Date
July 8, 2025, 7:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.558701] ================================================================== [ 22.558769] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 22.558819] Write of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.559276] [ 22.559329] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.559737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.560006] Hardware name: linux,dummy-virt (DT) [ 22.560235] Call trace: [ 22.560361] show_stack+0x20/0x38 (C) [ 22.560467] dump_stack_lvl+0x8c/0xd0 [ 22.560517] print_report+0x118/0x608 [ 22.560565] kasan_report+0xdc/0x128 [ 22.560611] kasan_check_range+0x100/0x1a8 [ 22.560658] __kasan_check_write+0x20/0x30 [ 22.560703] copy_user_test_oob+0x434/0xec8 [ 22.560771] kunit_try_run_case+0x170/0x3f0 [ 22.560835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.560887] kthread+0x328/0x630 [ 22.560938] ret_from_fork+0x10/0x20 [ 22.561001] [ 22.561030] Allocated by task 285: [ 22.561069] kasan_save_stack+0x3c/0x68 [ 22.561117] kasan_save_track+0x20/0x40 [ 22.561158] kasan_save_alloc_info+0x40/0x58 [ 22.561200] __kasan_kmalloc+0xd4/0xd8 [ 22.561247] __kmalloc_noprof+0x198/0x4c8 [ 22.561295] kunit_kmalloc_array+0x34/0x88 [ 22.561333] copy_user_test_oob+0xac/0xec8 [ 22.561374] kunit_try_run_case+0x170/0x3f0 [ 22.561422] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.561467] kthread+0x328/0x630 [ 22.561510] ret_from_fork+0x10/0x20 [ 22.561546] [ 22.561567] The buggy address belongs to the object at fff00000c5713f00 [ 22.561567] which belongs to the cache kmalloc-128 of size 128 [ 22.561627] The buggy address is located 0 bytes inside of [ 22.561627] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.561692] [ 22.561733] The buggy address belongs to the physical page: [ 22.561765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.561826] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.561876] page_type: f5(slab) [ 22.561925] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.561986] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.562043] page dumped because: kasan: bad access detected [ 22.562090] [ 22.562112] Memory state around the buggy address: [ 22.562154] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.562198] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.562254] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.562295] ^ [ 22.562337] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.562388] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.562430] ================================================================== [ 22.541833] ================================================================== [ 22.541915] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 22.542061] Write of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.542147] [ 22.542182] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.542272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.542301] Hardware name: linux,dummy-virt (DT) [ 22.542400] Call trace: [ 22.542462] show_stack+0x20/0x38 (C) [ 22.542516] dump_stack_lvl+0x8c/0xd0 [ 22.542993] print_report+0x118/0x608 [ 22.543061] kasan_report+0xdc/0x128 [ 22.543149] kasan_check_range+0x100/0x1a8 [ 22.543202] __kasan_check_write+0x20/0x30 [ 22.543247] copy_user_test_oob+0x35c/0xec8 [ 22.543674] kunit_try_run_case+0x170/0x3f0 [ 22.543941] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.544219] kthread+0x328/0x630 [ 22.544377] ret_from_fork+0x10/0x20 [ 22.544431] [ 22.544452] Allocated by task 285: [ 22.544502] kasan_save_stack+0x3c/0x68 [ 22.544554] kasan_save_track+0x20/0x40 [ 22.544594] kasan_save_alloc_info+0x40/0x58 [ 22.544634] __kasan_kmalloc+0xd4/0xd8 [ 22.544681] __kmalloc_noprof+0x198/0x4c8 [ 22.544748] kunit_kmalloc_array+0x34/0x88 [ 22.544806] copy_user_test_oob+0xac/0xec8 [ 22.544860] kunit_try_run_case+0x170/0x3f0 [ 22.544898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.544945] kthread+0x328/0x630 [ 22.544978] ret_from_fork+0x10/0x20 [ 22.545015] [ 22.545044] The buggy address belongs to the object at fff00000c5713f00 [ 22.545044] which belongs to the cache kmalloc-128 of size 128 [ 22.545119] The buggy address is located 0 bytes inside of [ 22.545119] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.545200] [ 22.545236] The buggy address belongs to the physical page: [ 22.545279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.545332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.545389] page_type: