Date
July 16, 2025, 3:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.556161] ================================================================== [ 19.556236] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.556288] Read of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.556341] [ 19.556379] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.556777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.556887] Hardware name: linux,dummy-virt (DT) [ 19.556935] Call trace: [ 19.556974] show_stack+0x20/0x38 (C) [ 19.557034] dump_stack_lvl+0x8c/0xd0 [ 19.557141] print_report+0x118/0x5d0 [ 19.557217] kasan_report+0xdc/0x128 [ 19.557270] kasan_check_range+0x100/0x1a8 [ 19.557344] __kasan_check_read+0x20/0x30 [ 19.557500] copy_user_test_oob+0x3c8/0xec8 [ 19.557585] kunit_try_run_case+0x170/0x3f0 [ 19.557670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.557755] kthread+0x328/0x630 [ 19.557804] ret_from_fork+0x10/0x20 [ 19.557855] [ 19.557881] Allocated by task 285: [ 19.557911] kasan_save_stack+0x3c/0x68 [ 19.557952] kasan_save_track+0x20/0x40 [ 19.557993] kasan_save_alloc_info+0x40/0x58 [ 19.558034] __kasan_kmalloc+0xd4/0xd8 [ 19.558074] __kmalloc_noprof+0x198/0x4c8 [ 19.558115] kunit_kmalloc_array+0x34/0x88 [ 19.558154] copy_user_test_oob+0xac/0xec8 [ 19.558200] kunit_try_run_case+0x170/0x3f0 [ 19.558239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.558287] kthread+0x328/0x630 [ 19.558330] ret_from_fork+0x10/0x20 [ 19.558377] [ 19.558397] The buggy address belongs to the object at fff00000c7939000 [ 19.558397] which belongs to the cache kmalloc-128 of size 128 [ 19.558464] The buggy address is located 0 bytes inside of [ 19.558464] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.558530] [ 19.558550] The buggy address belongs to the physical page: [ 19.558584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.558637] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.558687] page_type: f5(slab) [ 19.559292] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.559386] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.559537] page dumped because: kasan: bad access detected [ 19.559595] [ 19.559651] Memory state around the buggy address: [ 19.559697] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.559752] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.559798] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.560010] ^ [ 19.560089] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.560248] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.560337] ================================================================== [ 19.541217] ================================================================== [ 19.541278] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.541467] Read of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.541558] [ 19.541607] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.541744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.541781] Hardware name: linux,dummy-virt (DT) [ 19.541815] Call trace: [ 19.541837] show_stack+0x20/0x38 (C) [ 19.541887] dump_stack_lvl+0x8c/0xd0 [ 19.541961] print_report+0x118/0x5d0 [ 19.542009] kasan_report+0xdc/0x128 [ 19.542055] kasan_check_range+0x100/0x1a8 [ 19.542105] __kasan_check_read+0x20/0x30 [ 19.542220] copy_user_test_oob+0x728/0xec8 [ 19.542268] kunit_try_run_case+0x170/0x3f0 [ 19.542325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.542380] kthread+0x328/0x630 [ 19.542458] ret_from_fork+0x10/0x20 [ 19.542510] [ 19.542530] Allocated by task 285: [ 19.542583] kasan_save_stack+0x3c/0x68 [ 19.542785] kasan_save_track+0x20/0x40 [ 19.542829] kasan_save_alloc_info+0x40/0x58 [ 19.542939] __kasan_kmalloc+0xd4/0xd8 [ 19.543032] __kmalloc_noprof+0x198/0x4c8 [ 19.543073] kunit_kmalloc_array+0x34/0x88 [ 19.543114] copy_user_test_oob+0xac/0xec8 [ 19.543201] kunit_try_run_case+0x170/0x3f0 [ 19.543590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.543675] kthread+0x328/0x630 [ 19.543774] ret_from_fork+0x10/0x20 [ 19.543979] [ 19.544157] The buggy address belongs to the object at fff00000c7939000 [ 19.544157] which belongs to the cache kmalloc-128 of size 128 [ 19.544267] The buggy address is located 0 bytes inside of [ 19.544267] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.544464] [ 19.544542] The buggy address belongs to the physical page: [ 19.544620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.544760] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.544811] page_type: f5(slab) [ 19.544850] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.544903] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.544953] page dumped because: kasan: bad access detected [ 19.544986] [ 19.545007] Memory state around the buggy address: [ 19.545043] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.545090] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.545138] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.545182] ^ [ 19.545396] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.545443] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.545514] ================================================================== [ 19.565786] ================================================================== [ 19.565840] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.565889] Read of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.566062] [ 19.566093] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.566206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.566234] Hardware name: linux,dummy-virt (DT) [ 19.566292] Call trace: [ 19.566317] show_stack+0x20/0x38 (C) [ 19.566450] dump_stack_lvl+0x8c/0xd0 [ 19.566535] print_report+0x118/0x5d0 [ 19.566616] kasan_report+0xdc/0x128 [ 19.567265] kasan_check_range+0x100/0x1a8 [ 19.567328] __kasan_check_read+0x20/0x30 [ 19.567373] copy_user_test_oob+0x4a0/0xec8 [ 19.567422] kunit_try_run_case+0x170/0x3f0 [ 19.567469] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.567524] kthread+0x328/0x630 [ 19.567565] ret_from_fork+0x10/0x20 [ 19.567614] [ 19.567634] Allocated by task 285: [ 19.567663] kasan_save_stack+0x3c/0x68 [ 19.567706] kasan_save_track+0x20/0x40 [ 19.567756] kasan_save_alloc_info+0x40/0x58 [ 19.567800] __kasan_kmalloc+0xd4/0xd8 [ 19.567839] __kmalloc_noprof+0x198/0x4c8 [ 19.567879] kunit_kmalloc_array+0x34/0x88 [ 19.567919] copy_user_test_oob+0xac/0xec8 [ 19.567958] kunit_try_run_case+0x170/0x3f0 [ 19.567998] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.568042] kthread+0x328/0x630 [ 19.568077] ret_from_fork+0x10/0x20 [ 19.568116] [ 19.568136] The buggy address belongs to the object at fff00000c7939000 [ 19.568136] which belongs to the cache kmalloc-128 of size 128 [ 19.568196] The buggy address is located 0 bytes inside of [ 19.568196] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.568262] [ 19.568282] The buggy address belongs to the physical page: [ 19.568316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.568369] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.568419] page_type: f5(slab) [ 19.568456] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.568509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.568554] page dumped because: kasan: bad access detected [ 19.568587] [ 19.568608] Memory state around the buggy address: [ 19.568641] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.568687] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.568740] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.568781] ^ [ 19.568824] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.568869] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.568911] ================================================================== [ 19.560910] ================================================================== [ 19.561042] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.561094] Write of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.561147] [ 19.561182] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.561267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.561469] Hardware name: linux,dummy-virt (DT) [ 19.561508] Call trace: [ 19.561531] show_stack+0x20/0x38 (C) [ 19.561597] dump_stack_lvl+0x8c/0xd0 [ 19.561674] print_report+0x118/0x5d0 [ 19.561753] kasan_report+0xdc/0x128 [ 19.561820] kasan_check_range+0x100/0x1a8 [ 19.561918] __kasan_check_write+0x20/0x30 [ 19.561985] copy_user_test_oob+0x434/0xec8 [ 19.562035] kunit_try_run_case+0x170/0x3f0 [ 19.562099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.562285] kthread+0x328/0x630 [ 19.562330] ret_from_fork+0x10/0x20 [ 19.562448] [ 19.562468] Allocated by task 285: [ 19.562558] kasan_save_stack+0x3c/0x68 [ 19.562602] kasan_save_track+0x20/0x40 [ 19.562659] kasan_save_alloc_info+0x40/0x58 [ 19.562704] __kasan_kmalloc+0xd4/0xd8 [ 19.562751] __kmalloc_noprof+0x198/0x4c8 [ 19.562951] kunit_kmalloc_array+0x34/0x88 [ 19.563039] copy_user_test_oob+0xac/0xec8 [ 