Date
July 3, 2025, 6:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.054979] ================================================================== [ 20.055043] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.055206] Write of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.055323] [ 20.055355] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.055437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.055465] Hardware name: linux,dummy-virt (DT) [ 20.055508] Call trace: [ 20.055546] show_stack+0x20/0x38 (C) [ 20.055604] dump_stack_lvl+0x8c/0xd0 [ 20.055651] print_report+0x118/0x608 [ 20.055702] kasan_report+0xdc/0x128 [ 20.055747] kasan_check_range+0x100/0x1a8 [ 20.055803] __kasan_check_write+0x20/0x30 [ 20.055850] copy_user_test_oob+0x434/0xec8 [ 20.055896] kunit_try_run_case+0x170/0x3f0 [ 20.055944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.055997] kthread+0x328/0x630 [ 20.056053] ret_from_fork+0x10/0x20 [ 20.056111] [ 20.056132] Allocated by task 285: [ 20.056162] kasan_save_stack+0x3c/0x68 [ 20.056203] kasan_save_track+0x20/0x40 [ 20.056243] kasan_save_alloc_info+0x40/0x58 [ 20.056284] __kasan_kmalloc+0xd4/0xd8 [ 20.056321] __kmalloc_noprof+0x198/0x4c8 [ 20.056360] kunit_kmalloc_array+0x34/0x88 [ 20.056397] copy_user_test_oob+0xac/0xec8 [ 20.056436] kunit_try_run_case+0x170/0x3f0 [ 20.056488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.056544] kthread+0x328/0x630 [ 20.056579] ret_from_fork+0x10/0x20 [ 20.056614] [ 20.056643] The buggy address belongs to the object at fff00000c7834500 [ 20.056643] which belongs to the cache kmalloc-128 of size 128 [ 20.056702] The buggy address is located 0 bytes inside of [ 20.056702] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.056763] [ 20.056785] The buggy address belongs to the physical page: [ 20.056822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.056874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.056921] page_type: f5(slab) [ 20.056966] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.057757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.057861] page dumped because: kasan: bad access detected [ 20.058022] [ 20.058258] Memory state around the buggy address: [ 20.058344] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.058390] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.058436] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.058475] ^ [ 20.058619] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.058671] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.058713] ================================================================== [ 20.059661] ================================================================== [ 20.059776] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.059827] Read of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.059882] [ 20.059912] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.060240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.060317] Hardware name: linux,dummy-virt (DT) [ 20.060382] Call trace: [ 20.060410] show_stack+0x20/0x38 (C) [ 20.060482] dump_stack_lvl+0x8c/0xd0 [ 20.060563] print_report+0x118/0x608 [ 20.060659] kasan_report+0xdc/0x128 [ 20.060729] kasan_check_range+0x100/0x1a8 [ 20.060777] __kasan_check_read+0x20/0x30 [ 20.060972] copy_user_test_oob+0x4a0/0xec8 [ 20.061046] kunit_try_run_case+0x170/0x3f0 [ 20.061117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.061170] kthread+0x328/0x630 [ 20.061213] ret_from_fork+0x10/0x20 [ 20.061352] [ 20.061375] Allocated by task 285: [ 20.061407] kasan_save_stack+0x3c/0x68 [ 20.061449] kasan_save_track+0x20/0x40 [ 20.061554] kasan_save_alloc_info+0x40/0x58 [ 20.061691] __kasan_kmalloc+0xd4/0xd8 [ 20.061788] __kmalloc_noprof+0x198/0x4c8 [ 20.061903] kunit_kmalloc_array+0x34/0x88 [ 20.062294] copy_user_test_oob+0xac/0xec8 [ 20.062465] kunit_try_run_case+0x170/0x3f0 [ 20.062594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.062674] kthread+0x328/0x630 [ 20.062720] ret_from_fork+0x10/0x20 [ 20.062820] [ 20.062869] The buggy address belongs to the object at fff00000c7834500 [ 20.062869] which belongs to the cache kmalloc-128 of size 128 [ 20.062991] The buggy address is located 0 bytes inside of [ 20.062991] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.063077] [ 20.063098] The buggy address belongs to the physical page: [ 