f5(slab) [ 22.545430] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.545481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.545523] page dumped because: kasan: bad access detected [ 22.545567] [ 22.545603] Memory state around the buggy address: [ 22.545638] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.545683] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.546107] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.546544] ^ [ 22.546614] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.546679] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.546755] ================================================================== [ 22.525878] ================================================================== [ 22.525948] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 22.526001] Read of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.526085] [ 22.526367] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.526551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.526585] Hardware name: linux,dummy-virt (DT) [ 22.526645] Call trace: [ 22.526753] show_stack+0x20/0x38 (C) [ 22.526826] dump_stack_lvl+0x8c/0xd0 [ 22.526914] print_report+0x118/0x608 [ 22.526960] kasan_report+0xdc/0x128 [ 22.527312] kasan_check_range+0x100/0x1a8 [ 22.527381] __kasan_check_read+0x20/0x30 [ 22.527425] copy_user_test_oob+0x728/0xec8 [ 22.527693] kunit_try_run_case+0x170/0x3f0 [ 22.527822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.527972] kthread+0x328/0x630 [ 22.528322] ret_from_fork+0x10/0x20 [ 22.528549] [ 22.528595] Allocated by task 285: [ 22.528664] kasan_save_stack+0x3c/0x68 [ 22.528808] kasan_save_track+0x20/0x40 [ 22.528850] kasan_save_alloc_info+0x40/0x58 [ 22.529130] __kasan_kmalloc+0xd4/0xd8 [ 22.529744] __kmalloc_noprof+0x198/0x4c8 [ 22.530154] kunit_kmalloc_array+0x34/0x88 [ 22.530375] copy_user_test_oob+0xac/0xec8 [ 22.530420] kunit_try_run_case+0x170/0x3f0 [ 22.530462] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.530507] kthread+0x328/0x630 [ 22.530540] ret_from_fork+0x10/0x20 [ 22.530576] [ 22.530600] The buggy address belongs to the object at fff00000c5713f00 [ 22.530600] which belongs to the cache kmalloc-128 of size 128 [ 22.530661] The buggy address is located 0 bytes inside of [ 22.530661] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.530900] [ 22.530930] The buggy address belongs to the physical page: [ 22.530970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.531033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.531082] page_type: f5(slab) [ 22.531123] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.531175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.531217] page dumped because: kasan: bad access detected [ 22.531256] [ 22.531297] Memory state around the buggy address: [ 22.531331] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.531376] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.531420] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.531837] ^ [ 22.532049] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.532124] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.532406] ================================================================== [ 22.563201] ================================================================== [ 22.563254] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 22.563747] Read of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.563848] [ 22.563912] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.564227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.564303] Hardware name: linux,dummy-virt (DT) [ 22.564469] Call trace: [ 22.564647] show_stack+0x20/0x38 (C) [ 22.565079] dump_stack_lvl+0x8c/0xd0 [ 22.565204] print_report+0x118/0x608 [ 22.565385] kasan_report+0xdc/0x128 [ 22.565439] kasan_check_range+0x100/0x1a8 [ 22.565702] __kasan_check_read+0x20/0x30 [ 22.566101] copy_user_test_oob+0x4a0/0xec8 [ 22.566321] kunit_try_run_case+0x170/0x3f0 [ 22.566547] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.566845] kthread+0x328/0x630 [ 22.567219] ret_from_fork+0x10/0x20 [ 22.567442] [ 22.567513] Allocated by task 285: [ 22.567603] kasan_save_stack+0x3c/0x68 [ 22.567668] kasan_save_track+0x20/0x40 [ 22.567706] kasan_save_alloc_info+0x40/0x58 [ 22.567761] __kasan_kmalloc+0xd4/0xd8 [ 22.567798] __kmalloc_noprof+0x198/0x4c8 [ 22.568005] kunit_kmalloc_array+0x34/0x88 [ 22.568281] copy_user_test_oob+0xac/0xec8 [ 22.568509] kunit_try_run_case+0x170/0x3f0 [ 22.568652] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.568745] kthread+0x328/0x630 [ 22.568967] ret_from_fork+0x10/0x20 [ 22.569207] [ 22.569249] The buggy address belongs to the object at fff00000c5713f00 [ 22.569249] which belongs to the cache kmalloc-128 of size 128 [ 22.569768] The buggy address is located 0 bytes inside of [ 22.569768] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.569927] [ 22.570089] The buggy address belongs to the physical page: [ 22.570175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.570258] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.570370] page_type: f5(slab) [ 22.570410] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.570743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.571263] page dumped because: kasan: bad access detected [ 22.571694] [ 22.571749] Memory state around the buggy address: [ 22.571825] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.571909] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.572085] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.572284] ^ [ 22.572898] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.573046] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.573258] ================================================================== [ 22.513305] ================================================================== [ 22.513872] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 22.514015] Write of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.514071] [ 22.514538] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.514920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.514967] Hardware name: linux,dummy-virt (DT) [ 22.515032] Call trace: [ 22.515060] show_stack+0x20/0x38 (C) [ 22.515209] dump_stack_lvl+0x8c/0xd0 [ 22.515265] print_report+0x118/0x608 [ 22.515325] kasan_report+0xdc/0x128 [ 22.515370] kasan_check_range+0x100/0x1a8 [ 22.515418] __kasan_check_write+0x20/0x30 [ 22.515464] copy_user_test_oob+0x234/0xec8 [ 22.515676] kunit_try_run_case+0x170/0x3f0 [ 22.515932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.516022] kthread+0x328/0x630 [ 22.516176] ret_from_fork+0x10/0x20 [ 22.516250] [ 22.516271] Allocated by task 285: [ 22.516569] kasan_save_stack+0x3c/0x68 [ 22.516793] kasan_save_track+0x20/0x40 [ 22.516965] kasan_save_alloc_info+0x40/0x58 [ 22.517256] __kasan_kmalloc+0xd4/0xd8 [ 22.517374] __kmalloc_noprof+0x198/0x4c8 [ 22.517424] kunit_kmalloc_array+0x34/0x88 [ 22.517488] copy_user_test_oob+0xac/0xec8 [ 22.517814] kunit_try_run_case+0x170/0x3f0 [ 22.517888] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.518178] kthread+0x328/0x630 [ 22.518362] ret_from_fork+0x10/0x20 [ 22.518472] [ 22.518501] The buggy address belongs to the object at fff00000c5713f00 [ 22.518501] which belongs to the cache kmalloc-128 of size 128 [ 22.518584] The buggy address is located 0 bytes inside of [ 22.518584] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.518649] [ 22.518698] The buggy address belongs to the physical page: [ 22.518766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.518825] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.518876] page_type: f5(slab) [ 22.518941] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.519008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.519050] page dumped because: kasan: bad access detected [ 22.519084] [ 22.519104] Memory state around the buggy address: [ 22.519152] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.519197] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.519250] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.519298] ^ [ 22.519341] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.519384] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.519434] ================================================================== [ 22.548559] ================================================================== [ 22.548935] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 22.549006] Read of size 121 at addr fff00000c5713f00 by task kunit_try_catch/285 [ 22.549059] [ 22.549092] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.549203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.549250] Hardware name: linux,dummy-virt (DT) [ 22.549287] Call trace: [ 22.549316] show_stack+0x20/0x38 (C) [ 22.549642] dump_stack_lvl+0x8c/0xd0 [ 22.549863] print_report+0x118/0x608 [ 22.549913] kasan_report+0xdc/0x128 [ 22.550314] kasan_check_range+0x100/0x1a8 [ 22.550394] __kasan_check_read+0x20/0x30 [ 22.550440] copy_user_test_oob+0x3c8/0xec8 [ 22.550735] kunit_try_run_case+0x170/0x3f0 [ 22.550814] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.550870] kthread+0x328/0x630 [ 22.551002] ret_from_fork+0x10/0x20 [ 22.551324] [ 22.551383] Allocated by task 285: [ 22.551418] kasan_save_stack+0x3c/0x68 [ 22.551580] kasan_save_track+0x20/0x40 [ 22.551685] kasan_save_alloc_info+0x40/0x58 [ 22.552116] __kasan_kmalloc+0xd4/0xd8 [ 22.552232] __kmalloc_noprof+0x198/0x4c8 [ 22.552343] kunit_kmalloc_array+0x34/0x88 [ 22.552385] copy_user_test_oob+0xac/0xec8 [ 22.552675] kunit_try_run_case+0x170/0x3f0 [ 22.552807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.552917] kthread+0x328/0x630 [ 22.553318] ret_from_fork+0x10/0x20 [ 22.553497] [ 22.553636] The buggy address belongs to the object at fff00000c5713f00 [ 22.553636] which belongs to the cache kmalloc-128 of size 128 [ 22.553751] The buggy address is located 0 bytes inside of [ 22.553751] allocated 120-byte region [fff00000c5713f00, fff00000c5713f78) [ 22.553978] [ 22.554041] The buggy address belongs to the physical page: [ 22.554166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105713 [ 22.554256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.554622] page_type: f5(slab) [ 22.554945] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.555269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.555352] page dumped because: kasan: bad access detected [ 22.555733] [ 22.555978] Memory state around the buggy address: [ 22.556034] fff00000c5713e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.556089] fff00000c5713e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.556503] >fff00000c5713f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.556669] ^ [ 22.556921] fff00000c5713f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.556989] fff00000c5714000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.557030] ==================================================================
[ 17.311468] ================================================================== [ 17.311801] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 17.312249] Write of size 121 at addr ffff888102629100 by task kunit_try_catch/302 [ 17.312986] [ 17.313161] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.313210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.313225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.313248] Call Trace: [ 17.313262] <TASK> [ 17.313277] dump_stack_lvl+0x73/0xb0 [ 17.313471] print_report+0xd1/0x650 [ 17.313506] ? __virt_addr_valid+0x1db/0x2d0 [ 17.313530] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.313558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.313586] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.313610] kasan_report+0x141/0x180 [ 17.313632] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.313661] kasan_check_range+0x10c/0x1c0 [ 17.313685] __kasan_check_write+0x18/0x20 [ 17.313705] copy_user_test_oob+0x3fd/0x10f0 [ 17.313731] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.313755] ? finish_task_switch.isra.0+0x153/0x700 [ 17.313778] ? __switch_to+0x47/0xf50 [ 17.313804] ? __schedule+0x10cc/0x2b60 [ 17.313830] ? __pfx_read_tsc+0x10/0x10 [ 17.313852] ? ktime_get_ts64+0x86/0x230 [ 17.313877] kunit_try_run_case+0x1a5/0x480 [ 17.313902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.313926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.313950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.313974] ? __kthread_parkme+0x82/0x180 [ 17.313996] ? preempt_count_sub+0x50/0x80 [ 17.314021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.314057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.314083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.314107] kthread+0x337/0x6f0 [ 17.314127] ? trace_preempt_on+0x20/0xc0 [ 17.314151] ? __pfx_kthread+0x10/0x10 [ 17.314172] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.314194] ? calculate_sigpending+0x7b/0xa0 [ 17.314218] ? __pfx_kthread+0x10/0x10 [ 17.314241] ret_from_fork+0x116/0x1d0 [ 17.314260] ? __pfx_kthread+0x10/0x10 [ 17.314282] ret_from_fork_asm+0x1a/0x30 [ 17.314314] </TASK> [ 17.314327] [ 17.325101] Allocated by task 302: [ 17.325527] kasan_save_stack+0x45/0x70 [ 17.325734] kasan_save_track+0x18/0x40 [ 17.325910] kasan_save_alloc_info+0x3b/0x50 [ 17.326139] __kasan_kmalloc+0xb7/0xc0 [ 17.326336] __kmalloc_noprof+0x1c9/0x500 [ 17.326529] kunit_kmalloc_array+0x25/0x60 [ 17.326934] copy_user_test_oob+0xab/0x10f0 [ 17.327148] kunit_try_run_case+0x1a5/0x480 [ 17.327350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.327947] kthread+0x337/0x6f0 [ 17.328112] ret_from_fork+0x116/0x1d0 [ 17.328486] ret_from_fork_asm+0x1a/0x30 [ 17.328864] [ 17.328969] The buggy address belongs to the object at ffff888102629100 [ 17.328969] which belongs to the cache kmalloc-128 of size 128 [ 17.329491] The buggy address is located 0 bytes inside of [ 17.329491] allocated 120-byte region [ffff888102629100, ffff888102629178) [ 17.329993] [ 17.330091] The buggy address belongs to the physical page: [ 17.330343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.331130] flags: 0x200000000000000(node=0|zone=2) [ 17.331334] page_type: f5(slab) [ 17.331865] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.332377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.332879] page dumped because: kasan: bad access detected [ 17.333251] [ 17.333339] Memory state around the buggy address: [ 17.333509] ffff888102629000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.333739] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.333956] >ffff888102629100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.334211] ^ [ 17.334429] ffff888102629180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.335008] ffff888102629200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.335650] ================================================================== [ 17.399386] ================================================================== [ 17.400168] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 17.401025] Read of size 121 at addr ffff888102629100 by task kunit_try_catch/302 [ 17.401774] [ 17.401973] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.402022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.402036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.402069] Call Trace: [ 17.402084] <TASK> [ 17.402101] dump_stack_lvl+0x73/0xb0 [ 17.402187] print_report+0xd1/0x650 [ 17.402222] ? __virt_addr_valid+0x1db/0x2d0 [ 17.402246] ? copy_user_test_oob+0x604/0x10f0 [ 17.402270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.402297] ? copy_user_test_oob+0x604/0x10f0 [ 17.402321] kasan_report+0x141/0x180 [ 17.402344] ? copy_user_test_oob+0x604/0x10f0 [ 17.402373] kasan_check_range+0x10c/0x1c0 [ 17.402397] __kasan_check_read+0x15/0x20 [ 17.402417] copy_user_test_oob+0x604/0x10f0 [ 17.402442] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.402465] ? finish_task_switch.isra.0+0x153/0x700 [ 17.402488] ? __switch_to+0x47/0xf50 [ 17.402526] ? __schedule+0x10cc/0x2b60 [ 17.402549] ? __pfx_read_tsc+0x10/0x10 [ 17.402571] ? ktime_get_ts64+0x86/0x230 [ 17.402596] kunit_try_run_case+0x1a5/0x480 [ 17.402622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.402645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.402670] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.402693] ? __kthread_parkme+0x82/0x180 [ 17.402715] ? preempt_count_sub+0x50/0x80 [ 17.402739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.402765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.402788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.402812] kthread+0x337/0x6f0 [ 17.402833] ? trace_preempt_on+0x20/0xc0 [ 17.402857] ? __pfx_kthread+0x10/0x10 [ 17.402878] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.402900] ? calculate_sigpending+0x7b/0xa0 [ 17.402925] ? __pfx_kthread+0x10/0x10 [ 17.402947] ret_from_fork+0x116/0x1d0 [ 17.402967] ? __pfx_kthread+0x10/0x10 [ 17.402988] ret_from_fork_asm+0x1a/0x30 [ 17.403020] </TASK> [ 17.403033] [ 17.414844] Allocated by task 302: [ 17.414980] kasan_save_stack+0x45/0x70 [ 17.415130] kasan_save_track+0x18/0x40 [ 17.415265] kasan_save_alloc_info+0x3b/0x50 [ 17.415410] __kasan_kmalloc+0xb7/0xc0 [ 17.415602] __kmalloc_noprof+0x1c9/0x500 [ 17.415975] kunit_kmalloc_array+0x25/0x60 [ 17.416358] copy_user_test_oob+0xab/0x10f0 [ 17.416821] kunit_try_run_case+0x1a5/0x480 [ 17.417225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.417728] kthread+0x337/0x6f0 [ 17.418104] ret_from_fork+0x116/0x1d0 [ 17.418468] ret_from_fork_asm+0x1a/0x30 [ 17.418849] [ 17.419033] The buggy address belongs to the object at ffff888102629100 [ 17.419033] which belongs to the cache kmalloc-128 of size 128 [ 17.420130] The buggy address is located 0 bytes