Date
July 5, 2025, 5:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.299387] ================================================================== [ 21.299446] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 21.299659] Read of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.299721] [ 21.299770] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.299891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.299939] Hardware name: linux,dummy-virt (DT) [ 21.300002] Call trace: [ 21.300030] show_stack+0x20/0x38 (C) [ 21.300096] dump_stack_lvl+0x8c/0xd0 [ 21.300186] print_report+0x118/0x608 [ 21.300235] kasan_report+0xdc/0x128 [ 21.300295] kasan_check_range+0x100/0x1a8 [ 21.300343] __kasan_check_read+0x20/0x30 [ 21.300389] copy_user_test_oob+0x3c8/0xec8 [ 21.300459] kunit_try_run_case+0x170/0x3f0 [ 21.300510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.300562] kthread+0x328/0x630 [ 21.300604] ret_from_fork+0x10/0x20 [ 21.300651] [ 21.300672] Allocated by task 285: [ 21.300782] kasan_save_stack+0x3c/0x68 [ 21.300849] kasan_save_track+0x20/0x40 [ 21.300905] kasan_save_alloc_info+0x40/0x58 [ 21.300948] __kasan_kmalloc+0xd4/0xd8 [ 21.300985] __kmalloc_noprof+0x198/0x4c8 [ 21.301042] kunit_kmalloc_array+0x34/0x88 [ 21.301095] copy_user_test_oob+0xac/0xec8 [ 21.301141] kunit_try_run_case+0x170/0x3f0 [ 21.301196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.301242] kthread+0x328/0x630 [ 21.301276] ret_from_fork+0x10/0x20 [ 21.301312] [ 21.301358] The buggy address belongs to the object at fff00000c6398d00 [ 21.301358] which belongs to the cache kmalloc-128 of size 128 [ 21.301489] The buggy address is located 0 bytes inside of [ 21.301489] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.301552] [ 21.301612] The buggy address belongs to the physical page: [ 21.301656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.301707] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.301754] page_type: f5(slab) [ 21.301800] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.301893] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.301937] page dumped because: kasan: bad access detected [ 21.302088] [ 21.302110] Memory state around the buggy address: [ 21.302229] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.302275] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.302318] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.302377] ^ [ 21.302420] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.302505] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.302551] ================================================================== [ 21.284360] ================================================================== [ 21.284478] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 21.284671] Read of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.284770] [ 21.284805] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.284922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.284969] Hardware name: linux,dummy-virt (DT) [ 21.285007] Call trace: [ 21.285056] show_stack+0x20/0x38 (C) [ 21.285107] dump_stack_lvl+0x8c/0xd0 [ 21.285181] print_report+0x118/0x608 [ 21.285228] kasan_report+0xdc/0x128 [ 21.285274] kasan_check_range+0x100/0x1a8 [ 21.285325] __kasan_check_read+0x20/0x30 [ 21.285370] copy_user_test_oob+0x728/0xec8 [ 21.285540] kunit_try_run_case+0x170/0x3f0 [ 21.285622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.285695] kthread+0x328/0x630 [ 21.285766] ret_from_fork+0x10/0x20 [ 21.285973] [ 21.286002] Allocated by task 285: [ 21.286072] kasan_save_stack+0x3c/0x68 [ 21.286117] kasan_save_track+0x20/0x40 [ 21.286157] kasan_save_alloc_info+0x40/0x58 [ 21.286277] __kasan_kmalloc+0xd4/0xd8 [ 21.286358] __kmalloc_noprof+0x198/0x4c8 [ 21.286471] kunit_kmalloc_array+0x34/0x88 [ 21.286514] copy_user_test_oob+0xac/0xec8 [ 21.286588] kunit_try_run_case+0x170/0x3f0 [ 21.286635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.286699] kthread+0x328/0x630 [ 21.286742] ret_from_fork+0x10/0x20 [ 21.286963] [ 21.287010] The buggy address belongs to the object at fff00000c6398d00 [ 21.287010] which belongs to the cache kmalloc-128 of size 128 [ 21.287074] The buggy address is located 0 bytes inside of [ 21.287074] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.287137] [ 21.287162] The buggy address belongs to the physical