20.063130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.063360] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.063502] page_type: f5(slab) [ 20.063659] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.063790] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.064054] page dumped because: kasan: bad access detected [ 20.064132] [ 20.064262] Memory state around the buggy address: [ 20.064407] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.064458] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.064504] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.064545] ^ [ 20.064588] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.064633] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.064762] ================================================================== [ 20.043936] ================================================================== [ 20.043994] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.044089] Write of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.044162] [ 20.044200] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.044338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.044369] Hardware name: linux,dummy-virt (DT) [ 20.044399] Call trace: [ 20.044423] show_stack+0x20/0x38 (C) [ 20.044482] dump_stack_lvl+0x8c/0xd0 [ 20.044537] print_report+0x118/0x608 [ 20.044898] kasan_report+0xdc/0x128 [ 20.045009] kasan_check_range+0x100/0x1a8 [ 20.045132] __kasan_check_write+0x20/0x30 [ 20.045261] copy_user_test_oob+0x35c/0xec8 [ 20.045310] kunit_try_run_case+0x170/0x3f0 [ 20.045387] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.045696] kthread+0x328/0x630 [ 20.045783] ret_from_fork+0x10/0x20 [ 20.045948] [ 20.046008] Allocated by task 285: [ 20.046128] kasan_save_stack+0x3c/0x68 [ 20.046172] kasan_save_track+0x20/0x40 [ 20.046256] kasan_save_alloc_info+0x40/0x58 [ 20.046548] __kasan_kmalloc+0xd4/0xd8 [ 20.046629] __kmalloc_noprof+0x198/0x4c8 [ 20.046688] kunit_kmalloc_array+0x34/0x88 [ 20.046772] copy_user_test_oob+0xac/0xec8 [ 20.046880] kunit_try_run_case+0x170/0x3f0 [ 20.046922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.047195] kthread+0x328/0x630 [ 20.047324] ret_from_fork+0x10/0x20 [ 20.047466] [ 20.047545] The buggy address belongs to the object at fff00000c7834500 [ 20.047545] which belongs to the cache kmalloc-128 of size 128 [ 20.047662] The buggy address is located 0 bytes inside of [ 20.047662] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.047756] [ 20.047824] The buggy address belongs to the physical page: [ 20.047870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.047922] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.048276] page_type: f5(slab) [ 20.048410] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.048526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.048605] page dumped because: kasan: bad access detected [ 20.048640] [ 20.048660] Memory state around the buggy address: [ 20.048815] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.048862] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.048987] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.049146] ^ [ 20.049212] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.049282] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.049370] ================================================================== [ 20.049946] ================================================================== [ 20.049999] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.050084] Read of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.050136] [ 20.050167] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.050251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.050383] Hardware name: linux,dummy-virt (DT) [ 20.050475] Call trace: [ 20.050621] show_stack+0x20/0x38 (C) [ 20.050828] dump_stack_lvl+0x8c/0xd0 [ 20.050887] print_report+0x118/0x608 [ 20.050975] kasan_report+0xdc/0x128 [ 20.051025] kasan_check_range+0x100/0x1a8 [ 20.051194] __kasan_check_read+0x20/0x30 [ 20.051310] copy_user_test_oob+0x3c8/0xec8 [ 20.051365] kunit_try_run_case+0x170/0x3f0 [ 20.051453] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.051535] kthread+0x328/0x630 [ 20.051601] ret_from_fork+0x10/0x20 [ 20.051652] [ 20.051691] Allocated by task 285: [ 20.051734] kasan_save_stack+0x3c/0x68 [ 20.051777] kasan_save_track+0x20/0x40 [ 