inside of [ 17.420130] allocated 120-byte region [ffff888102629100, ffff888102629178) [ 17.420479] [ 17.420620] The buggy address belongs to the physical page: [ 17.421136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.421876] flags: 0x200000000000000(node=0|zone=2) [ 17.422338] page_type: f5(slab) [ 17.422644] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.423106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.423330] page dumped because: kasan: bad access detected [ 17.423499] [ 17.423680] Memory state around the buggy address: [ 17.424141] ffff888102629000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.424779] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.425412] >ffff888102629100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.426051] ^ [ 17.426486] ffff888102629180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.426708] ffff888102629200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.426921] ================================================================== [ 17.367074] ================================================================== [ 17.368155] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 17.369149] Write of size 121 at addr ffff888102629100 by task kunit_try_catch/302 [ 17.370221] [ 17.370450] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.370497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.370510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.370533] Call Trace: [ 17.370717] <TASK> [ 17.370737] dump_stack_lvl+0x73/0xb0 [ 17.370767] print_report+0xd1/0x650 [ 17.370790] ? __virt_addr_valid+0x1db/0x2d0 [ 17.370814] ? copy_user_test_oob+0x557/0x10f0 [ 17.370839] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.370867] ? copy_user_test_oob+0x557/0x10f0 [ 17.370893] kasan_report+0x141/0x180 [ 17.370916] ? copy_user_test_oob+0x557/0x10f0 [ 17.370946] kasan_check_range+0x10c/0x1c0 [ 17.370970] __kasan_check_write+0x18/0x20 [ 17.370990] copy_user_test_oob+0x557/0x10f0 [ 17.371016] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.371039] ? finish_task_switch.isra.0+0x153/0x700 [ 17.371073] ? __switch_to+0x47/0xf50 [ 17.371101] ? __schedule+0x10cc/0x2b60 [ 17.371123] ? __pfx_read_tsc+0x10/0x10 [ 17.371144] ? ktime_get_ts64+0x86/0x230 [ 17.371168] kunit_try_run_case+0x1a5/0x480 [ 17.371193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.371216] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.371240] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.371263] ? __kthread_parkme+0x82/0x180 [ 17.371285] ? preempt_count_sub+0x50/0x80 [ 17.371309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.371333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.371357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.371380] kthread+0x337/0x6f0 [ 17.371401] ? trace_preempt_on+0x20/0xc0 [ 17.371425] ? __pfx_kthread+0x10/0x10 [ 17.371446] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.371468] ? calculate_sigpending+0x7b/0xa0 [ 17.371492] ? __pfx_kthread+0x10/0x10 [ 17.371514] ret_from_fork+0x116/0x1d0 [ 17.371534] ? __pfx_kthread+0x10/0x10 [ 17.371554] ret_from_fork_asm+0x1a/0x30 [ 17.371586] </TASK> [ 17.371597] [ 17.385748] Allocated by task 302: [ 17.386465] kasan_save_stack+0x45/0x70 [ 17.386884] kasan_save_track+0x18/0x40 [ 17.387267] kasan_save_alloc_info+0x3b/0x50 [ 17.387772] __kasan_kmalloc+0xb7/0xc0 [ 17.388168] __kmalloc_noprof+0x1c9/0x500 [ 17.388572] kunit_kmalloc_array+0x25/0x60 [ 17.388972] copy_user_test_oob+0xab/0x10f0 [ 17.389246] kunit_try_run_case+0x1a5/0x480 [ 17.389399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.389599] kthread+0x337/0x6f0 [ 17.389981] ret_from_fork+0x116/0x1d0 [ 17.390152] ret_from_fork_asm+0x1a/0x30 [ 17.390294] [ 17.390370] The buggy address belongs to the object at ffff888102629100 [ 17.390370] which belongs to the cache kmalloc-128 of size 128 [ 17.391244] The buggy address is located 0 bytes inside of [ 17.391244] allocated 120-byte region [ffff888102629100, ffff888102629178) [ 17.392364] [ 17.392565] The buggy address belongs to the physical page: [ 17.392773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.393020] flags: 0x200000000000000(node=0|zone=2) [ 17.393197] page_type: f5(slab) [ 17.393322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.393665] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.394344] page dumped because: kasan: bad access detected [ 17.394877] [ 17.395035] Memory state around the buggy