Date
July 1, 2025, 3:08 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.119470] ================================================================== [ 20.119622] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.119716] Write of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.119774] [ 20.119823] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.121754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.121857] Hardware name: linux,dummy-virt (DT) [ 20.121903] Call trace: [ 20.121930] show_stack+0x20/0x38 (C) [ 20.122218] dump_stack_lvl+0x8c/0xd0 [ 20.122745] print_report+0x118/0x608 [ 20.122810] kasan_report+0xdc/0x128 [ 20.122915] kasan_check_range+0x100/0x1a8 [ 20.122965] __kasan_check_write+0x20/0x30 [ 20.123014] copy_user_test_oob+0x234/0xec8 [ 20.123072] kunit_try_run_case+0x170/0x3f0 [ 20.123138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.123194] kthread+0x328/0x630 [ 20.123239] ret_from_fork+0x10/0x20 [ 20.123478] [ 20.123503] Allocated by task 286: [ 20.123793] kasan_save_stack+0x3c/0x68 [ 20.123956] kasan_save_track+0x20/0x40 [ 20.123998] kasan_save_alloc_info+0x40/0x58 [ 20.124419] __kasan_kmalloc+0xd4/0xd8 [ 20.124504] __kmalloc_noprof+0x198/0x4c8 [ 20.124550] kunit_kmalloc_array+0x34/0x88 [ 20.124892] copy_user_test_oob+0xac/0xec8 [ 20.125267] kunit_try_run_case+0x170/0x3f0 [ 20.125461] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.125515] kthread+0x328/0x630 [ 20.125606] ret_from_fork+0x10/0x20 [ 20.125652] [ 20.125824] The buggy address belongs to the object at fff00000c57ee700 [ 20.125824] which belongs to the cache kmalloc-128 of size 128 [ 20.126197] The buggy address is located 0 bytes inside of [ 20.126197] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.126629] [ 20.126685] The buggy address belongs to the physical page: [ 20.127024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.127494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.127578] page_type: f5(slab) [ 20.127625] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.128100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.128173] page dumped because: kasan: bad access detected [ 20.128236] [ 20.128257] Memory state around the buggy address: [ 20.128504] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.128580] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.128756] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.129179] ^ [ 20.129344] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.129454] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.129644] ================================================================== [ 20.168875] ================================================================== [ 20.168931] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.168982] Write of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.169171] [ 20.169230] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.169472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.169599] Hardware name: linux,dummy-virt (DT) [ 20.169680] Call trace: [ 20.169711] show_stack+0x20/0x38 (C) [ 20.169791] dump_stack_lvl+0x8c/0xd0 [ 20.169840] print_report+0x118/0x608 [ 20.170146] kasan_report+0xdc/0x128 [ 20.170402] kasan_check_range+0x100/0x1a8 [ 20.170552] __kasan_check_write+0x20/0x30 [ 20.170692] copy_user_test_oob+0x434/0xec8 [ 20.170835] kunit_try_run_case+0x170/0x3f0 [ 20.171002] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.171059] kthread+0x328/0x630 [ 20.171132] ret_from_fork+0x10/0x20 [ 20.171493] [ 20.171639] Allocated by task 286: [ 20.171753] kasan_save_stack+0x3c/0x68 [ 20.171932] kasan_save_track+0x20/0x40 [ 20.172090] kasan_save_alloc_info+0x40/0x58 [ 20.172262] __kasan_kmalloc+0xd4/0xd8 [ 20.172428] __kmalloc_noprof+0x198/0x4c8 [ 20.172485] kunit_kmalloc_array+0x34/0x88 [ 20.172524] copy_user_test_oob+0xac/0xec8 [ 20.172762] kunit_try_run_case+0x170/0x3f0 [ 20.172923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.173154] kthread+0x328/0x630 [ 20.173330] ret_from_fork+0x10/0x20 [ 20.173393] [ 20.173447] The buggy address belongs to the object at fff00000c57ee700 [ 20.173447] which belongs to the cache kmalloc-128 of size 128 [ 20.173604] The buggy address is located 0 bytes inside of [ 20.173604] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.173686] [ 20.173812] The buggy address belongs to the physical page: [ 