20.051822] kasan_save_alloc_info+0x40/0x58 [ 20.051865] __kasan_kmalloc+0xd4/0xd8 [ 20.052023] __kmalloc_noprof+0x198/0x4c8 [ 20.052193] kunit_kmalloc_array+0x34/0x88 [ 20.052246] copy_user_test_oob+0xac/0xec8 [ 20.052295] kunit_try_run_case+0x170/0x3f0 [ 20.052336] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.052381] kthread+0x328/0x630 [ 20.052414] ret_from_fork+0x10/0x20 [ 20.052457] [ 20.052488] The buggy address belongs to the object at fff00000c7834500 [ 20.052488] which belongs to the cache kmalloc-128 of size 128 [ 20.052719] The buggy address is located 0 bytes inside of [ 20.052719] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.052844] [ 20.052953] The buggy address belongs to the physical page: [ 20.053012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.053075] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.053311] page_type: f5(slab) [ 20.053368] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.053476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.053582] page dumped because: kasan: bad access detected [ 20.053672] [ 20.053751] Memory state around the buggy address: [ 20.053847] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.053946] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.054004] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.054182] ^ [ 20.054373] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.054493] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.054592] ================================================================== [ 20.026370] ================================================================== [ 20.026514] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.026652] Write of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.026708] [ 20.026753] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.027138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.027170] Hardware name: linux,dummy-virt (DT) [ 20.027255] Call trace: [ 20.027283] show_stack+0x20/0x38 (C) [ 20.027337] dump_stack_lvl+0x8c/0xd0 [ 20.027388] print_report+0x118/0x608 [ 20.027443] kasan_report+0xdc/0x128 [ 20.027489] kasan_check_range+0x100/0x1a8 [ 20.027575] __kasan_check_write+0x20/0x30 [ 20.027669] copy_user_test_oob+0x234/0xec8 [ 20.027721] kunit_try_run_case+0x170/0x3f0 [ 20.027772] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.027825] kthread+0x328/0x630 [ 20.027868] ret_from_fork+0x10/0x20 [ 20.027920] [ 20.027941] Allocated by task 285: [ 20.027971] kasan_save_stack+0x3c/0x68 [ 20.028016] kasan_save_track+0x20/0x40 [ 20.028064] kasan_save_alloc_info+0x40/0x58 [ 20.028134] __kasan_kmalloc+0xd4/0xd8 [ 20.028172] __kmalloc_noprof+0x198/0x4c8 [ 20.028214] kunit_kmalloc_array+0x34/0x88 [ 20.028252] copy_user_test_oob+0xac/0xec8 [ 20.028291] kunit_try_run_case+0x170/0x3f0 [ 20.028328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.028378] kthread+0x328/0x630 [ 20.028413] ret_from_fork+0x10/0x20 [ 20.028453] [ 20.028573] The buggy address belongs to the object at fff00000c7834500 [ 20.028573] which belongs to the cache kmalloc-128 of size 128 [ 20.028693] The buggy address is located 0 bytes inside of [ 20.028693] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.028783] [ 20.028838] The buggy address belongs to the physical page: [ 20.028882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.028968] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.029045] page_type: f5(slab) [ 20.029120] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.029174] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.029216] page dumped because: kasan: bad access detected [ 20.029250] [ 20.029271] Memory state around the buggy address: [ 20.029306] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.029351] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.029396] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.029438] ^ [ 20.029480] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.029531] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.029573] ================================================================== [ 20.035760] ================================================================== [ 20.035852] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.035904] Read of size 121 at addr fff00000c7834500 by task kunit_try_catch/285 [ 20.036009] [ 