19.563149] kunit_try_run_case+0x170/0x3f0 [ 19.563208] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.563254] kthread+0x328/0x630 [ 19.563301] ret_from_fork+0x10/0x20 [ 19.563379] [ 19.563446] The buggy address belongs to the object at fff00000c7939000 [ 19.563446] which belongs to the cache kmalloc-128 of size 128 [ 19.563616] The buggy address is located 0 bytes inside of [ 19.563616] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.563915] [ 19.563957] The buggy address belongs to the physical page: [ 19.563992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.564046] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.564097] page_type: f5(slab) [ 19.564360] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.564416] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.564525] page dumped because: kasan: bad access detected [ 19.564592] [ 19.564642] Memory state around the buggy address: [ 19.564676] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.564740] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.564820] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.564874] ^ [ 19.565018] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.565095] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.565172] ================================================================== [ 19.532974] ================================================================== [ 19.533143] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.533234] Write of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.533339] [ 19.533393] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.533482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.533512] Hardware name: linux,dummy-virt (DT) [ 19.533547] Call trace: [ 19.533575] show_stack+0x20/0x38 (C) [ 19.533760] dump_stack_lvl+0x8c/0xd0 [ 19.533817] print_report+0x118/0x5d0 [ 19.533865] kasan_report+0xdc/0x128 [ 19.533911] kasan_check_range+0x100/0x1a8 [ 19.533959] __kasan_check_write+0x20/0x30 [ 19.534006] copy_user_test_oob+0x234/0xec8 [ 19.534053] kunit_try_run_case+0x170/0x3f0 [ 19.534103] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.534157] kthread+0x328/0x630 [ 19.534201] ret_from_fork+0x10/0x20 [ 19.534250] [ 19.534270] Allocated by task 285: [ 19.534302] kasan_save_stack+0x3c/0x68 [ 19.534347] kasan_save_track+0x20/0x40 [ 19.534387] kasan_save_alloc_info+0x40/0x58 [ 19.534428] __kasan_kmalloc+0xd4/0xd8 [ 19.534467] __kmalloc_noprof+0x198/0x4c8 [ 19.534506] kunit_kmalloc_array+0x34/0x88 [ 19.534546] copy_user_test_oob+0xac/0xec8 [ 19.534584] kunit_try_run_case+0x170/0x3f0 [ 19.534626] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.534671] kthread+0x328/0x630 [ 19.534705] ret_from_fork+0x10/0x20 [ 19.534787] [ 19.534835] The buggy address belongs to the object at fff00000c7939000 [ 19.534835] which belongs to the cache kmalloc-128 of size 128 [ 19.534897] The buggy address is located 0 bytes inside of [ 19.534897] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.534977] [ 19.535005] The buggy address belongs to the physical page: [ 19.535040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.535113] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.535204] page_type: f5(slab) [ 19.535247] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.535335] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.535470] page dumped because: kasan: bad access detected [ 19.535559] [ 19.535806] Memory state around the buggy address: [ 19.536031] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.536107] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.536199] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.536353] ^ [ 19.536456] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.536529] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.536654] ================================================================== [ 19.549976] ================================================================== [ 19.550099] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.550184] Write of size 121 at addr fff00000c7939000 by task kunit_try_catch/285 [ 19.550265] [ 19.550457] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.550546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.550575] Hardware name: linux,dummy-virt (DT) [ 19.550609] Call trace: [ 19.550633] show_stack+0x20/0x38 (C) [ 19.550728] dump_stack_lvl+0x8c/0xd0 [ 19.550806] print_report+0x118/0x5d0 [ 19.550898] kasan_report+0xdc/0x128 [ 