Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.394148] ================================================================== [ 18.394219] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.394271] Read of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.394325] [ 18.394357] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.394443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.394471] Hardware name: linux,dummy-virt (DT) [ 18.394502] Call trace: [ 18.394528] show_stack+0x20/0x38 (C) [ 18.394578] dump_stack_lvl+0x8c/0xd0 [ 18.394912] print_report+0x118/0x5d0 [ 18.394986] kasan_report+0xdc/0x128 [ 18.395035] kasan_check_range+0x100/0x1a8 [ 18.395085] __kasan_check_read+0x20/0x30 [ 18.395131] copy_user_test_oob+0x4a0/0xec8 [ 18.395181] kunit_try_run_case+0x170/0x3f0 [ 18.395244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.395301] kthread+0x328/0x630 [ 18.395345] ret_from_fork+0x10/0x20 [ 18.395412] [ 18.395434] Allocated by task 286: [ 18.395470] kasan_save_stack+0x3c/0x68 [ 18.395515] kasan_save_track+0x20/0x40 [ 18.395563] kasan_save_alloc_info+0x40/0x58 [ 18.395615] __kasan_kmalloc+0xd4/0xd8 [ 18.395664] __kmalloc_noprof+0x198/0x4c8 [ 18.395703] kunit_kmalloc_array+0x34/0x88 [ 18.395745] copy_user_test_oob+0xac/0xec8 [ 18.395784] kunit_try_run_case+0x170/0x3f0 [ 18.395824] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.395870] kthread+0x328/0x630 [ 18.395905] ret_from_fork+0x10/0x20 [ 18.395942] [ 18.395966] The buggy address belongs to the object at fff00000c64df100 [ 18.395966] which belongs to the cache kmalloc-128 of size 128 [ 18.396033] The buggy address is located 0 bytes inside of [ 18.396033] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.396097] [ 18.396119] The buggy address belongs to the physical page: [ 18.396164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.397330] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.397735] page_type: f5(slab) [ 18.397793] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.397865] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.398161] page dumped because: kasan: bad access detected [ 18.398357] [ 18.398524] Memory state around the buggy address: [ 18.398673] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.398726] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.399019] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.399181] ^ [ 18.399272] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.399526] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.399855] ================================================================== [ 18.382500] ================================================================== [ 18.382556] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.382827] Write of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.383254] [ 18.383455] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.383735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.383801] Hardware name: linux,dummy-virt (DT) [ 18.383836] Call trace: [ 18.384169] show_stack+0x20/0x38 (C) [ 18.384429] dump_stack_lvl+0x8c/0xd0 [ 18.384499] print_report+0x118/0x5d0 [ 18.384731] kasan_report+0xdc/0x128 [ 18.384885] kasan_check_range+0x100/0x1a8 [ 18.385274] __kasan_check_write+0x20/0x30 [ 18.385445] copy_user_test_oob+0x434/0xec8 [ 18.385586] kunit_try_run_case+0x170/0x3f0 [ 18.385680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.385837] kthread+0x328/0x630 [ 18.385886] ret_from_fork+0x10/0x20 [ 18.386514] [ 18.386751] Allocated by task 286: [ 18.386812] kasan_save_stack+0x3c/0x68 [ 18.386954] kasan_save_track+0x20/0x40 [ 18.387051] kasan_save_alloc_info+0x40/0x58 [ 18.387245] __kasan_kmalloc+0xd4/0xd8 [ 18.387290] __kmalloc_noprof+0x198/0x4c8 [ 18.387531] kunit_kmalloc_array+0x34/0x88 [ 18.387695] copy_user_test_oob+0xac/0xec8 [ 18.387918] kunit_try_run_case+0x170/0x3f0 [ 18.388170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.388330] kthread+0x328/0x630 [ 18.388421] ret_from_fork+0x10/0x20 [ 18.388697] [ 18.388809] The buggy address belongs to the object at fff00000c64df100 [ 18.388809] which belongs to the cache kmalloc-128 of size 128 [ 18.389309] The buggy address is located 0 bytes inside of [ 18.389309] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.389491] [ 