20.036061] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.036151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.036247] Hardware name: linux,dummy-virt (DT) [ 20.036315] Call trace: [ 20.036365] show_stack+0x20/0x38 (C) [ 20.036451] dump_stack_lvl+0x8c/0xd0 [ 20.036504] print_report+0x118/0x608 [ 20.036571] kasan_report+0xdc/0x128 [ 20.036904] kasan_check_range+0x100/0x1a8 [ 20.037133] __kasan_check_read+0x20/0x30 [ 20.037183] copy_user_test_oob+0x728/0xec8 [ 20.037410] kunit_try_run_case+0x170/0x3f0 [ 20.037457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.037565] kthread+0x328/0x630 [ 20.037634] ret_from_fork+0x10/0x20 [ 20.037757] [ 20.037875] Allocated by task 285: [ 20.038017] kasan_save_stack+0x3c/0x68 [ 20.038134] kasan_save_track+0x20/0x40 [ 20.038251] kasan_save_alloc_info+0x40/0x58 [ 20.038366] __kasan_kmalloc+0xd4/0xd8 [ 20.038414] __kmalloc_noprof+0x198/0x4c8 [ 20.038487] kunit_kmalloc_array+0x34/0x88 [ 20.038533] copy_user_test_oob+0xac/0xec8 [ 20.038582] kunit_try_run_case+0x170/0x3f0 [ 20.038622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.038665] kthread+0x328/0x630 [ 20.038708] ret_from_fork+0x10/0x20 [ 20.038753] [ 20.038783] The buggy address belongs to the object at fff00000c7834500 [ 20.038783] which belongs to the cache kmalloc-128 of size 128 [ 20.038841] The buggy address is located 0 bytes inside of [ 20.038841] allocated 120-byte region [fff00000c7834500, fff00000c7834578) [ 20.038903] [ 20.038925] The buggy address belongs to the physical page: [ 20.038972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 20.039042] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.039104] page_type: f5(slab) [ 20.039152] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.039205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.039247] page dumped because: kasan: bad access detected [ 20.039297] [ 20.039329] Memory state around the buggy address: [ 20.039364] fff00000c7834400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.039410] fff00000c7834480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.039456] >fff00000c7834500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.039504] ^ [ 20.039552] fff00000c7834580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.039604] fff00000c7834600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.039660] ==================================================================
[ 15.523362] ================================================================== [ 15.523710] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.523998] Read of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.524336] [ 15.524442] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.524484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.524497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.524518] Call Trace: [ 15.524533] <TASK> [ 15.524547] dump_stack_lvl+0x73/0xb0 [ 15.524574] print_report+0xd1/0x650 [ 15.524597] ? __virt_addr_valid+0x1db/0x2d0 [ 15.524620] ? copy_user_test_oob+0x604/0x10f0 [ 15.524643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.524666] ? copy_user_test_oob+0x604/0x10f0 [ 15.524690] kasan_report+0x141/0x180 [ 15.524713] ? copy_user_test_oob+0x604/0x10f0 [ 15.524741] kasan_check_range+0x10c/0x1c0 [ 15.524765] __kasan_check_read+0x15/0x20 [ 15.524785] copy_user_test_oob+0x604/0x10f0 [ 15.524811] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.524833] ? finish_task_switch.isra.0+0x153/0x700 [ 15.524856] ? __switch_to+0x47/0xf50 [ 15.524881] ? __schedule+0x10cc/0x2b60 [ 15.524904] ? __pfx_read_tsc+0x10/0x10 [ 15.524925] ? ktime_get_ts64+0x86/0x230 [ 15.524950] kunit_try_run_case+0x1a5/0x480 [ 15.524975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.524998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.525022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.525046] ? __kthread_parkme+0x82/0x180 [ 15.525068] ? preempt_count_sub+0x50/0x80 [ 15.525091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.525128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.525152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.525176] kthread+0x337/0x6f0 [ 15.525196] ? trace_preempt_on+0x20/0xc0 [ 15.525221] ? __pfx_kthread+0x10/0x10 [ 15.525243] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.525264] ? calculate_sigpending+0x7b/0xa0 [ 15.525289] ? __pfx_kthread+0x10/0x10 [ 