15.382373] kasan_save_track+0x18/0x40 [ 15.382575] kasan_save_alloc_info+0x3b/0x50 [ 15.382746] __kasan_kmalloc+0xb7/0xc0 [ 15.382881] __kmalloc_noprof+0x1c9/0x500 [ 15.383025] kunit_kmalloc_array+0x25/0x60 [ 15.383247] copy_user_test_oob+0xab/0x10f0 [ 15.383480] kunit_try_run_case+0x1a5/0x480 [ 15.383685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.384059] kthread+0x337/0x6f0 [ 15.384248] ret_from_fork+0x116/0x1d0 [ 15.384436] ret_from_fork_asm+0x1a/0x30 [ 15.384578] [ 15.384650] The buggy address belongs to the object at ffff888103917500 [ 15.384650] which belongs to the cache kmalloc-128 of size 128 [ 15.385289] The buggy address is located 0 bytes inside of [ 15.385289] allocated 120-byte region [ffff888103917500, ffff888103917578) [ 15.385782] [ 15.385882] The buggy address belongs to the physical page: [ 15.386130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103917 [ 15.386424] flags: 0x200000000000000(node=0|zone=2) [ 15.386633] page_type: f5(slab) [ 15.386816] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.387142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.387481] page dumped because: kasan: bad access detected [ 15.387733] [ 15.387833] Memory state around the buggy address: [ 15.388059] ffff888103917400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.388299] ffff888103917480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.388516] >ffff888103917500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.388731] ^ [ 15.388943] ffff888103917580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.389258] ffff888103917600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.389606] ================================================================== [ 15.408668] ================================================================== [ 15.409008] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.409439] Read of size 121 at addr ffff888103917500 by task kunit_try_catch/302 [ 15.409766] [ 15.409876] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.409918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.409931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.409963] Call Trace: [ 15.409979] <TASK> [ 15.409995] dump_stack_lvl+0x73/0xb0 [ 15.410038] print_report+0xd1/0x650 [ 15.410061] ? __virt_addr_valid+0x1db/0x2d0 [ 15.410084] ? copy_user_test_oob+0x604/0x10f0 [ 15.410118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.410141] ? copy_user_test_oob+0x604/0x10f0 [ 15.410172] kasan_report+0x141/0x180 [ 15.410195] ? copy_user_test_oob+0x604/0x10f0 [ 15.410232] kasan_check_range+0x10c/0x1c0 [ 15.410256] __kasan_check_read+0x15/0x20 [ 15.410276] copy_user_test_oob+0x604/0x10f0 [ 15.410312] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.410335] ? finish_task_switch.isra.0+0x153/0x700 [ 15.410357] ? __switch_to+0x47/0xf50 [ 15.410383] ? __schedule+0x10cc/0x2b60 [ 15.410405] ? __pfx_read_tsc+0x10/0x10 [ 15.410425] ? ktime_get_ts64+0x86/0x230 [ 15.410449] kunit_try_run_case+0x1a5/0x480 [ 15.410473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.410496] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.410520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.410553] ? __kthread_parkme+0x82/0x180 [ 15.410573] ? preempt_count_sub+0x50/0x80 [ 15.410597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.410633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.410657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.410682] kthread+0x337/0x6f0 [ 15.410713] ? trace_preempt_on+0x20/0xc0 [ 15.410737] ? __pfx_kthread+0x10/0x10 [ 15.410758] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.410792] ? calculate_sigpending+0x7b/0xa0 [ 15.410816] ? __pfx_kthread+0x10/0x10 [ 15.410838] ret_from_fork+0x116/0x1d0 [ 15.410867] ? __pfx_kthread+0x10/0x10 [ 15.410887] ret_from_fork_asm+0x1a/0x30 [ 15.410918] </TASK> [ 15.410929] [ 15.418537] Allocated by task 302: [ 15.418675] kasan_save_stack+0x45/0x70 [ 15.418824] kasan_save_track+0x18/0x40 [ 15.418960] kasan_save_alloc_info+0x3b/0x50 [ 15.419123] __kasan_kmalloc+0xb7/0xc0 [ 15.419256] __kmalloc_noprof+0x1c9/0x500 [ 15.419396] kunit_kmalloc_array+0x25/0x60 [ 15.419539] copy_user_test_oob+0xab/0x10f0 [ 15.419685] kunit_try_run_case+0x1a5/0x480 [ 15.419830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.420006] kthread+0x337/0x6f0 [ 15.420615] ret_from_fork+0x116/0x1d0 [ 15.420962] ret_from_fork_asm+0x1a/0x30 [ 15.421494] [ 15.421607] The buggy address belongs to the object at ffff888103917500 [ 15.421607] which belongs to the