18.389524] The buggy address belongs to the physical page: [ 18.389920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.390326] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.390489] page_type: f5(slab) [ 18.390583] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.390675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.391033] page dumped because: kasan: bad access detected [ 18.391315] [ 18.391461] Memory state around the buggy address: [ 18.391502] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.392008] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.392278] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.392402] ^ [ 18.392607] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.392906] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.393096] ================================================================== [ 18.372662] ================================================================== [ 18.372948] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.373288] Read of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.373451] [ 18.373489] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.373777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.373817] Hardware name: linux,dummy-virt (DT) [ 18.373976] Call trace: [ 18.374027] show_stack+0x20/0x38 (C) [ 18.374082] dump_stack_lvl+0x8c/0xd0 [ 18.374143] print_report+0x118/0x5d0 [ 18.374223] kasan_report+0xdc/0x128 [ 18.374271] kasan_check_range+0x100/0x1a8 [ 18.374323] __kasan_check_read+0x20/0x30 [ 18.374370] copy_user_test_oob+0x3c8/0xec8 [ 18.374419] kunit_try_run_case+0x170/0x3f0 [ 18.374466] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.374529] kthread+0x328/0x630 [ 18.374583] ret_from_fork+0x10/0x20 [ 18.374642] [ 18.374673] Allocated by task 286: [ 18.374719] kasan_save_stack+0x3c/0x68 [ 18.374764] kasan_save_track+0x20/0x40 [ 18.374812] kasan_save_alloc_info+0x40/0x58 [ 18.374866] __kasan_kmalloc+0xd4/0xd8 [ 18.374913] __kmalloc_noprof+0x198/0x4c8 [ 18.374955] kunit_kmalloc_array+0x34/0x88 [ 18.374995] copy_user_test_oob+0xac/0xec8 [ 18.375033] kunit_try_run_case+0x170/0x3f0 [ 18.375073] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.375139] kthread+0x328/0x630 [ 18.375183] ret_from_fork+0x10/0x20 [ 18.376045] [ 18.376110] The buggy address belongs to the object at fff00000c64df100 [ 18.376110] which belongs to the cache kmalloc-128 of size 128 [ 18.376195] The buggy address is located 0 bytes inside of [ 18.376195] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.376276] [ 18.376468] The buggy address belongs to the physical page: [ 18.376674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.376820] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.376937] page_type: f5(slab) [ 18.377094] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.377588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.377667] page dumped because: kasan: bad access detected [ 18.377704] [ 18.378055] Memory state around the buggy address: [ 18.378492] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.378585] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.378642] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.379163] ^ [ 18.379423] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.379556] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.379767] ================================================================== [ 18.362020] ================================================================== [ 18.362092] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.362409] Write of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.362565] [ 18.362607] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.362719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.362831] Hardware name: linux,dummy-virt (DT) [ 18.362869] Call trace: [ 18.362914] show_stack+0x20/0x38 (C) [ 18.363287] dump_stack_lvl+0x8c/0xd0 [ 18.363465] print_report+0x118/0x5d0 [ 18.363563] kasan_report+0xdc/0x128 [ 18.363708] kasan_check_range+0x100/0x1a8 [ 18.363762] __kasan_check_write+0x20/0x30 [ 18.363809] copy_user_test_oob+0x35c/0xec8 [ 18.363860] kunit_try_run_case+0x170/0x3f0 [ 18.364232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.364312] kthread+0x328/0x630 [ 18.365307] ret_from_fork+0x10/0x20 [ 18.365395] [ 18.365417] Allocated by task 286: [ 18.365607] kasan_save_stack+0x3c/0x68 [ 18.365851] kasan_save_track+0x20/0x40 [ 18.365929] kasan_save_alloc_info+0x40/0x58 [ 18.366095] __kasan_kmalloc+0xd4/0xd8 [ 18.366184] __kmalloc_noprof+0x198/0x4c8 [ 18.366306] kunit_kmalloc_array+0x34/0x88 [ 18.366364] copy_user_test_oob+0xac/0xec8 [ 18.366434] kunit_try_run_case+0x170/0x3f0 [ 18.366691] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.366802] kthread+0x328/0x630 [ 18.366864] ret_from_fork+0x10/0x20 [ 18.367132] [ 18.367202] The buggy address belongs to the object at fff00000c64df100 [ 18.367202] which belongs to the cache kmalloc-128 of size 128 [ 18.367292] The buggy address is located 0 bytes inside of [ 18.367292] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.367984] [ 18.368045] The buggy address belongs to the physical page: [ 18.368098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.368308] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.368453] page_type: f5(slab) [ 18.368516] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.368569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.369247] page dumped because: kasan: bad access detected [ 18.369425] [ 18.369549] Memory state around the buggy address: [ 18.369699] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.369799] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.369952] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.370041] ^ [ 18.370104] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.370148] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.370379] ================================================================== [ 18.339830] ================================================================== [ 18.339888] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.339942] Read of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.340447] [ 18.340529] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.340917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.340960] Hardware name: linux,dummy-virt (DT) [ 18.341015] Call trace: [ 18.341041] show_stack+0x20/0x38 (C) [ 18.341226] dump_stack_lvl+0x8c/0xd0 [ 18.341310] print_report+0x118/0x5d0 [ 18.341392] kasan_report+0xdc/0x128 [ 18.341481] kasan_check_range+0x100/0x1a8 [ 18.341778] __kasan_check_read+0x20/0x30 [ 18.342327] copy_user_test_oob+0x728/0xec8 [ 18.342404] kunit_try_run_case+0x170/0x3f0 [ 18.342587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.342862] kthread+0x328/0x630 [ 18.343042] ret_from_fork+0x10/0x20 [ 18.343436] [ 18.343533] Allocated by task 286: [ 18.343656] kasan_save_stack+0x3c/0x68 [ 18.343753] kasan_save_track+0x20/0x40 [ 18.344006] kasan_save_alloc_info+0x40/0x58 [ 18.344251] __kasan_kmalloc+0xd4/0xd8 [ 18.344427] __kmalloc_noprof+0x198/0x4c8 [ 18.344703] kunit_kmalloc_array+0x34/0x88 [ 18.344981] copy_user_test_oob+0xac/0xec8 [ 18.345158] kunit_try_run_case+0x170/0x3f0 [ 18.345215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.345282] kthread+0x328/0x630 [ 18.345562] ret_from_fork+0x10/0x20 [ 18.345925] [ 18.346076] The buggy address belongs to the object at fff00000c64df100 [ 18.346076] which belongs to the cache kmalloc-128 of size 128 [ 18.346313] The buggy address is located 0 bytes inside of [ 18.346313] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.346576] [ 18.346672] The buggy address belongs to the physical page: [ 18.346824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.346915] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.347168] page_type: f5(slab) [ 18.347237] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.347487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.347646] page dumped because: kasan: bad access detected [ 18.347729] [ 18.347793] Memory state around the buggy address: [ 18.347830] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.348373] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.348996] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.349256] ^ [ 18.349876] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.350103] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.350346] ================================================================== [ 18.328061] ================================================================== [ 