15.525311] ret_from_fork+0x116/0x1d0 [ 15.525341] ? __pfx_kthread+0x10/0x10 [ 15.525362] ret_from_fork_asm+0x1a/0x30 [ 15.525393] </TASK> [ 15.525403] [ 15.532775] Allocated by task 303: [ 15.532935] kasan_save_stack+0x45/0x70 [ 15.533082] kasan_save_track+0x18/0x40 [ 15.533291] kasan_save_alloc_info+0x3b/0x50 [ 15.533511] __kasan_kmalloc+0xb7/0xc0 [ 15.533648] __kmalloc_noprof+0x1c9/0x500 [ 15.533830] kunit_kmalloc_array+0x25/0x60 [ 15.534033] copy_user_test_oob+0xab/0x10f0 [ 15.534250] kunit_try_run_case+0x1a5/0x480 [ 15.534398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.534860] kthread+0x337/0x6f0 [ 15.534983] ret_from_fork+0x116/0x1d0 [ 15.535130] ret_from_fork_asm+0x1a/0x30 [ 15.535334] [ 15.535433] The buggy address belongs to the object at ffff8881029dbd00 [ 15.535433] which belongs to the cache kmalloc-128 of size 128 [ 15.536036] The buggy address is located 0 bytes inside of [ 15.536036] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.536402] [ 15.536476] The buggy address belongs to the physical page: [ 15.536649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.536887] flags: 0x200000000000000(node=0|zone=2) [ 15.537050] page_type: f5(slab) [ 15.537227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.537566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.538167] page dumped because: kasan: bad access detected [ 15.538449] [ 15.538521] Memory state around the buggy address: [ 15.538679] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.538899] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.539126] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.539399] ^ [ 15.539717] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540045] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540441] ================================================================== [ 15.504129] ================================================================== [ 15.505092] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.505702] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.506326] [ 15.506415] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.506474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.506487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.506509] Call Trace: [ 15.506532] <TASK> [ 15.506547] dump_stack_lvl+0x73/0xb0 [ 15.506574] print_report+0xd1/0x650 [ 15.506619] ? __virt_addr_valid+0x1db/0x2d0 [ 15.506643] ? copy_user_test_oob+0x557/0x10f0 [ 15.506667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.506690] ? copy_user_test_oob+0x557/0x10f0 [ 15.506715] kasan_report+0x141/0x180 [ 15.506739] ? copy_user_test_oob+0x557/0x10f0 [ 15.506767] kasan_check_range+0x10c/0x1c0 [ 15.506792] __kasan_check_write+0x18/0x20 [ 15.506811] copy_user_test_oob+0x557/0x10f0 [ 15.506837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.506860] ? finish_task_switch.isra.0+0x153/0x700 [ 15.506883] ? __switch_to+0x47/0xf50 [ 15.506909] ? __schedule+0x10cc/0x2b60 [ 15.506931] ? __pfx_read_tsc+0x10/0x10 [ 15.506952] ? ktime_get_ts64+0x86/0x230 [ 15.506977] kunit_try_run_case+0x1a5/0x480 [ 15.507001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.507048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.507071] ? __kthread_parkme+0x82/0x180 [ 15.507093] ? preempt_count_sub+0x50/0x80 [ 15.507127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.507176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.507206] kthread+0x337/0x6f0 [ 15.507226] ? trace_preempt_on+0x20/0xc0 [ 15.507250] ? __pfx_kthread+0x10/0x10 [ 15.507271] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.507292] ? calculate_sigpending+0x7b/0xa0 [ 15.507319] ? __pfx_kthread+0x10/0x10 [ 15.507342] ret_from_fork+0x116/0x1d0 [ 15.507361] ? __pfx_kthread+0x10/0x10 [ 15.507382] ret_from_fork_asm+0x1a/0x30 [ 15.507412] </TASK> [ 15.507424] [ 15.514975] Allocated by task 303: [ 15.515117] kasan_save_stack+0x45/0x70 [ 15.515325] kasan_save_track+0x18/0x40 [ 15.515522] kasan_save_alloc_info+0x3b/0x50 [ 15.515866] __kasan_kmalloc+0xb7/0xc0 [ 15.516029] __kmalloc_noprof+0x1c9/0x500 [ 15.516182] kunit_kmalloc_array+0x25/0x60 [ 15.516348] copy_user_test_oob+0xab/0x10f0 [ 15.516564] kunit_try_run_case+0x1a5/0x480 [ 15.516771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.517020] kthread+0x337/0x6f0 [ 15.517204] ret_from_fork+0x116/0x1d0 [ 15.517412] ret_from_fork_asm+0x1a/0x30 [ 15.517590] [ 15.517677] The buggy address belongs to the object at ffff8881029dbd00 [ 15.517677] which belongs to the cache kmalloc-128 of size 128 [ 15.518131] The buggy address is located 0 bytes inside of [ 15.518131] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.518644] [ 15.518719] The buggy address belongs to the physical page: [ 15.518893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.519146] flags: 0x200000000000000(node=0|zone=2) [ 15.519362] page_type: f5(slab) [ 15.519531] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.520067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.520417] page dumped because: kasan: bad access detected [ 15.520667] [ 15.520737] Memory state around the buggy address: [ 15.520894] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.521130] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.521609] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.521936] ^ [ 15.522253] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522642] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522905] ================================================================== [ 15.459514] ================================================================== [ 15.459845] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.460344] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.460627] [ 15.460738] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.460783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.460797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.460817] Call Trace: [ 15.460832] <TASK> [ 15.460850] dump_stack_lvl+0x73/0xb0 [ 15.460877] print_report+0xd1/0x650 [ 15.460899] ? __virt_addr_valid+0x1db/0x2d0 [ 15.460922] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.460946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.460969] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.460993] kasan_report+0x141/0x180 [ 15.461016] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.461044] kasan_check_range+0x10c/0x1c0 [ 15.461068] __kasan_check_write+0x18/0x20 [ 15.461088] copy_user_test_oob+0x3fd/0x10f0 [ 15.461126] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.461149] ? finish_task_switch.isra.0+0x153/0x700 [ 15.461171] ? __switch_to+0x47/0xf50 [ 15.461196] ? __schedule+0x10cc/0x2b60 [ 15.461218] ? __pfx_read_tsc+0x10/0x10 [ 15.461240] ? ktime_get_ts64+0x86/0x230 [ 15.461263] kunit_try_run_case+0x1a5/0x480 [ 15.461287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.461332] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.461356] ? __kthread_parkme+0x82/0x180 [ 15.461377] ? preempt_count_sub+0x50/0x80 [ 15.461401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.461451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.461475] kthread+0x337/0x6f0 [ 15.461495] ? trace_preempt_on+0x20/0xc0 [ 15.461518] ? __pfx_kthread+0x10/0x10 [ 15.461540] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.461561] ? calculate_sigpending+0x7b/0xa0 [ 15.461585] ? __pfx_kthread+0x10/0x10 [ 15.461607] ret_from_fork+0x116/0x1d0 [ 15.461626] ? __pfx_kthread+0x10/0x10 [ 15.461648] ret_from_fork_asm+0x1a/0x30 [ 15.461679] </TASK> [ 15.461690] [ 15.470480] Allocated by task 303: [ 15.470622] kasan_save_stack+0x45/0x70 [ 15.470836] kasan_save_track+0x18/0x40 [ 15.471033] kasan_save_alloc_info+0x3b/0x50 [ 15.471262] __kasan_kmalloc+0xb7/0xc0 [ 15.471431] __kmalloc_noprof+0x1c9/0x500 [ 15.471664] kunit_kmalloc_array+0x25/0x60 [ 15.471908] copy_user_test_oob+0xab/0x10f0 [ 15.472127] kunit_try_run_case+0x1a5/0x480 [ 15.472360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.472537] kthread+0x337/0x6f0 [ 15.472827] ret_from_fork+0x116/0x1d0 [ 15.473612] ret_from_fork_asm+0x1a/0x30 [ 15.473776] [ 15.473878] The buggy address belongs to the object at ffff8881029dbd00 [ 15.473878] which belongs to the cache kmalloc-128 of size 128 [ 15.474573] The buggy address is located 0 bytes inside of [ 15.474573] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.475058] [ 15.475152] The buggy address belongs to the physical page: [ 15.475599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.475939] flags: 0x200000000000000(node=0|zone=2) [ 15.476172] page_type: f5(slab) [ 15.476322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.476842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.477247] page