cache kmalloc-128 of size 128 [ 15.422448] The buggy address is located 0 bytes inside of [ 15.422448] allocated 120-byte region [ffff888103917500, ffff888103917578) [ 15.423083] [ 15.423182] The buggy address belongs to the physical page: [ 15.423866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103917 [ 15.424375] flags: 0x200000000000000(node=0|zone=2) [ 15.424603] page_type: f5(slab) [ 15.424728] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.424962] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.425849] page dumped because: kasan: bad access detected [ 15.426142] [ 15.426402] Memory state around the buggy address: [ 15.426628] ffff888103917400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.426917] ffff888103917480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.427547] >ffff888103917500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.428014] ^ [ 15.428650] ffff888103917580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.429317] ffff888103917600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.429774] ================================================================== [ 15.353016] ================================================================== [ 15.353407] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.353735] Write of size 121 at addr ffff888103917500 by task kunit_try_catch/302 [ 15.354010] [ 15.354108] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.354162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.354175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.354208] Call Trace: [ 15.354221] <TASK> [ 15.354236] dump_stack_lvl+0x73/0xb0 [ 15.354264] print_report+0xd1/0x650 [ 15.354288] ? __virt_addr_valid+0x1db/0x2d0 [ 15.354321] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.354345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.354368] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.354392] kasan_report+0x141/0x180 [ 15.354425] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.354454] kasan_check_range+0x10c/0x1c0 [ 15.354488] __kasan_check_write+0x18/0x20 [ 15.354518] copy_user_test_oob+0x3fd/0x10f0 [ 15.354543] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.354567] ? finish_task_switch.isra.0+0x153/0x700 [ 15.354600] ? __switch_to+0x47/0xf50 [ 15.354626] ? __schedule+0x10cc/0x2b60 [ 15.354648] ? __pfx_read_tsc+0x10/0x10 [ 15.354669] ? ktime_get_ts64+0x86/0x230 [ 15.354693] kunit_try_run_case+0x1a5/0x480 [ 15.354718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.354742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.354765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.354789] ? __kthread_parkme+0x82/0x180 [ 15.354811] ? preempt_count_sub+0x50/0x80 [ 15.354835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.354859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.354882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.354907] kthread+0x337/0x6f0 [ 15.354928] ? trace_preempt_on+0x20/0xc0 [ 15.354953] ? __pfx_kthread+0x10/0x10 [ 15.354978] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.355001] ? calculate_sigpending+0x7b/0xa0 [ 15.355036] ? __pfx_kthread+0x10/0x10 [ 15.355058] ret_from_fork+0x116/0x1d0 [ 15.355083] ? __pfx_kthread+0x10/0x10 [ 15.355104] ret_from_fork_asm+0x1a/0x30 [ 15.355134] </TASK> [ 15.355145] [ 15.362711] Allocated by task 302: [ 15.362918] kasan_save_stack+0x45/0x70 [ 15.363129] kasan_save_track+0x18/0x40 [ 15.363318] kasan_save_alloc_info+0x3b/0x50 [ 15.363532] __kasan_kmalloc+0xb7/0xc0 [ 15.363688] __kmalloc_noprof+0x1c9/0x500 [ 15.363878] kunit_kmalloc_array+0x25/0x60 [ 15.364099] copy_user_test_oob+0xab/0x10f0 [ 15.364335] kunit_try_run_case+0x1a5/0x480 [ 15.364524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.364764] kthread+0x337/0x6f0 [ 15.364923] ret_from_fork+0x116/0x1d0 [ 15.365122] ret_from_fork_asm+0x1a/0x30 [ 15.365323] [ 15.365414] The buggy address belongs to the object at ffff888103917500 [ 15.365414] which belongs to the cache kmalloc-128 of size 128 [ 15.365937] The buggy address is located 0 bytes inside of [ 15.365937] allocated 120-byte region [ffff888103917500, ffff888103917578) [ 15.366491] [ 15.366592] The buggy address belongs to the physical page: [ 15.366786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103917 [ 15.367037] flags: 0x200000000000000(node=0|zone=2) [ 15.367209] page_type: f5(slab) [ 15.367343] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.367722] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.368071] page dumped