18.328181] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.328286] Write of size 121 at addr fff00000c64df100 by task kunit_try_catch/286 [ 18.328361] [ 18.328405] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.328514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.328551] Hardware name: linux,dummy-virt (DT) [ 18.328588] Call trace: [ 18.328633] show_stack+0x20/0x38 (C) [ 18.328698] dump_stack_lvl+0x8c/0xd0 [ 18.328806] print_report+0x118/0x5d0 [ 18.328872] kasan_report+0xdc/0x128 [ 18.328949] kasan_check_range+0x100/0x1a8 [ 18.329000] __kasan_check_write+0x20/0x30 [ 18.329050] copy_user_test_oob+0x234/0xec8 [ 18.329348] kunit_try_run_case+0x170/0x3f0 [ 18.329434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.329557] kthread+0x328/0x630 [ 18.329652] ret_from_fork+0x10/0x20 [ 18.329802] [ 18.329871] Allocated by task 286: [ 18.329958] kasan_save_stack+0x3c/0x68 [ 18.330089] kasan_save_track+0x20/0x40 [ 18.330183] kasan_save_alloc_info+0x40/0x58 [ 18.330288] __kasan_kmalloc+0xd4/0xd8 [ 18.330327] __kmalloc_noprof+0x198/0x4c8 [ 18.330379] kunit_kmalloc_array+0x34/0x88 [ 18.330660] copy_user_test_oob+0xac/0xec8 [ 18.330788] kunit_try_run_case+0x170/0x3f0 [ 18.330992] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.331205] kthread+0x328/0x630 [ 18.331243] ret_from_fork+0x10/0x20 [ 18.331322] [ 18.331375] The buggy address belongs to the object at fff00000c64df100 [ 18.331375] which belongs to the cache kmalloc-128 of size 128 [ 18.331662] The buggy address is located 0 bytes inside of [ 18.331662] allocated 120-byte region [fff00000c64df100, fff00000c64df178) [ 18.331796] [ 18.331879] The buggy address belongs to the physical page: [ 18.331960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064df [ 18.332073] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.332205] page_type: f5(slab) [ 18.332287] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.332386] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.332430] page dumped because: kasan: bad access detected [ 18.332462] [ 18.332522] Memory state around the buggy address: [ 18.332806] fff00000c64df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.332943] fff00000c64df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.333247] >fff00000c64df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.333488] ^ [ 18.333592] fff00000c64df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.333703] fff00000c64df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.333745] ==================================================================
[ 17.131097] ================================================================== [ 17.131386] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 17.131639] Read of size 121 at addr ffff8881029dff00 by task kunit_try_catch/303 [ 17.132126] [ 17.132243] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.132291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.132304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.132328] Call Trace: [ 17.132346] <TASK> [ 17.132364] dump_stack_lvl+0x73/0xb0 [ 17.132395] print_report+0xd1/0x610 [ 17.132421] ? __virt_addr_valid+0x1db/0x2d0 [ 17.132446] ? copy_user_test_oob+0x604/0x10f0 [ 17.132483] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.132508] ? copy_user_test_oob+0x604/0x10f0 [ 17.132533] kasan_report+0x141/0x180 [ 17.132557] ? copy_user_test_oob+0x604/0x10f0 [ 17.132587] kasan_check_range+0x10c/0x1c0 [ 17.132612] __kasan_check_read+0x15/0x20 [ 17.132632] copy_user_test_oob+0x604/0x10f0 [ 17.132660] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.132684] ? finish_task_switch.isra.0+0x153/0x700 [ 17.132709] ? __switch_to+0x47/0xf50 [ 17.132737] ? __schedule+0x10c6/0x2b60 [ 17.132763] ? __pfx_read_tsc+0x10/0x10 [ 17.132787] ? ktime_get_ts64+0x86/0x230 [ 17.132813] kunit_try_run_case+0x1a5/0x480 [ 17.132840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.132864] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.132891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.132917] ? __kthread_parkme+0x82/0x180 [ 17.132941] ? preempt_count_sub+0x50/0x80 [ 17.132989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.133016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.133041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.133085] kthread+0x337/0x6f0 [ 17.133107] ? trace_preempt_on+0x20/0xc0 [ 17.133133] ? __pfx_kthread+0x10/0x10 [ 17.133175] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.133199] ? calculate_sigpending+0x7b/0xa0 [ 17.133225] ? __pfx_kthread+0x10/0x10 [ 17.133266] ret_from_fork+0x116/0x1d0 [ 17.133286] ? __pfx_kthread+0x10/0x10 [ 17.133322] ret_from_fork_asm+0x1a/0x30 [ 17.133356] </TASK> [ 17.133368] [ 17.141430] Allocated by task 303: [ 17.141656] kasan_save_stack+0x45/0x70 [ 17.141888] kasan_save_track+0x18/0x40 [ 17.142157] kasan_save_alloc_info+0x3b/0x50 [ 17.142391] __kasan_kmalloc+0xb7/0xc0 [ 17.142594] __kmalloc_noprof+0x1c9/0x500 [ 17.142812] kunit_kmalloc_array+0x25/0x60 [ 17.143021] copy_user_test_oob+0xab/0x10f0 [ 17.143232] kunit_try_run_case+0x1a5/0x480 [ 17.143441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.143709] kthread+0x337/0x6f0 [ 17.143867] ret_from_fork+0x116/0x1d0 [ 17.144004] ret_from_fork_asm+0x1a/0x30 [ 17.144145] [ 17.144218] The buggy address belongs to the object at ffff8881029dff00 [ 17.144218] which belongs to the cache kmalloc-128 of size 128 [ 17.144585] The buggy address is located 0 bytes inside of [ 17.144585] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.145410] [ 17.145524] The buggy address belongs to the physical page: [ 17.145851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.146255] flags: 0x200000000000000(node=0|zone=2) [ 17.146528] page_type: f5(slab) [ 17.146727] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.147271] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.147615] page dumped because: kasan: bad access detected [ 17.147799] [ 17.147872] Memory state around the buggy address: [ 17.148134] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.148509] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.148871] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.149127] ^ [ 17.149441] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.149746] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.150083] ================================================================== [ 17.070232] ================================================================== [ 17.070636] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 17.071339] Write of size 121 at addr ffff8881029dff00 by task kunit_try_catch/303 [ 17.072036] [ 17.072220] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.072273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.072286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.072311] Call Trace: [ 17.072328] <TASK> [ 17.072347] dump_stack_lvl+0x73/0xb0 [ 17.072382] print_report+0xd1/0x610 [ 17.072407] ? __virt_addr_valid+0x1db/0x2d0 [ 17.072433] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.072459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.072497] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.072522] kasan_report+0x141/0x180 [ 17.072546] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.072576] kasan_check_range+0x10c/0x1c0 [ 17.072601] __kasan_check_write+0x18/0x20 [ 17.072622] copy_user_test_oob+0x3fd/0x10f0 [ 17.072648] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.072673] ? finish_task_switch.isra.0+0x153/0x700 [ 17.072697] ? __switch_to+0x47/0xf50 [ 17.072725] ? __schedule+0x10c6/0x2b60 [ 17.072750] ? __pfx_read_tsc+0x10/0x10 [ 17.072774] ? ktime_get_ts64+0x86/0x230 [ 17.072814] kunit_try_run_case+0x1a5/0x480 [ 17.072840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.072865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.072892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.072917] ? __kthread_parkme+0x82/0x180 [ 17.072941] ? preempt_count_sub+0x50/0x80 [ 17.072966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.072991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.073016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.073042] kthread+0x337/0x6f0 [ 17.073063] ? trace_preempt_on+0x20/0xc0 [ 17.073089] ? __pfx_kthread+0x10/0x10 [ 17.073111] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.073134] ? calculate_sigpending+0x7b/0xa0 [ 17.073161] ? __pfx_kthread+0x10/0x10 [ 17.073184] ret_from_fork+0x116/0x1d0 [ 17.073205] ? __pfx_kthread+0x10/0x10 [ 