19.550956] kasan_check_range+0x100/0x1a8 [ 19.551042] __kasan_check_write+0x20/0x30 [ 19.551112] copy_user_test_oob+0x35c/0xec8 [ 19.551235] kunit_try_run_case+0x170/0x3f0 [ 19.551417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.551616] kthread+0x328/0x630 [ 19.551673] ret_from_fork+0x10/0x20 [ 19.551937] [ 19.552017] Allocated by task 285: [ 19.552108] kasan_save_stack+0x3c/0x68 [ 19.552256] kasan_save_track+0x20/0x40 [ 19.552307] kasan_save_alloc_info+0x40/0x58 [ 19.552349] __kasan_kmalloc+0xd4/0xd8 [ 19.552542] __kmalloc_noprof+0x198/0x4c8 [ 19.552589] kunit_kmalloc_array+0x34/0x88 [ 19.552628] copy_user_test_oob+0xac/0xec8 [ 19.552669] kunit_try_run_case+0x170/0x3f0 [ 19.552717] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.552763] kthread+0x328/0x630 [ 19.552798] ret_from_fork+0x10/0x20 [ 19.552839] [ 19.552860] The buggy address belongs to the object at fff00000c7939000 [ 19.552860] which belongs to the cache kmalloc-128 of size 128 [ 19.552992] The buggy address is located 0 bytes inside of [ 19.552992] allocated 120-byte region [fff00000c7939000, fff00000c7939078) [ 19.553097] [ 19.553118] The buggy address belongs to the physical page: [ 19.553161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107939 [ 19.553245] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.553305] page_type: f5(slab) [ 19.553343] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.553449] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.553730] page dumped because: kasan: bad access detected [ 19.553838] [ 19.553917] Memory state around the buggy address: [ 19.554007] fff00000c7938f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.554121] fff00000c7938f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.554197] >fff00000c7939000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.554314] ^ [ 19.554467] fff00000c7939080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.554573] fff00000c7939100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.554672] ==================================================================
[ 16.723130] ================================================================== [ 16.723885] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.725245] Read of size 121 at addr ffff88810307db00 by task kunit_try_catch/302 [ 16.726467] [ 16.726852] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.726902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.726916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.727096] Call Trace: [ 16.727116] <TASK> [ 16.727132] dump_stack_lvl+0x73/0xb0 [ 16.727166] print_report+0xd1/0x610 [ 16.727205] ? __virt_addr_valid+0x1db/0x2d0 [ 16.727229] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.727255] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.727281] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.727307] kasan_report+0x141/0x180 [ 16.727330] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.727360] kasan_check_range+0x10c/0x1c0 [ 16.727386] __kasan_check_read+0x15/0x20 [ 16.727407] copy_user_test_oob+0x4aa/0x10f0 [ 16.727511] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.727541] ? finish_task_switch.isra.0+0x153/0x700 [ 16.727566] ? __switch_to+0x47/0xf50 [ 16.727593] ? __schedule+0x10cc/0x2b60 [ 16.727617] ? __pfx_read_tsc+0x10/0x10 [ 16.727640] ? ktime_get_ts64+0x86/0x230 [ 16.727664] kunit_try_run_case+0x1a5/0x480 [ 16.727691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.727716] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.727742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.727779] ? __kthread_parkme+0x82/0x180 [ 16.727801] ? preempt_count_sub+0x50/0x80 [ 16.727826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.727853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.727880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.727907] kthread+0x337/0x6f0 [ 16.727928] ? trace_preempt_on+0x20/0xc0 [ 16.727953] ? __pfx_kthread+0x10/0x10 [ 16.727976] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.727999] ? calculate_sigpending+0x7b/0xa0 [ 16.728025] ? __pfx_kthread+0x10/0x10 [ 16.728048] ret_from_fork+0x116/0x1d0 [ 16.728069] ? __pfx_kthread+0x10/0x10 [ 16.728090] ret_from_fork_asm+0x1a/0x30 [ 16.728122] </TASK> [ 16.728133] [ 16.739340] Allocated by task 302: [ 16.739855] kasan_save_stack+0x45/0x70 [ 16.740434] kasan_save_track+0x18/0x40 [ 16.740892] kasan_save_alloc_info+0x3b/0x50 [ 16.741406] __kasan_kmalloc+0xb7/0xc0 [ 