page: [ 21.287192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.287506] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.287595] page_type: f5(slab) [ 21.287652] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.287726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.287909] page dumped because: kasan: bad access detected [ 21.288001] [ 21.288022] Memory state around the buggy address: [ 21.288131] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.288221] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288310] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.288426] ^ [ 21.288505] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288589] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.288645] ================================================================== [ 21.274952] ================================================================== [ 21.275056] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 21.275149] Write of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.275206] [ 21.275250] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.275338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.275367] Hardware name: linux,dummy-virt (DT) [ 21.275402] Call trace: [ 21.275440] show_stack+0x20/0x38 (C) [ 21.275492] dump_stack_lvl+0x8c/0xd0 [ 21.275543] print_report+0x118/0x608 [ 21.275599] kasan_report+0xdc/0x128 [ 21.275645] kasan_check_range+0x100/0x1a8 [ 21.275704] __kasan_check_write+0x20/0x30 [ 21.275757] copy_user_test_oob+0x234/0xec8 [ 21.275806] kunit_try_run_case+0x170/0x3f0 [ 21.275854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.275919] kthread+0x328/0x630 [ 21.275963] ret_from_fork+0x10/0x20 [ 21.276058] [ 21.276104] Allocated by task 285: [ 21.276971] kasan_save_stack+0x3c/0x68 [ 21.277080] kasan_save_track+0x20/0x40 [ 21.277244] kasan_save_alloc_info+0x40/0x58 [ 21.277333] __kasan_kmalloc+0xd4/0xd8 [ 21.277434] __kmalloc_noprof+0x198/0x4c8 [ 21.277512] kunit_kmalloc_array+0x34/0x88 [ 21.277623] copy_user_test_oob+0xac/0xec8 [ 21.277690] kunit_try_run_case+0x170/0x3f0 [ 21.277778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.277847] kthread+0x328/0x630 [ 21.277919] ret_from_fork+0x10/0x20 [ 21.278007] [ 21.278056] The buggy address belongs to the object at fff00000c6398d00 [ 21.278056] which belongs to the cache kmalloc-128 of size 128 [ 21.278118] The buggy address is located 0 bytes inside of [ 21.278118] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.278180] [ 21.278226] The buggy address belongs to the physical page: [ 21.278262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.278398] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.278469] page_type: f5(slab) [ 21.278511] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.278565] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.278632] page dumped because: kasan: bad access detected [ 21.278777] [ 21.278821] Memory state around the buggy address: [ 21.278908] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.278984] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279048] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.279111] ^ [ 21.279189] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279244] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.279450] ================================================================== [ 21.294107] ================================================================== [ 21.294169] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 21.294224] Write of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.294302] [ 21.294338] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.294420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.294449] Hardware name: linux,dummy-virt (DT) [ 21.294480] Call trace: [ 21.294504] show_stack+0x20/0x38 (C) [ 21.294713] dump_stack_lvl+0x8c/0xd0 [ 21.294824] print_report+0x118/0x608 [ 21.294936] kasan_report+0xdc/0x128 [ 21.295143] kasan_check_range+0x100/0x1a8 [ 21.295318] __kasan_check_write+0x20/0x30 [ 21.295384] copy_user_test_oob+0x35c/0xec8 [ 21.295487] kunit_try_run_case+0x170/0x3f0 [ 21.295574] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.295665] kthread+0x328/0x630 [ 21.295748] ret_from_fork+0x10/0x20 [ 21.295886] [ 21.295955] Allocated by task 285: [ 21.296007] kasan_save_stack+0x3c/0x68 [ 21.296093] kasan_save_track+0x20/0x40 [ 21.296250] kasan_save_alloc_info+0x40/0x58 [ 21.296429] __kasan_kmalloc+0xd4/0xd8 [ 21.296510] __kmalloc_noprof+0x198/0x4c8 [ 21.296622] kunit_kmalloc_array+0x34/0x88 [ 21.296731] copy_user_test_oob+0xac/0xec8 [ 21.296812] kunit_try_run_case+0x170/0x3f0 [ 21.296882] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.296966] kthread+0x328/0x630 [ 21.297025] ret_from_fork+0x10/0x20 [ 21.297080] [ 21.297104] The buggy address belongs to the object at fff00000c6398d00 [ 21.297104] which belongs to the cache kmalloc-128 of size 128 [ 21.297161] The buggy address is located 0 bytes inside of [ 21.297161] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.297248] [ 21.297274] The buggy address belongs to the physical page: [ 21.297306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.297359] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.297407] page_type: f5(slab) [ 21.297445] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.297615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.297717] page dumped because: kasan: bad access detected [ 21.297806] [ 21.297837] Memory state around the buggy address: [ 21.297917] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.298250] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298317] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.298452] ^ [ 21.298558] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298642] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298683] ================================================================== [ 21.302695] ================================================================== [ 21.302738] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 21.303124] Write of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.303220] [ 21.303279] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.303402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.303436] Hardware name: linux,dummy-virt (DT) [ 21.303467] Call trace: [ 21.303489] show_stack+0x20/0x38 (C) [ 21.303536] dump_stack_lvl+0x8c/0xd0 [ 21.303585] print_report+0x118/0x608 [ 21.303631] kasan_report+0xdc/0x128 [ 21.303678] kasan_check_range+0x100/0x1a8 [ 21.303726] __kasan_check_write+0x20/0x30 [ 21.303773] copy_user_test_oob+0x434/0xec8 [ 21.303820] kunit_try_run_case+0x170/0x3f0 [ 21.303879] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.304087] kthread+0x328/0x630 [ 21.304150] ret_from_fork+0x10/0x20 [ 21.304292] [ 21.304350] Allocated by task 285: [ 21.304434] kasan_save_stack+0x3c/0x68 [ 21.304671] kasan_save_track+0x20/0x40 [ 21.304757] kasan_save_alloc_info+0x40/0x58 [ 21.305105] __kasan_kmalloc+0xd4/0xd8 [ 21.305147] __kmalloc_noprof+0x198/0x4c8 [ 21.305187] kunit_kmalloc_array+0x34/0x88 [ 21.305225] copy_user_test_oob+0xac/0xec8 [ 21.305265] kunit_try_run_case+0x170/0x3f0 [ 21.305305] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.305351] kthread+0x328/0x630 [ 21.305386] ret_from_fork+0x10/0x20 [ 21.305422] [ 21.305445] The buggy address belongs to the object at fff00000c6398d00 [ 21.305445] which belongs to the cache kmalloc-128 of size 128 [ 21.305503] The buggy address is located 0 bytes inside of [ 21.305503] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.305566] [ 21.305586] The buggy address belongs to the physical page: [ 21.305618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.305669] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.305716] page_type: f5(slab) [ 21.305754] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.305804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.305846] page dumped because: kasan: bad access detected [ 21.305957] [ 21.306024] Memory state around the buggy address: [ 21.306137] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.306183] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.306227] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.306266] ^ [ 21.306309] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.306363] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.306411] ================================================================== [ 21.306632] ================================================================== [ 21.306707] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 21.307016] Read of size 121 at addr fff00000c6398d00 by task kunit_try_catch/285 [ 21.307124] [ 