17.073226] ret_from_fork_asm+0x1a/0x30 [ 17.073259] </TASK> [ 17.073271] [ 17.080775] Allocated by task 303: [ 17.080970] kasan_save_stack+0x45/0x70 [ 17.081180] kasan_save_track+0x18/0x40 [ 17.081376] kasan_save_alloc_info+0x3b/0x50 [ 17.081550] __kasan_kmalloc+0xb7/0xc0 [ 17.081692] __kmalloc_noprof+0x1c9/0x500 [ 17.082011] kunit_kmalloc_array+0x25/0x60 [ 17.082232] copy_user_test_oob+0xab/0x10f0 [ 17.082458] kunit_try_run_case+0x1a5/0x480 [ 17.082685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.083058] kthread+0x337/0x6f0 [ 17.083222] ret_from_fork+0x116/0x1d0 [ 17.083417] ret_from_fork_asm+0x1a/0x30 [ 17.083581] [ 17.083662] The buggy address belongs to the object at ffff8881029dff00 [ 17.083662] which belongs to the cache kmalloc-128 of size 128 [ 17.084427] The buggy address is located 0 bytes inside of [ 17.084427] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.084968] [ 17.085053] The buggy address belongs to the physical page: [ 17.085293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.085638] flags: 0x200000000000000(node=0|zone=2) [ 17.085904] page_type: f5(slab) [ 17.086059] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.086340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.086800] page dumped because: kasan: bad access detected [ 17.087320] [ 17.087503] Memory state around the buggy address: [ 17.087985] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.088594] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.089223] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.089827] ^ [ 17.090518] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.091159] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.091815] ================================================================== [ 17.092874] ================================================================== [ 17.093454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 17.093730] Read of size 121 at addr ffff8881029dff00 by task kunit_try_catch/303 [ 17.094528] [ 17.094711] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.094761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.094774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.094800] Call Trace: [ 17.094820] <TASK> [ 17.094840] dump_stack_lvl+0x73/0xb0 [ 17.094872] print_report+0xd1/0x610 [ 17.094898] ? __virt_addr_valid+0x1db/0x2d0 [ 17.094923] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.094947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.094971] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.094997] kasan_report+0x141/0x180 [ 17.095021] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.095050] kasan_check_range+0x10c/0x1c0 [ 17.095076] __kasan_check_read+0x15/0x20 [ 17.095095] copy_user_test_oob+0x4aa/0x10f0 [ 17.095122] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.095146] ? finish_task_switch.isra.0+0x153/0x700 [ 17.095172] ? __switch_to+0x47/0xf50 [ 17.095199] ? __schedule+0x10c6/0x2b60 [ 17.095225] ? __pfx_read_tsc+0x10/0x10 [ 17.095248] ? ktime_get_ts64+0x86/0x230 [ 17.095274] kunit_try_run_case+0x1a5/0x480 [ 17.095301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.095325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.095351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.095376] ? __kthread_parkme+0x82/0x180 [ 17.095399] ? preempt_count_sub+0x50/0x80 [ 17.095423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.095449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.095486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.095512] kthread+0x337/0x6f0 [ 17.095533] ? trace_preempt_on+0x20/0xc0 [ 17.095559] ? __pfx_kthread+0x10/0x10 [ 17.095581] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.095604] ? calculate_sigpending+0x7b/0xa0 [ 17.095630] ? __pfx_kthread+0x10/0x10 [ 17.095653] ret_from_fork+0x116/0x1d0 [ 17.095673] ? __pfx_kthread+0x10/0x10 [ 17.095695] ret_from_fork_asm+0x1a/0x30 [ 17.095727] </TASK> [ 17.095739] [ 17.103956] Allocated by task 303: [ 17.104129] kasan_save_stack+0x45/0x70 [ 17.104283] kasan_save_track+0x18/0x40 [ 17.104426] kasan_save_alloc_info+0x3b/0x50 [ 17.104655] __kasan_kmalloc+0xb7/0xc0 [ 17.104848] __kmalloc_noprof+0x1c9/0x500 [ 17.105061] kunit_kmalloc_array+0x25/0x60 [ 17.105286] copy_user_test_oob+0xab/0x10f0 [ 