address: [ 17.395525] ffff888102629000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.396164] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.396956] >ffff888102629100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.397532] ^ [ 17.397998] ffff888102629180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.398231] ffff888102629200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.398448] ================================================================== [ 17.336587] ================================================================== [ 17.337079] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 17.337662] Read of size 121 at addr ffff888102629100 by task kunit_try_catch/302 [ 17.338181] [ 17.338373] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.338417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.338431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.338452] Call Trace: [ 17.338466] <TASK> [ 17.338481] dump_stack_lvl+0x73/0xb0 [ 17.338534] print_report+0xd1/0x650 [ 17.338577] ? __virt_addr_valid+0x1db/0x2d0 [ 17.338599] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.338622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.338649] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.338673] kasan_report+0x141/0x180 [ 17.338696] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.338724] kasan_check_range+0x10c/0x1c0 [ 17.338749] __kasan_check_read+0x15/0x20 [ 17.338769] copy_user_test_oob+0x4aa/0x10f0 [ 17.338795] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.338817] ? finish_task_switch.isra.0+0x153/0x700 [ 17.338840] ? __switch_to+0x47/0xf50 [ 17.338865] ? __schedule+0x10cc/0x2b60 [ 17.338887] ? __pfx_read_tsc+0x10/0x10 [ 17.338908] ? ktime_get_ts64+0x86/0x230 [ 17.338932] kunit_try_run_case+0x1a5/0x480 [ 17.338957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.338979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.339002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.339026] ? __kthread_parkme+0x82/0x180 [ 17.339056] ? preempt_count_sub+0x50/0x80 [ 17.339081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.339106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.339129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.339153] kthread+0x337/0x6f0 [ 17.339173] ? trace_preempt_on+0x20/0xc0 [ 17.339197] ? __pfx_kthread+0x10/0x10 [ 17.339217] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.339239] ? calculate_sigpending+0x7b/0xa0 [ 17.339264] ? __pfx_kthread+0x10/0x10 [ 17.339286] ret_from_fork+0x116/0x1d0 [ 17.339305] ? __pfx_kthread+0x10/0x10 [ 17.339326] ret_from_fork_asm+0x1a/0x30 [ 17.339357] </TASK> [ 17.339368] [ 17.350472] Allocated by task 302: [ 17.350917] kasan_save_stack+0x45/0x70 [ 17.351281] kasan_save_track+0x18/0x40 [ 17.351664] kasan_save_alloc_info+0x3b/0x50 [ 17.352073] __kasan_kmalloc+0xb7/0xc0 [ 17.352417] __kmalloc_noprof+0x1c9/0x500 [ 17.352750] kunit_kmalloc_array+0x25/0x60 [ 17.352952] copy_user_test_oob+0xab/0x10f0 [ 17.353148] kunit_try_run_case+0x1a5/0x480 [ 17.353319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.354364] kthread+0x337/0x6f0 [ 17.354829] ret_from_fork+0x116/0x1d0 [ 17.355592] ret_from_fork_asm+0x1a/0x30 [ 17.356333] [ 17.356698] The buggy address belongs to the object at ffff888102629100 [ 17.356698] which belongs to the cache kmalloc-128 of size 128 [ 17.358509] The buggy address is located 0 bytes inside of [ 17.358509] allocated 120-byte region [ffff888102629100, ffff888102629178) [ 17.359841] [ 17.359927] The buggy address belongs to the physical page: [ 17.360125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102629 [ 17.360372] flags: 0x200000000000000(node=0|zone=2) [ 17.360557] page_type: f5(slab) [ 17.360899] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.362020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.362872] page dumped because: kasan: bad access detected [ 17.363496] [ 17.363674] Memory state around the buggy address: [ 17.364318] ffff888102629000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.364812] ffff888102629080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.365056] >ffff888102629100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.365277] ^ [ 17.365494] ffff888102629180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.365721] ffff888102629200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.365940] ==================================================================