16.741781] __kmalloc_noprof+0x1c9/0x500 [ 16.741945] kunit_kmalloc_array+0x25/0x60 [ 16.742098] copy_user_test_oob+0xab/0x10f0 [ 16.742251] kunit_try_run_case+0x1a5/0x480 [ 16.742400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.743274] kthread+0x337/0x6f0 [ 16.743809] ret_from_fork+0x116/0x1d0 [ 16.744320] ret_from_fork_asm+0x1a/0x30 [ 16.744890] [ 16.745223] The buggy address belongs to the object at ffff88810307db00 [ 16.745223] which belongs to the cache kmalloc-128 of size 128 [ 16.747004] The buggy address is located 0 bytes inside of [ 16.747004] allocated 120-byte region [ffff88810307db00, ffff88810307db78) [ 16.748168] [ 16.748376] The buggy address belongs to the physical page: [ 16.748916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307d [ 16.749646] flags: 0x200000000000000(node=0|zone=2) [ 16.750121] page_type: f5(slab) [ 16.750440] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.751121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.751360] page dumped because: kasan: bad access detected [ 16.751836] [ 16.752023] Memory state around the buggy address: [ 16.752490] ffff88810307da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.753041] ffff88810307da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.753263] >ffff88810307db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.753487] ^ [ 16.753703] ffff88810307db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.753936] ffff88810307dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.754255] ================================================================== [ 16.755594] ================================================================== [ 16.755908] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.756596] Write of size 121 at addr ffff88810307db00 by task kunit_try_catch/302 [ 16.756921] [ 16.757027] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.757072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.757086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.757107] Call Trace: [ 16.757124] <TASK> [ 16.757140] dump_stack_lvl+0x73/0xb0 [ 16.757172] print_report+0xd1/0x610 [ 16.757196] ? __virt_addr_valid+0x1db/0x2d0 [ 16.757220] ? copy_user_test_oob+0x557/0x10f0 [ 16.757245] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.757272] ? copy_user_test_oob+0x557/0x10f0 [ 16.757297] kasan_report+0x141/0x180 [ 16.757321] ? copy_user_test_oob+0x557/0x10f0 [ 16.757350] kasan_check_range+0x10c/0x1c0 [ 16.757376] __kasan_check_write+0x18/0x20 [ 16.757398] copy_user_test_oob+0x557/0x10f0 [ 16.757425] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.757464] ? finish_task_switch.isra.0+0x153/0x700 [ 16.757489] ? __switch_to+0x47/0xf50 [ 16.757516] ? __schedule+0x10cc/0x2b60 [ 16.757540] ? __pfx_read_tsc+0x10/0x10 [ 16.757563] ? ktime_get_ts64+0x86/0x230 [ 16.757589] kunit_try_run_case+0x1a5/0x480 [ 16.757615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.757640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.757666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.757692] ? __kthread_parkme+0x82/0x180 [ 16.757715] ? preempt_count_sub+0x50/0x80 [ 16.757740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.757785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.757811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.757839] kthread+0x337/0x6f0 [ 16.757860] ? trace_preempt_on+0x20/0xc0 [ 16.757886] ? __pfx_kthread+0x10/0x10 [ 16.757908] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.757932] ? calculate_sigpending+0x7b/0xa0 [ 16.757958] ? __pfx_kthread+0x10/0x10 [ 16.757981] ret_from_fork+0x116/0x1d0 [ 16.758001] ? __pfx_kthread+0x10/0x10 [ 16.758023] ret_from_fork_asm+0x1a/0x30 [ 16.758055] </TASK> [ 16.758066] [ 16.768251] Allocated by task 302: [ 16.768673] kasan_save_stack+0x45/0x70 [ 16.769008] kasan_save_track+0x18/0x40 [ 16.769376] kasan_save_alloc_info+0x3b/0x50 [ 16.769752] __kasan_kmalloc+0xb7/0xc0 [ 16.769971] __kmalloc_noprof+0x1c9/0x500 [ 16.770163] kunit_kmalloc_array+0x25/0x60 [ 16.770353] copy_user_test_oob+0xab/0x10f0 [ 16.770823] kunit_try_run_case+0x1a5/0x480 [ 16.771216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.771696] kthread+0x337/0x6f0 [ 16.771957] ret_from_fork+0x116/0x1d0 [ 16.772266] ret_from_fork_asm+0x1a/0x30 [ 16.772658] [ 16.772878] The buggy address belongs to the object at ffff88810307db00 [ 16.772878] which belongs to the cache kmalloc-128 of size 128 [ 16.773402] The buggy address is located 0 bytes