because: kasan: bad access detected [ 15.368473] [ 15.368562] Memory state around the buggy address: [ 15.368776] ffff888103917400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.368994] ffff888103917480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.369326] >ffff888103917500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.369759] ^ [ 15.369971] ffff888103917580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.370610] ffff888103917600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.370890] ================================================================== [ 15.390144] ================================================================== [ 15.390447] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.390675] Write of size 121 at addr ffff888103917500 by task kunit_try_catch/302 [ 15.390903] [ 15.390987] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.391038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.391065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.391090] Call Trace: [ 15.391106] <TASK> [ 15.391121] dump_stack_lvl+0x73/0xb0 [ 15.391149] print_report+0xd1/0x650 [ 15.391173] ? __virt_addr_valid+0x1db/0x2d0 [ 15.391216] ? copy_user_test_oob+0x557/0x10f0 [ 15.391241] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.391263] ? copy_user_test_oob+0x557/0x10f0 [ 15.391300] kasan_report+0x141/0x180 [ 15.391323] ? copy_user_test_oob+0x557/0x10f0 [ 15.391351] kasan_check_range+0x10c/0x1c0 [ 15.391375] __kasan_check_write+0x18/0x20 [ 15.391395] copy_user_test_oob+0x557/0x10f0 [ 15.391422] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.391444] ? finish_task_switch.isra.0+0x153/0x700 [ 15.391467] ? __switch_to+0x47/0xf50 [ 15.391493] ? __schedule+0x10cc/0x2b60 [ 15.391515] ? __pfx_read_tsc+0x10/0x10 [ 15.391535] ? ktime_get_ts64+0x86/0x230 [ 15.391569] kunit_try_run_case+0x1a5/0x480 [ 15.391594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.391628] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.391651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.391675] ? __kthread_parkme+0x82/0x180 [ 15.391696] ? preempt_count_sub+0x50/0x80 [ 15.391728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.391753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.391776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.391810] kthread+0x337/0x6f0 [ 15.391830] ? trace_preempt_on+0x20/0xc0 [ 15.391853] ? __pfx_kthread+0x10/0x10 [ 15.391883] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.391905] ? calculate_sigpending+0x7b/0xa0 [ 15.391929] ? __pfx_kthread+0x10/0x10 [ 15.391961] ret_from_fork+0x116/0x1d0 [ 15.391980] ? __pfx_kthread+0x10/0x10 [ 15.392001] ret_from_fork_asm+0x1a/0x30 [ 15.392047] </TASK> [ 15.392058] [ 15.400111] Allocated by task 302: [ 15.400345] kasan_save_stack+0x45/0x70 [ 15.400541] kasan_save_track+0x18/0x40 [ 15.400742] kasan_save_alloc_info+0x3b/0x50 [ 15.400944] __kasan_kmalloc+0xb7/0xc0 [ 15.401131] __kmalloc_noprof+0x1c9/0x500 [ 15.401307] kunit_kmalloc_array+0x25/0x60 [ 15.401531] copy_user_test_oob+0xab/0x10f0 [ 15.401686] kunit_try_run_case+0x1a5/0x480 [ 15.401831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.402006] kthread+0x337/0x6f0 [ 15.402136] ret_from_fork+0x116/0x1d0 [ 15.402267] ret_from_fork_asm+0x1a/0x30 [ 15.402407] [ 15.402554] The buggy address belongs to the object at ffff888103917500 [ 15.402554] which belongs to the cache kmalloc-128 of size 128 [ 15.403133] The buggy address is located 0 bytes inside of [ 15.403133] allocated 120-byte region [ffff888103917500, ffff888103917578) [ 15.403764] [ 15.403863] The buggy address belongs to the physical page: [ 15.404158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103917 [ 15.404531] flags: 0x200000000000000(node=0|zone=2) [ 15.404693] page_type: f5(slab) [ 15.404812] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.405050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.405372] page dumped because: kasan: bad access detected [ 15.405805] [ 15.405926] Memory state around the buggy address: [ 15.406160] ffff888103917400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.406488] ffff888103917480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.406867] >ffff888103917500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.407253] ^ [ 15.407496] ffff888103917580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.407714] ffff888103917600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.408018] ==================================================================