21.307232] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 21.307447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.307480] Hardware name: linux,dummy-virt (DT) [ 21.307511] Call trace: [ 21.307535] show_stack+0x20/0x38 (C) [ 21.307586] dump_stack_lvl+0x8c/0xd0 [ 21.307635] print_report+0x118/0x608 [ 21.307681] kasan_report+0xdc/0x128 [ 21.307727] kasan_check_range+0x100/0x1a8 [ 21.307776] __kasan_check_read+0x20/0x30 [ 21.307960] copy_user_test_oob+0x4a0/0xec8 [ 21.308112] kunit_try_run_case+0x170/0x3f0 [ 21.308169] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.308268] kthread+0x328/0x630 [ 21.308345] ret_from_fork+0x10/0x20 [ 21.308393] [ 21.308413] Allocated by task 285: [ 21.308443] kasan_save_stack+0x3c/0x68 [ 21.308685] kasan_save_track+0x20/0x40 [ 21.308752] kasan_save_alloc_info+0x40/0x58 [ 21.308872] __kasan_kmalloc+0xd4/0xd8 [ 21.308911] __kmalloc_noprof+0x198/0x4c8 [ 21.309089] kunit_kmalloc_array+0x34/0x88 [ 21.309178] copy_user_test_oob+0xac/0xec8 [ 21.309221] kunit_try_run_case+0x170/0x3f0 [ 21.309346] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.309436] kthread+0x328/0x630 [ 21.309513] ret_from_fork+0x10/0x20 [ 21.309569] [ 21.309590] The buggy address belongs to the object at fff00000c6398d00 [ 21.309590] which belongs to the cache kmalloc-128 of size 128 [ 21.309649] The buggy address is located 0 bytes inside of [ 21.309649] allocated 120-byte region [fff00000c6398d00, fff00000c6398d78) [ 21.309870] [ 21.309945] The buggy address belongs to the physical page: [ 21.310012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398 [ 21.310158] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.310254] page_type: f5(slab) [ 21.310381] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.310452] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.310518] page dumped because: kasan: bad access detected [ 21.310559] [ 21.310579] Memory state around the buggy address: [ 21.310613] fff00000c6398c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.310656] fff00000c6398c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.310710] >fff00000c6398d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.311065] ^ [ 21.311161] fff00000c6398d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.311207] fff00000c6398e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.311247] ==================================================================
[ 15.708488] ================================================================== [ 15.708747] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.709907] Read of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.710227] [ 15.710605] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.710655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.710670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.710704] Call Trace: [ 15.710719] <TASK> [ 15.710737] dump_stack_lvl+0x73/0xb0 [ 15.710792] print_report+0xd1/0x650 [ 15.710819] ? __virt_addr_valid+0x1db/0x2d0 [ 15.710846] ? copy_user_test_oob+0x604/0x10f0 [ 15.710872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.710896] ? copy_user_test_oob+0x604/0x10f0 [ 15.710922] kasan_report+0x141/0x180 [ 15.710946] ? copy_user_test_oob+0x604/0x10f0 [ 15.710976] kasan_check_range+0x10c/0x1c0 [ 15.711000] __kasan_check_read+0x15/0x20 [ 15.711020] copy_user_test_oob+0x604/0x10f0 [ 15.711047] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.711071] ? finish_task_switch.isra.0+0x153/0x700 [ 15.711094] ? __switch_to+0x47/0xf50 [ 15.711120] ? __schedule+0x10cc/0x2b60 [ 15.711143] ? __pfx_read_tsc+0x10/0x10 [ 15.711164] ? ktime_get_ts64+0x86/0x230 [ 15.711189] kunit_try_run_case+0x1a5/0x480 [ 15.711214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.711262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.711287] ? __kthread_parkme+0x82/0x180 [ 15.711308] ? preempt_count_sub+0x50/0x80 [ 15.711332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.711381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.711406] kthread+0x337/0x6f0 [ 15.711426] ? trace_preempt_on+0x20/0xc0 [ 15.711463] ? __pfx_kthread+0x10/0x10 [ 15.711486] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.711509] ? calculate_sigpending+0x7b/0xa0 [ 15.711535] ? __pfx_kthread+0x10/0x10 [ 15.711558] ret_from_fork+0x116/0x1d0 [ 15.711577] ? __pfx_kthread+0x10/0x10 [ 15.711598] ret_from_fork_asm+0x1a/0x30 [ 15.711630] </TASK> [ 15.711642] [ 15.719421] Allocated by task 304: [ 15.719616] kasan_save_stack+0x45/0x70 [ 15.719855] kasan_save_track+0x18/0x40 [ 15.720067] kasan_save_alloc_info+0x3b/0x50 [ 15.720286] __kasan_kmalloc+0xb7/0xc0 [ 15.720505] __kmalloc_noprof+0x1c9/0x500 [ 15.720715] kunit_kmalloc_array+0x25/0x60 [ 15.720935] copy_user_test_oob+0xab/0x10f0 [ 15.721141] kunit_try_run_case+0x1a5/0x480 [ 15.721336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.721571] kthread+0x337/0x6f0 [ 15.721847] ret_from_fork+0x116/0x1d0 [ 15.722033] ret_from_fork_asm+0x1a/0x30 [ 15.722226] [ 15.722305] The buggy address belongs to the object at ffff8881031c1900 [ 15.722305] which belongs to the cache kmalloc-128 of size 128 [ 15.722889] The buggy address is located 0 bytes inside of [ 15.722889] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.723383] [ 15.723514] The buggy address belongs to the physical page: [ 15.723881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.724222] flags: 0x200000000000000(node=0|zone=2) [ 15.724442] page_type: f5(slab) [ 15.724614] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.725025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.725335] page dumped because: kasan: bad access detected [ 15.725609] [ 15.725720] Memory state around the buggy address: [ 15.725914] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.726136] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.726356] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.726681] ^ [ 15.726996] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.727390] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.727626] ================================================================== [ 15.658579] ================================================================== [ 15.659176] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.659428] Read of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.660147] [ 15.660358] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.660406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.660420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.660445] Call Trace: [ 15.660473] <TASK> [ 15.660491] dump_stack_lvl+0x73/0xb0 [ 15.660520] print_report+0xd1/0x650 [ 15.660566] ? __virt_addr_valid+0x1db/0x2d0 [ 15.660589] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.660638] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660663] kasan_report+0x141/0x180 [ 15.660698] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660728] kasan_check_range+0x10c/0x1c0 [ 15.660753] __kasan_check_read+0x15/0x20 [ 15.660773] copy_user_test_oob+0x4aa/0x10f0 [ 15.660800] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.660824] ? finish_task_switch.isra.0+0x153/0x700 [ 15.660847] ? __switch_to+0x47/0xf50 [ 15.660873] ? __schedule+0x10cc/0x2b60 [ 15.660897] ? __pfx_read_tsc+0x10/0x10 [ 15.660919] ? ktime_get_ts64+0x86/0x230 [ 15.660944] kunit_try_run_case+0x1a5/0x480 [ 15.660970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.661019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.661044] ? __kthread_parkme+0x82/0x180 [ 15.661066] ? preempt_count_sub+0x50/0x80 [ 15.661090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.661116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.661139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.661165] kthread+0x337/0x6f0 [ 15.661185] ? trace_preempt_on+0x20/0xc0 [ 15.661210] ? __pfx_kthread+0x10/0x10 [ 15.661232] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.661254] ? calculate_sigpending+0x7b/0xa0 [ 15.661280] ? __pfx_kthread+0x10/0x10 [ 15.661302] ret_from_fork+0x116/0x1d0 [ 15.661322] ? __pfx_kthread+0x10/0x10 [ 15.661344] ret_from_fork_asm+0x1a/0x30 [ 15.661375] </TASK> [ 15.661394] [ 15.674195] Allocated by task 304: [ 15.674438] kasan_save_stack+0x45/0x70 [ 15.674728] kasan_save_track+0x18/0x40 [ 15.675103] kasan_save_alloc_info+0x3b/0x50 [ 15.675405] __kasan_kmalloc+0xb7/0xc0 [ 15.675556] __kmalloc_noprof+0x1c9/0x500 [ 15.675725] kunit_kmalloc_array+0x25/0x60 [ 15.676142] copy_user_test_oob+0xab/0x10f0 [ 15.676565] kunit_try_run_case+0x1a5/0x480 [ 15.676991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.677491] kthread+0x337/0x6f0 [ 15.677848] ret_from_fork+0x116/0x1d0 [ 15.678124] ret_from_fork_asm+0x1a/0x30 [ 15.678269] [ 15.678344] The