dumped because: kasan: bad access detected [ 15.477623] [ 15.477704] Memory state around the buggy address: [ 15.477929] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.478270] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.478781] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.479155] ^ [ 15.479653] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.480069] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.480525] ================================================================== [ 15.481558] ================================================================== [ 15.481876] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.482376] Read of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.482651] [ 15.482764] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.482806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.482819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.482841] Call Trace: [ 15.482856] <TASK> [ 15.482871] dump_stack_lvl+0x73/0xb0 [ 15.482898] print_report+0xd1/0x650 [ 15.482921] ? __virt_addr_valid+0x1db/0x2d0 [ 15.482944] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.482967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.482990] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.483014] kasan_report+0x141/0x180 [ 15.483037] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.483065] kasan_check_range+0x10c/0x1c0 [ 15.483089] __kasan_check_read+0x15/0x20 [ 15.483137] copy_user_test_oob+0x4aa/0x10f0 [ 15.483163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.483186] ? finish_task_switch.isra.0+0x153/0x700 [ 15.483212] ? __switch_to+0x47/0xf50 [ 15.483396] ? __schedule+0x10cc/0x2b60 [ 15.483421] ? __pfx_read_tsc+0x10/0x10 [ 15.483443] ? ktime_get_ts64+0x86/0x230 [ 15.483467] kunit_try_run_case+0x1a5/0x480 [ 15.483494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.483517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.483556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.483580] ? __kthread_parkme+0x82/0x180 [ 15.483615] ? preempt_count_sub+0x50/0x80 [ 15.483640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.483665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.483689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.483714] kthread+0x337/0x6f0 [ 15.483735] ? trace_preempt_on+0x20/0xc0 [ 15.483758] ? __pfx_kthread+0x10/0x10 [ 15.483780] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.483802] ? calculate_sigpending+0x7b/0xa0 [ 15.483826] ? __pfx_kthread+0x10/0x10 [ 15.483848] ret_from_fork+0x116/0x1d0 [ 15.483867] ? __pfx_kthread+0x10/0x10 [ 15.483888] ret_from_fork_asm+0x1a/0x30 [ 15.483918] </TASK> [ 15.483931] [ 15.491244] Allocated by task 303: [ 15.491407] kasan_save_stack+0x45/0x70 [ 15.491561] kasan_save_track+0x18/0x40 [ 15.491934] kasan_save_alloc_info+0x3b/0x50 [ 15.492619] __kasan_kmalloc+0xb7/0xc0 [ 15.492822] __kmalloc_noprof+0x1c9/0x500 [ 15.493031] kunit_kmalloc_array+0x25/0x60 [ 15.493480] copy_user_test_oob+0xab/0x10f0 [ 15.493645] kunit_try_run_case+0x1a5/0x480 [ 15.493796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.493975] kthread+0x337/0x6f0 [ 15.494110] ret_from_fork+0x116/0x1d0 [ 15.494656] ret_from_fork_asm+0x1a/0x30 [ 15.494808] [ 15.494883] The buggy address belongs to the object at ffff8881029dbd00 [ 15.494883] which belongs to the cache kmalloc-128 of size 128 [ 15.495547] The buggy address is located 0 bytes inside of [ 15.495547] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.496123] [ 15.496227] The buggy address belongs to the physical page: [ 15.496804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.497481] flags: 0x200000000000000(node=0|zone=2) [ 15.497953] page_type: f5(slab) [ 15.498282] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.498927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.499497] page dumped because: kasan: bad access detected [ 15.499963] [ 15.500183] Memory state around the buggy address: [ 15.500383] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.501022] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.501711] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.502115] ^ [ 15.502692] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.503083] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.503656] ==================================================================