20.173891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.173977] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.174028] page_type: f5(slab) [ 20.174221] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.174309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.174401] page dumped because: kasan: bad access detected [ 20.174588] [ 20.174747] Memory state around the buggy address: [ 20.174821] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.174889] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.175009] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.175071] ^ [ 20.175117] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.175421] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.175736] ================================================================== [ 20.177708] ================================================================== [ 20.177818] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.177983] Read of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.178167] [ 20.178206] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.178614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.178689] Hardware name: linux,dummy-virt (DT) [ 20.178779] Call trace: [ 20.178942] show_stack+0x20/0x38 (C) [ 20.179171] dump_stack_lvl+0x8c/0xd0 [ 20.179297] print_report+0x118/0x608 [ 20.179355] kasan_report+0xdc/0x128 [ 20.179401] kasan_check_range+0x100/0x1a8 [ 20.179459] __kasan_check_read+0x20/0x30 [ 20.179505] copy_user_test_oob+0x4a0/0xec8 [ 20.179585] kunit_try_run_case+0x170/0x3f0 [ 20.179632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.179696] kthread+0x328/0x630 [ 20.179737] ret_from_fork+0x10/0x20 [ 20.179788] [ 20.179817] Allocated by task 286: [ 20.179849] kasan_save_stack+0x3c/0x68 [ 20.179890] kasan_save_track+0x20/0x40 [ 20.179930] kasan_save_alloc_info+0x40/0x58 [ 20.179972] __kasan_kmalloc+0xd4/0xd8 [ 20.180020] __kmalloc_noprof+0x198/0x4c8 [ 20.180061] kunit_kmalloc_array+0x34/0x88 [ 20.180102] copy_user_test_oob+0xac/0xec8 [ 20.180147] kunit_try_run_case+0x170/0x3f0 [ 20.180187] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.180233] kthread+0x328/0x630 [ 20.180266] ret_from_fork+0x10/0x20 [ 20.180312] [ 20.180333] The buggy address belongs to the object at fff00000c57ee700 [ 20.180333] which belongs to the cache kmalloc-128 of size 128 [ 20.180414] The buggy address is located 0 bytes inside of [ 20.180414] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.180480] [ 20.180526] The buggy address belongs to the physical page: [ 20.180576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.181272] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.181374] page_type: f5(slab) [ 20.181436] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.181693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.182074] page dumped because: kasan: bad access detected [ 20.182158] [ 20.182180] Memory state around the buggy address: [ 20.182217] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.182834] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.182924] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.183102] ^ [ 20.183153] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.183529] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.183788] ================================================================== [ 20.163726] ================================================================== [ 20.163874] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.163952] Read of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.164007] [ 20.164040] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.164126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.164154] Hardware name: linux,dummy-virt (DT) [ 20.164188] Call trace: [ 20.164210] show_stack+0x20/0x38 (C) [ 20.164258] dump_stack_lvl+0x8c/0xd0 [ 20.164305] print_report+0x118/0x608 [ 20.164354] kasan_report+0xdc/0x128 [ 20.164400] kasan_check_range+0x100/0x1a8 [ 20.164449] __kasan_check_read+0x20/0x30 [ 20.164503] copy_user_test_oob+0x3c8/0xec8 [ 20.164552] kunit_try_run_case+0x170/0x3f0 [ 20.164612] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.164665] kthread+0x328/0x630 [ 20.164707] ret_from_fork+0x10/0x20 [ 20.164756] [ 20.164776] Allocated by task 286: [ 20.164810] kasan_save_stack+0x3c/0x68 [ 20.164853] kasan_save_track+0x20/0x40 [ 20.164894] kasan_save_alloc_info+0x40/0x58 [ 20.164936] __kasan_kmalloc+0xd4/0xd8 [ 20.164983] __kmalloc_noprof+0x198/0x4c8 [ 20.165031] kunit_kmalloc_array+0x34/0x88 [ 20.165071] copy_user_test_oob+0xac/0xec8 [ 20.165109] kunit_try_run_case+0x170/0x3f0 [ 20.165149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.165195] kthread+0x328/0x630 [ 20.165227] ret_from_fork+0x10/0x20 [ 20.165269] [ 20.165296] The buggy address belongs to the object at fff00000c57ee700 [ 20.165296] which belongs to the cache kmalloc-128 of size 128 [ 20.165396] The buggy address is located 0 bytes inside of [ 20.165396] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.165460] [ 20.165482] The buggy address belongs to the physical page: [ 20.165518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.165589] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.166328] page_type: f5(slab) [ 20.166460] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.166733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.166847] page dumped because: kasan: bad access detected [ 20.166958] [ 20.167023] Memory state around the buggy address: [ 20.167283] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.167451] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.167553] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.167672] ^ [ 20.167719] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.167989] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168098] ================================================================== [ 20.157277] ================================================================== [ 20.157442] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.157777] Write of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.157925] [ 20.158055] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.158148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.158377] Hardware name: linux,dummy-virt (DT) [ 20.158528] Call trace: [ 20.158562] show_stack+0x20/0x38 (C) [ 20.158892] dump_stack_lvl+0x8c/0xd0 [ 20.159022] print_report+0x118/0x608 [ 20.159136] kasan_report+0xdc/0x128 [ 20.159254] kasan_check_range+0x100/0x1a8 [ 20.159324] __kasan_check_write+0x20/0x30 [ 20.159605] copy_user_test_oob+0x35c/0xec8 [ 20.159691] kunit_try_run_case+0x170/0x3f0 [ 20.159742] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.159797] kthread+0x328/0x630 [ 20.159841] ret_from_fork+0x10/0x20 [ 20.159891] [ 20.159911] Allocated by task 286: [ 20.159942] kasan_save_stack+0x3c/0x68 [ 20.159984] kasan_save_track+0x20/0x40 [ 20.160024] kasan_save_alloc_info+0x40/0x58 [ 20.160065] __kasan_kmalloc+0xd4/0xd8 [ 20.160105] __kmalloc_noprof+0x198/0x4c8 [ 20.160146] kunit_kmalloc_array+0x34/0x88 [ 20.160184] copy_user_test_oob+0xac/0xec8 [ 20.160223] kunit_try_run_case+0x170/0x3f0 [ 20.160261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.160308] kthread+0x328/0x630 [ 20.160341] ret_from_fork+0x10/0x20 [ 20.160379] [ 20.160400] The buggy address belongs to the object at fff00000c57ee700 [ 20.160400] which belongs to the cache kmalloc-128 of size 128 [ 20.160462] The buggy address is located 0 bytes inside of [ 20.160462] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.160526] [ 20.160550] The buggy address belongs to the physical page: [ 20.160629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.160711] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.160774] page_type: f5(slab) [ 20.160980] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.161103] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.161207] page dumped because: kasan: bad access detected [ 20.161393] [ 20.161421] Memory state around the buggy address: [ 20.161460] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.161518] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.161793] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.161971] ^ [ 20.162062] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.162185] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.162248] ================================================================== [ 20.140177] ================================================================== [ 20.140594] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.140710] Read of size 121 at addr fff00000c57ee700 by task kunit_try_catch/286 [ 20.140921] [ 20.140962] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.141485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.141538] Hardware name: linux,dummy-virt (DT) [ 20.141785] Call trace: [ 