buggy address belongs to the object at ffff8881031c1900 [ 15.678344] which belongs to the cache kmalloc-128 of size 128 [ 15.678804] The buggy address is located 0 bytes inside of [ 15.678804] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.679904] [ 15.680086] The buggy address belongs to the physical page: [ 15.680573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.681259] flags: 0x200000000000000(node=0|zone=2) [ 15.681727] page_type: f5(slab) [ 15.682040] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.682363] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.682607] page dumped because: kasan: bad access detected [ 15.682819] [ 15.682943] Memory state around the buggy address: [ 15.683173] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.683483] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.683826] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.684131] ^ [ 15.684420] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.684771] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.685060] ================================================================== [ 15.685892] ================================================================== [ 15.686560] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.686966] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.687283] [ 15.687398] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.687473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.687489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.687526] Call Trace: [ 15.687545] <TASK> [ 15.687562] dump_stack_lvl+0x73/0xb0 [ 15.687591] print_report+0xd1/0x650 [ 15.687615] ? __virt_addr_valid+0x1db/0x2d0 [ 15.687639] ? copy_user_test_oob+0x557/0x10f0 [ 15.687664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.687687] ? copy_user_test_oob+0x557/0x10f0 [ 15.687712] kasan_report+0x141/0x180 [ 15.687735] ? copy_user_test_oob+0x557/0x10f0 [ 15.687775] kasan_check_range+0x10c/0x1c0 [ 15.687800] __kasan_check_write+0x18/0x20 [ 15.687821] copy_user_test_oob+0x557/0x10f0 [ 15.687867] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.687890] ? finish_task_switch.isra.0+0x153/0x700 [ 15.687913] ? __switch_to+0x47/0xf50 [ 15.687940] ? __schedule+0x10cc/0x2b60 [ 15.687963] ? __pfx_read_tsc+0x10/0x10 [ 15.687984] ? ktime_get_ts64+0x86/0x230 [ 15.688008] kunit_try_run_case+0x1a5/0x480 [ 15.688052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.688077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.688101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.688126] ? __kthread_parkme+0x82/0x180 [ 15.688148] ? preempt_count_sub+0x50/0x80 [ 15.688172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.688196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.688220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.688245] kthread+0x337/0x6f0 [ 15.688265] ? trace_preempt_on+0x20/0xc0 [ 15.688290] ? __pfx_kthread+0x10/0x10 [ 15.688312] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.688335] ? calculate_sigpending+0x7b/0xa0 [ 15.688359] ? __pfx_kthread+0x10/0x10 [ 15.688383] ret_from_fork+0x116/0x1d0 [ 15.688401] ? __pfx_kthread+0x10/0x10 [ 15.688423] ret_from_fork_asm+0x1a/0x30 [ 15.688464] </TASK> [ 15.688476] [ 15.698955] Allocated by task 304: [ 15.699161] kasan_save_stack+0x45/0x70 [ 15.699350] kasan_save_track+0x18/0x40 [ 15.699541] kasan_save_alloc_info+0x3b/0x50 [ 15.699817] __kasan_kmalloc+0xb7/0xc0 [ 15.699999] __kmalloc_noprof+0x1c9/0x500 [ 15.700204] kunit_kmalloc_array+0x25/0x60 [ 15.700354] copy_user_test_oob+0xab/0x10f0 [ 15.700561] kunit_try_run_case+0x1a5/0x480 [ 15.700769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.701006] kthread+0x337/0x6f0 [ 15.701130] ret_from_fork+0x116/0x1d0 [ 15.701264] ret_from_fork_asm+0x1a/0x30 [ 15.701478] [ 15.701598] The buggy address belongs to the object at ffff8881031c1900 [ 15.701598] which belongs to the cache kmalloc-128 of size 128 [ 15.702398] The buggy address is located 0 bytes inside of [ 15.702398] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.702911] [ 15.703005] The buggy address belongs to the physical page: [ 15.703250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.703586] flags: 0x200000000000000(node=0|zone=2) [ 15.703878] page_type: f5(slab) [ 15.704056] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.704355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.704710] page