inside of [ 16.773402] allocated 120-byte region [ffff88810307db00, ffff88810307db78) [ 16.774320] [ 16.774443] The buggy address belongs to the physical page: [ 16.774683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307d [ 16.775024] flags: 0x200000000000000(node=0|zone=2) [ 16.775248] page_type: f5(slab) [ 16.775408] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.776053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.776734] page dumped because: kasan: bad access detected [ 16.777055] [ 16.777273] Memory state around the buggy address: [ 16.777936] ffff88810307da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.778570] ffff88810307da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.779158] >ffff88810307db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.779386] ^ [ 16.779787] ffff88810307db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.780394] ffff88810307dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.781213] ================================================================== [ 16.702883] ================================================================== [ 16.703328] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.703636] Write of size 121 at addr ffff88810307db00 by task kunit_try_catch/302 [ 16.703970] [ 16.704080] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.704125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.704138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.704160] Call Trace: [ 16.704172] <TASK> [ 16.704189] dump_stack_lvl+0x73/0xb0 [ 16.704218] print_report+0xd1/0x610 [ 16.704243] ? __virt_addr_valid+0x1db/0x2d0 [ 16.704267] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.704293] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.704318] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.704344] kasan_report+0x141/0x180 [ 16.704368] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.704398] kasan_check_range+0x10c/0x1c0 [ 16.704423] __kasan_check_write+0x18/0x20 [ 16.704445] copy_user_test_oob+0x3fd/0x10f0 [ 16.704472] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.704505] ? finish_task_switch.isra.0+0x153/0x700 [ 16.704530] ? __switch_to+0x47/0xf50 [ 16.704557] ? __schedule+0x10cc/0x2b60 [ 16.704581] ? __pfx_read_tsc+0x10/0x10 [ 16.704603] ? ktime_get_ts64+0x86/0x230 [ 16.704629] kunit_try_run_case+0x1a5/0x480 [ 16.704656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.704681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.704707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.704733] ? __kthread_parkme+0x82/0x180 [ 16.704755] ? preempt_count_sub+0x50/0x80 [ 16.704804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.704831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.704857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.704885] kthread+0x337/0x6f0 [ 16.704905] ? trace_preempt_on+0x20/0xc0 [ 16.704932] ? __pfx_kthread+0x10/0x10 [ 16.704954] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.704978] ? calculate_sigpending+0x7b/0xa0 [ 16.705004] ? __pfx_kthread+0x10/0x10 [ 16.705027] ret_from_fork+0x116/0x1d0 [ 16.705048] ? __pfx_kthread+0x10/0x10 [ 16.705070] ret_from_fork_asm+0x1a/0x30 [ 16.705101] </TASK> [ 16.705112] [ 16.712087] Allocated by task 302: [ 16.712270] kasan_save_stack+0x45/0x70 [ 16.712470] kasan_save_track+0x18/0x40 [ 16.712662] kasan_save_alloc_info+0x3b/0x50 [ 16.712897] __kasan_kmalloc+0xb7/0xc0 [ 16.713039] __kmalloc_noprof+0x1c9/0x500 [ 16.713183] kunit_kmalloc_array+0x25/0x60 [ 16.713956] copy_user_test_oob+0xab/0x10f0 [ 16.714158] kunit_try_run_case+0x1a5/0x480 [ 16.714310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.714601] kthread+0x337/0x6f0 [ 16.714758] ret_from_fork+0x116/0x1d0 [ 16.714924] ret_from_fork_asm+0x1a/0x30 [ 16.715067] [ 16.715168] The buggy address belongs to the object at ffff88810307db00 [ 16.715168] which belongs to the cache kmalloc-128 of size 128 [ 16.715630] The buggy address is located 0 bytes inside of [ 16.715630] allocated 120-byte region [ffff88810307db00, ffff88810307db78) [ 16.716160] [ 16.716261] The buggy address belongs to the physical page: [ 16.716489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307d [ 16.716771] flags: 0x200000000000000(node=0|zone=2) [ 16.717045] page_type: f5(slab) [ 16.717214] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.717531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.717867] page dumped because: kasan: bad access detected [ 16.718042] [ 16.718117] Memory state around the buggy address: [ 16.718337] ffff88810307da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.719636] ffff88810307da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.719891] >ffff88810307db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.720111] ^ [ 16.720329] ffff88810307db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720556] ffff88810307dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720782] ================================================================== [ 16.782229] ================================================================== [ 16.782903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.783535] Read of size 121 at addr ffff88810307db00 by task kunit_try_catch/302 [ 16.783778] [ 16.783867] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.783911] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.783924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.783946] Call Trace: [ 16.783963] <TASK> [ 16.783979] dump_stack_lvl+0x73/0xb0 [ 16.784009] print_report+0xd1/0x610 [ 16.784034] ? __virt_addr_valid+0x1db/0x2d0 [ 16.784059] ? copy_user_test_oob+0x604/0x10f0 [ 16.784084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.784110] ? copy_user_test_oob+0x604/0x10f0 [ 16.784135] kasan_report+0x141/0x180 [ 16.784159] ? copy_user_test_oob+0x604/0x10f0 [ 16.784189] kasan_check_range+0x10c/0x1c0 [ 16.784215] __kasan_check_read+0x15/0x20 [ 16.784236] copy_user_test_oob+0x604/0x10f0 [ 16.784262] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.784287] ? finish_task_switch.isra.0+0x153/0x700 [ 16.784312] ? __switch_to+0x47/0xf50 [ 16.784339] ? __schedule+0x10cc/0x2b60 [ 16.784363] ? __pfx_read_tsc+0x10/0x10 [ 16.784386] ? ktime_get_ts64+0x86/0x230 [ 16.784411] kunit_try_run_case+0x1a5/0x480 [ 16.784437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.784475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.784501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.784527] ? __kthread_parkme+0x82/0x180 [ 16.784549] ? preempt_count_sub+0x50/0x80 [ 16.784574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.784600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.784635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.784663] kthread+0x337/0x6f0 [ 16.784684] ? trace_preempt_on+0x20/0xc0 [ 16.784709] ? __pfx_kthread+0x10/0x10 [ 16.784731] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.784754] ? calculate_sigpending+0x7b/0xa0 [ 16.784791] ? __pfx_kthread+0x10/0x10 [ 16.784815] ret_from_fork+0x116/0x1d0 [ 16.784834] ? __pfx_kthread+0x10/0x10 [ 16.784855] ret_from_fork_asm+0x1a/0x30 [ 16.784887] </TASK> [ 16.784898] [ 16.797078] Allocated by task 302: [ 16.797393] kasan_save_stack+0x45/0x70 [ 16.797838] kasan_save_track+0x18/0x40 [ 16.798203] kasan_save_alloc_info+0x3b/0x50 [ 16.798542] __kasan_kmalloc+0xb7/0xc0 [ 16.798744] __kmalloc_noprof+0x1c9/0x500 [ 16.798900] kunit_kmalloc_array+0x25/0x60 [ 16.799046] copy_user_test_oob+0xab/0x10f0 [ 16.799201] kunit_try_run_case+0x1a5/0x480 [ 16.799349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.799681] kthread+0x337/0x6f0 [ 16.799987] ret_from_fork+0x116/0x1d0 [ 16.800322] ret_from_fork_asm+0x1a/0x30 [ 16.800715] [ 16.800886] The buggy address belongs to the object at ffff88810307db00 [ 16.800886] which belongs to the cache kmalloc-128 of size 128 [ 16.801990] The buggy address is located 0 bytes inside of [ 16.801990] allocated 120-byte region [ffff88810307db00, ffff88810307db78) [ 16.803074] [ 16.803248] The buggy address belongs to the physical page: [ 16.803784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307d [ 16.804089] flags: 0x200000000000000(node=0|zone=2) [ 16.804253] page_type: f5(slab) [ 16.804373] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.804958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.805654] page dumped because: kasan: bad access detected [ 16.806129] [ 16.806283] Memory state around the buggy address: [ 16.806718] ffff88810307da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.807325] ffff88810307da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.807986] >ffff88810307db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.808345] ^ [ 16.808741] ffff88810307db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.809356] ffff88810307dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.809916] ==================================================================