20.141812] show_stack+0x20/0x38 (C) [ 20.142071] dump_stack_lvl+0x8c/0xd0 [ 20.142169] print_report+0x118/0x608 [ 20.142339] kasan_report+0xdc/0x128 [ 20.142658] kasan_check_range+0x100/0x1a8 [ 20.142713] __kasan_check_read+0x20/0x30 [ 20.143172] copy_user_test_oob+0x728/0xec8 [ 20.143232] kunit_try_run_case+0x170/0x3f0 [ 20.143289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.143345] kthread+0x328/0x630 [ 20.143900] ret_from_fork+0x10/0x20 [ 20.143969] [ 20.144092] Allocated by task 286: [ 20.144316] kasan_save_stack+0x3c/0x68 [ 20.144364] kasan_save_track+0x20/0x40 [ 20.144403] kasan_save_alloc_info+0x40/0x58 [ 20.144446] __kasan_kmalloc+0xd4/0xd8 [ 20.145012] __kmalloc_noprof+0x198/0x4c8 [ 20.145093] kunit_kmalloc_array+0x34/0x88 [ 20.145134] copy_user_test_oob+0xac/0xec8 [ 20.145380] kunit_try_run_case+0x170/0x3f0 [ 20.145856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.145939] kthread+0x328/0x630 [ 20.145974] ret_from_fork+0x10/0x20 [ 20.146260] [ 20.146398] The buggy address belongs to the object at fff00000c57ee700 [ 20.146398] which belongs to the cache kmalloc-128 of size 128 [ 20.146640] The buggy address is located 0 bytes inside of [ 20.146640] allocated 120-byte region [fff00000c57ee700, fff00000c57ee778) [ 20.146715] [ 20.146738] The buggy address belongs to the physical page: [ 20.146972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057ee [ 20.147044] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.147378] page_type: f5(slab) [ 20.147613] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.148154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.148247] page dumped because: kasan: bad access detected [ 20.148485] [ 20.148531] Memory state around the buggy address: [ 20.148578] fff00000c57ee600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.149044] fff00000c57ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.149106] >fff00000c57ee700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.149723] ^ [ 20.149861] fff00000c57ee780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.150117] fff00000c57ee800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.150167] ==================================================================
[ 15.541760] ================================================================== [ 15.542223] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.542548] Write of size 121 at addr ffff8881027e1800 by task kunit_try_catch/302 [ 15.542879] [ 15.542988] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.543048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.543060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.543082] Call Trace: [ 15.543098] <TASK> [ 15.543113] dump_stack_lvl+0x73/0xb0 [ 15.543141] print_report+0xd1/0x650 [ 15.543174] ? __virt_addr_valid+0x1db/0x2d0 [ 15.543199] ? copy_user_test_oob+0x557/0x10f0 [ 15.543234] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.543257] ? copy_user_test_oob+0x557/0x10f0 [ 15.543282] kasan_report+0x141/0x180 [ 15.543314] ? copy_user_test_oob+0x557/0x10f0 [ 15.543342] kasan_check_range+0x10c/0x1c0 [ 15.543367] __kasan_check_write+0x18/0x20 [ 15.543397] copy_user_test_oob+0x557/0x10f0 [ 15.543423] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.543446] ? finish_task_switch.isra.0+0x153/0x700 [ 15.543478] ? __switch_to+0x47/0xf50 [ 15.543504] ? __schedule+0x10cc/0x2b60 [ 15.543529] ? __pfx_read_tsc+0x10/0x10 [ 15.543561] ? ktime_get_ts64+0x86/0x230 [ 15.543585] kunit_try_run_case+0x1a5/0x480 [ 15.543611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.543676] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.543711] ? __kthread_parkme+0x82/0x180 [ 15.543733] ? preempt_count_sub+0x50/0x80 [ 15.543755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.543803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.543826] kthread+0x337/0x6f0 [ 15.543846] ? trace_preempt_on+0x20/0xc0 [ 15.543870] ? __pfx_kthread+0x10/0x10 [ 15.543891] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.543921] ? calculate_sigpending+0x7b/0xa0 [ 15.543946] ? __pfx_kthread+0x10/0x10 [ 15.543968] ret_from_fork+0x116/0x1d0 [ 15.543998] ? __pfx_kthread+0x10/0x10 [ 15.544028] ret_from_fork_asm+0x1a/0x30 [ 15.544058] </TASK> [ 15.544071] [ 15.552005] Allocated by task 302: [ 15.552207] kasan_save_stack+0x45/0x70 [ 15.552408] kasan_save_track+0x18/0x40 [ 15.552587] kasan_save_alloc_info+0x3b/0x50 [ 15.552848] __kasan_kmalloc+0xb7/0xc0 [ 15.553091] __kmalloc_noprof+0x1c9/0x500 [ 15.553327] kunit_kmalloc_array+0x25/0x60 [ 15.553547] copy_user_test_oob+0xab/0x10f0 [ 15.553854] kunit_try_run_case+0x1a5/0x480 [ 15.554110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.554349] kthread+0x337/0x6f0 [ 15.554534] ret_from_fork+0x116/0x1d0 [ 15.554728] ret_from_fork_asm+0x1a/0x30 [ 15.555070] [ 15.555165] The buggy address belongs to the object at ffff8881027e1800 [ 15.555165] which belongs to the cache kmalloc-128 of size 128 [ 15.555747] The buggy address is located 0 bytes inside of [ 15.555747] allocated 120-byte region [ffff8881027e1800, ffff8881027e1878) [ 15.556277] [ 15.556410] The buggy address belongs to the physical page: [ 15.556656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.556985] flags: 0x200000000000000(node=0|zone=2) [ 15.557161] page_type: f5(slab) [ 15.557288] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.557521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.557809] page dumped because: kasan: bad access detected [ 15.558305] [ 15.558419] Memory state around the buggy address: [ 15.558678] ffff8881027e1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.558983] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.559252] >ffff8881027e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.559503] ^ [ 15.559878] ffff8881027e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560281] ffff8881027e1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560707] ================================================================== [ 15.523056] ================================================================== [ 15.523524] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.524064] Read of size 121 at addr ffff8881027e1800 by task kunit_try_catch/302 [ 15.524303] [ 15.524399] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.524445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.524460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.524483] Call Trace: [ 15.524503] <TASK> [ 15.524523] dump_stack_lvl+0x73/0xb0 [ 15.524556] print_report+0xd1/0x650 [ 15.524580] ? __virt_addr_valid+0x1db/0x2d0 [ 15.524606] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.524630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.524654] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.524678] kasan_report+0x141/0x180 [ 15.524700] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.524729] kasan_check_range+0x10c/0x1c0 [ 15.524753] __kasan_check_read+0x15/0x20 [ 15.524773] copy_user_test_oob+0x4aa/0x10f0 [ 15.524798] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.524821] ? finish_task_switch.isra.0+0x153/0x700 [ 15.524845] ? __switch_to+0x47/0xf50 [ 15.524871] ? __schedule+0x10cc/0x2b60 [ 15.524895] ? __pfx_read_tsc+0x10/0x10 [ 15.524917] ? ktime_get_ts64+0x86/0x230 [ 15.524941] kunit_try_run_case+0x1a5/0x480 [ 15.524990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.525012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.525053] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.525077] ? __kthread_parkme+0x82/0x180 [ 15.525099] ? preempt_count_sub+0x50/0x80 [ 15.525121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.525145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.525169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.525201] kthread+0x337/0x6f0 [ 15.525222] ? trace_preempt_on+0x20/0xc0 [ 15.525246] ? __pfx_kthread+0x10/0x10 [ 15.525278] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.525299] ? calculate_sigpending+0x7b/0xa0 [ 15.525324] ? __pfx_kthread+0x10/0x10 [ 15.525347] ret_from_fork+0x116/0x1d0 [ 15.525365] ? __pfx_kthread+0x10/0x10 [ 15.525386] ret_from_fork_asm+0x1a/0x30 [ 15.525417] </TASK> [ 15.525429] [ 15.533076] Allocated by task 302: [ 15.533205] kasan_save_stack+0x45/0x70 [ 15.533354] kasan_save_track+0x18/0x40 [ 15.533571] kasan_save_alloc_info+0x3b/0x50 [ 15.533879] __kasan_kmalloc+0xb7/0xc0 [ 15.534122] __kmalloc_noprof+0x1c9/0x500 [ 15.534323] kunit_kmalloc_array+0x25/0x60 [ 15.534527] copy_user_test_oob+0xab/0x10f0 [ 15.534850] kunit_try_run_case+0x1a5/0x480 [ 15.535070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.535250] kthread+0x337/0x6f0 [ 15.535374] ret_from_fork+0x116/0x1d0 [ 15.535506] ret_from_fork_asm+0x1a/0x30 [ 15.535765] [ 15.535861] The buggy address belongs to the object at ffff8881027e1800 [ 15.535861] which belongs to