dumped because: kasan: bad access detected [ 15.704939] [ 15.705035] Memory state around the buggy address: [ 15.705270] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.705628] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.705953] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.706263] ^ [ 15.706486] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.707160] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.707474] ================================================================== [ 15.631166] ================================================================== [ 15.631515] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.631931] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.632298] [ 15.632411] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.632467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.632482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.632506] Call Trace: [ 15.632522] <TASK> [ 15.632538] dump_stack_lvl+0x73/0xb0 [ 15.632569] print_report+0xd1/0x650 [ 15.632593] ? __virt_addr_valid+0x1db/0x2d0 [ 15.632617] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.632665] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632726] kasan_report+0x141/0x180 [ 15.632774] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632833] kasan_check_range+0x10c/0x1c0 [ 15.632859] __kasan_check_write+0x18/0x20 [ 15.632880] copy_user_test_oob+0x3fd/0x10f0 [ 15.632918] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.632942] ? finish_task_switch.isra.0+0x153/0x700 [ 15.632964] ? __switch_to+0x47/0xf50 [ 15.632991] ? __schedule+0x10cc/0x2b60 [ 15.633014] ? __pfx_read_tsc+0x10/0x10 [ 15.633036] ? ktime_get_ts64+0x86/0x230 [ 15.633062] kunit_try_run_case+0x1a5/0x480 [ 15.633088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.633112] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.633137] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.633161] ? __kthread_parkme+0x82/0x180 [ 15.633183] ? preempt_count_sub+0x50/0x80 [ 15.633207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.633232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.633256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.633280] kthread+0x337/0x6f0 [ 15.633301] ? trace_preempt_on+0x20/0xc0 [ 15.633326] ? __pfx_kthread+0x10/0x10 [ 15.633348] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.633370] ? calculate_sigpending+0x7b/0xa0 [ 15.633398] ? __pfx_kthread+0x10/0x10 [ 15.633421] ret_from_fork+0x116/0x1d0 [ 15.633441] ? __pfx_kthread+0x10/0x10 [ 15.633471] ret_from_fork_asm+0x1a/0x30 [ 15.633501] </TASK> [ 15.633514] [ 15.641546] Allocated by task 304: [ 15.641742] kasan_save_stack+0x45/0x70 [ 15.641995] kasan_save_track+0x18/0x40 [ 15.642233] kasan_save_alloc_info+0x3b/0x50 [ 15.642471] __kasan_kmalloc+0xb7/0xc0 [ 15.642703] __kmalloc_noprof+0x1c9/0x500 [ 15.642851] kunit_kmalloc_array+0x25/0x60 [ 15.642997] copy_user_test_oob+0xab/0x10f0 [ 15.643627] kunit_try_run_case+0x1a5/0x480 [ 15.643857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.644119] kthread+0x337/0x6f0 [ 15.644296] ret_from_fork+0x116/0x1d0 [ 15.645780] ret_from_fork_asm+0x1a/0x30 [ 15.646111] [ 15.646201] The buggy address belongs to the object at ffff8881031c1900 [ 15.646201] which belongs to the cache kmalloc-128 of size 128 [ 15.646585] The buggy address is located 0 bytes inside of [ 15.646585] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.646957] [ 15.647034] The buggy address belongs to the physical page: [ 15.647211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.648657] flags: 0x200000000000000(node=0|zone=2) [ 15.649263] page_type: f5(slab) [ 15.649994] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.651012] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.652066] page dumped because: kasan: bad access detected [ 15.652814] [ 15.652991] Memory state around the buggy address: [ 15.653655] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.654575] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.655507] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.656262] ^ [ 15.656503] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.656891] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.657515] ==================================================================