the cache kmalloc-128 of size 128 [ 15.536460] The buggy address is located 0 bytes inside of [ 15.536460] allocated 120-byte region [ffff8881027e1800, ffff8881027e1878) [ 15.536956] [ 15.537062] The buggy address belongs to the physical page: [ 15.537328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.537597] flags: 0x200000000000000(node=0|zone=2) [ 15.537955] page_type: f5(slab) [ 15.538118] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.538617] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.538941] page dumped because: kasan: bad access detected [ 15.539182] [ 15.539277] Memory state around the buggy address: [ 15.539492] ffff8881027e1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.539805] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540135] >ffff8881027e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.540444] ^ [ 15.540698] ffff8881027e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540916] ffff8881027e1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.541216] ================================================================== [ 15.561898] ================================================================== [ 15.562330] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.562633] Read of size 121 at addr ffff8881027e1800 by task kunit_try_catch/302 [ 15.563003] [ 15.563112] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.563158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.563171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.563194] Call Trace: [ 15.563215] <TASK> [ 15.563234] dump_stack_lvl+0x73/0xb0 [ 15.563265] print_report+0xd1/0x650 [ 15.563290] ? __virt_addr_valid+0x1db/0x2d0 [ 15.563315] ? copy_user_test_oob+0x604/0x10f0 [ 15.563339] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.563362] ? copy_user_test_oob+0x604/0x10f0 [ 15.563421] kasan_report+0x141/0x180 [ 15.563459] ? copy_user_test_oob+0x604/0x10f0 [ 15.563513] kasan_check_range+0x10c/0x1c0 [ 15.563550] __kasan_check_read+0x15/0x20 [ 15.563584] copy_user_test_oob+0x604/0x10f0 [ 15.563636] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.563672] ? finish_task_switch.isra.0+0x153/0x700 [ 15.563708] ? __switch_to+0x47/0xf50 [ 15.563748] ? __schedule+0x10cc/0x2b60 [ 15.563785] ? __pfx_read_tsc+0x10/0x10 [ 15.563806] ? ktime_get_ts64+0x86/0x230 [ 15.563844] kunit_try_run_case+0x1a5/0x480 [ 15.563895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.563940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.563964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.563988] ? __kthread_parkme+0x82/0x180 [ 15.564028] ? preempt_count_sub+0x50/0x80 [ 15.564051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.564075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.564099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.564122] kthread+0x337/0x6f0 [ 15.564147] ? trace_preempt_on+0x20/0xc0 [ 15.564172] ? __pfx_kthread+0x10/0x10 [ 15.564194] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.564216] ? calculate_sigpending+0x7b/0xa0 [ 15.564241] ? __pfx_kthread+0x10/0x10 [ 15.564263] ret_from_fork+0x116/0x1d0 [ 15.564282] ? __pfx_kthread+0x10/0x10 [ 15.564313] ret_from_fork_asm+0x1a/0x30 [ 15.564344] </TASK> [ 15.564358] [ 15.572997] Allocated by task 302: [ 15.573239] kasan_save_stack+0x45/0x70 [ 15.573456] kasan_save_track+0x18/0x40 [ 15.573709] kasan_save_alloc_info+0x3b/0x50 [ 15.573935] __kasan_kmalloc+0xb7/0xc0 [ 15.574144] __kmalloc_noprof+0x1c9/0x500 [ 15.574368] kunit_kmalloc_array+0x25/0x60 [ 15.574570] copy_user_test_oob+0xab/0x10f0 [ 15.574803] kunit_try_run_case+0x1a5/0x480 [ 15.575050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.575317] kthread+0x337/0x6f0 [ 15.575484] ret_from_fork+0x116/0x1d0 [ 15.575738] ret_from_fork_asm+0x1a/0x30 [ 15.575909] [ 15.576007] The buggy address belongs to the object at ffff8881027e1800 [ 15.576007] which belongs to the cache kmalloc-128 of size 128 [ 15.576607] The buggy address is located 0 bytes inside of [ 15.576607] allocated 120-byte region [ffff8881027e1800, ffff8881027e1878) [ 15.577186] [ 15.577317] The buggy address belongs to the physical page: [ 15.577590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.578013] flags: 0x200000000000000(node=0|zone=2) [ 15.578310] page_type: f5(slab) [ 15.578509] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.578946] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.579387] page dumped because: kasan: bad access detected [ 15.579633] [ 15.579728] Memory state around the buggy address: [ 15.579975] ffff8881027e1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.580422] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.580784] >ffff8881027e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.581126] ^ [ 15.581435] ffff8881027e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.581784] ffff8881027e1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.582100] ================================================================== [ 15.505161] ================================================================== [ 15.505527] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.505902] Write of size 121 at addr ffff8881027e1800 by task kunit_try_catch/302 [ 15.506263] [ 15.506362] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.506410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.506424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.506448] Call Trace: [ 15.506464] <TASK> [ 15.506485] dump_stack_lvl+0x73/0xb0 [ 15.506526] print_report+0xd1/0x650 [ 15.506551] ? __virt_addr_valid+0x1db/0x2d0 [ 15.506576] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.506612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.506636] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.506672] kasan_report+0x141/0x180 [ 15.506695] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.506733] kasan_check_range+0x10c/0x1c0 [ 15.506757] __kasan_check_write+0x18/0x20 [ 15.506777] copy_user_test_oob+0x3fd/0x10f0 [ 15.506814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.506837] ? finish_task_switch.isra.0+0x153/0x700 [ 15.506861] ? __switch_to+0x47/0xf50 [ 15.506896] ? __schedule+0x10cc/0x2b60 [ 15.506920] ? __pfx_read_tsc+0x10/0x10 [ 15.506942] ? ktime_get_ts64+0x86/0x230 [ 15.506976] kunit_try_run_case+0x1a5/0x480 [ 15.507001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.507056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.507080] ? __kthread_parkme+0x82/0x180 [ 15.507101] ? preempt_count_sub+0x50/0x80 [ 15.507124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.507172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.507195] kthread+0x337/0x6f0 [ 15.507215] ? trace_preempt_on+0x20/0xc0 [ 15.507239] ? __pfx_kthread+0x10/0x10 [ 15.507260] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.507281] ? calculate_sigpending+0x7b/0xa0 [ 15.507306] ? __pfx_kthread+0x10/0x10 [ 15.507328] ret_from_fork+0x116/0x1d0 [ 15.507347] ? __pfx_kthread+0x10/0x10 [ 15.507368] ret_from_fork_asm+0x1a/0x30 [ 15.507398] </TASK> [ 15.507410] [ 15.514809] Allocated by task 302: [ 15.514961] kasan_save_stack+0x45/0x70 [ 15.515122] kasan_save_track+0x18/0x40 [ 15.515260] kasan_save_alloc_info+0x3b/0x50 [ 15.515498] __kasan_kmalloc+0xb7/0xc0 [ 15.515684] __kmalloc_noprof+0x1c9/0x500 [ 15.515885] kunit_kmalloc_array+0x25/0x60 [ 15.516078] copy_user_test_oob+0xab/0x10f0 [ 15.516230] kunit_try_run_case+0x1a5/0x480 [ 15.516399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.516656] kthread+0x337/0x6f0 [ 15.516831] ret_from_fork+0x116/0x1d0 [ 15.517056] ret_from_fork_asm+0x1a/0x30 [ 15.517248] [ 15.517323] The buggy address belongs to the object at ffff8881027e1800 [ 15.517323] which belongs to the cache kmalloc-128 of size 128 [ 15.517843] The buggy address is located 0 bytes inside of [ 15.517843] allocated 120-byte region [ffff8881027e1800, ffff8881027e1878) [ 15.518342] [ 15.518432] The buggy address belongs to the physical page: [ 15.518607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027e1 [ 15.519012] flags: 0x200000000000000(node=0|zone=2) [ 15.519223] page_type: f5(slab) [ 15.519393] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.519764] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.520090] page dumped because: kasan: bad access detected [ 15.520353] [ 15.520447] Memory state around the buggy address: [ 15.520677] ffff8881027e1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.520980] ffff8881027e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.521223] >ffff8881027e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.521440] ^ [ 15.521659] ffff8881027e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522006] ffff8881027e1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522327] ==================================================================