17.105519] kunit_try_run_case+0x1a5/0x480 [ 17.105720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.105904] kthread+0x337/0x6f0 [ 17.106090] ret_from_fork+0x116/0x1d0 [ 17.106291] ret_from_fork_asm+0x1a/0x30 [ 17.106511] [ 17.106609] The buggy address belongs to the object at ffff8881029dff00 [ 17.106609] which belongs to the cache kmalloc-128 of size 128 [ 17.107114] The buggy address is located 0 bytes inside of [ 17.107114] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.107633] [ 17.107721] The buggy address belongs to the physical page: [ 17.107978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.108301] flags: 0x200000000000000(node=0|zone=2) [ 17.108522] page_type: f5(slab) [ 17.108703] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.109066] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.109310] page dumped because: kasan: bad access detected [ 17.109502] [ 17.109577] Memory state around the buggy address: [ 17.109743] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.110269] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.110602] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.110963] ^ [ 17.111258] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.111492] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.111714] ================================================================== [ 17.112366] ================================================================== [ 17.112798] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 17.113183] Write of size 121 at addr ffff8881029dff00 by task kunit_try_catch/303 [ 17.113620] [ 17.113781] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.113837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.113850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.113874] Call Trace: [ 17.113893] <TASK> [ 17.113910] dump_stack_lvl+0x73/0xb0 [ 17.113943] print_report+0xd1/0x610 [ 17.113968] ? __virt_addr_valid+0x1db/0x2d0 [ 17.113994] ? copy_user_test_oob+0x557/0x10f0 [ 17.114019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.114043] ? copy_user_test_oob+0x557/0x10f0 [ 17.114069] kasan_report+0x141/0x180 [ 17.114092] ? copy_user_test_oob+0x557/0x10f0 [ 17.114127] kasan_check_range+0x10c/0x1c0 [ 17.114153] __kasan_check_write+0x18/0x20 [ 17.114174] copy_user_test_oob+0x557/0x10f0 [ 17.114201] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.114225] ? finish_task_switch.isra.0+0x153/0x700 [ 17.114250] ? __switch_to+0x47/0xf50 [ 17.114278] ? __schedule+0x10c6/0x2b60 [ 17.114304] ? __pfx_read_tsc+0x10/0x10 [ 17.114327] ? ktime_get_ts64+0x86/0x230 [ 17.114353] kunit_try_run_case+0x1a5/0x480 [ 17.114380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.114404] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.114430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.114456] ? __kthread_parkme+0x82/0x180 [ 17.114493] ? preempt_count_sub+0x50/0x80 [ 17.114518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.114544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.114570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.114595] kthread+0x337/0x6f0 [ 17.114617] ? trace_preempt_on+0x20/0xc0 [ 17.114643] ? __pfx_kthread+0x10/0x10 [ 17.114665] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.114689] ? calculate_sigpending+0x7b/0xa0 [ 17.114715] ? __pfx_kthread+0x10/0x10 [ 17.114740] ret_from_fork+0x116/0x1d0 [ 17.114759] ? __pfx_kthread+0x10/0x10 [ 17.114782] ret_from_fork_asm+0x1a/0x30 [ 17.114815] </TASK> [ 17.114826] [ 17.122327] Allocated by task 303: [ 17.122510] kasan_save_stack+0x45/0x70 [ 17.122700] kasan_save_track+0x18/0x40 [ 17.122963] kasan_save_alloc_info+0x3b/0x50 [ 17.123121] __kasan_kmalloc+0xb7/0xc0 [ 17.123260] __kmalloc_noprof+0x1c9/0x500 [ 17.123465] kunit_kmalloc_array+0x25/0x60 [ 17.123686] copy_user_test_oob+0xab/0x10f0 [ 17.124038] kunit_try_run_case+0x1a5/0x480 [ 17.124217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.124454] kthread+0x337/0x6f0 [ 17.124592] ret_from_fork+0x116/0x1d0 [ 17.124733] ret_from_fork_asm+0x1a/0x30 [ 17.124881] [ 17.124981] The buggy address belongs to the object at ffff8881029dff00 [ 17.124981] which belongs to the cache kmalloc-128 of size 128 [ 17.125536] The buggy address is located 0 bytes inside of [ 17.125536] allocated 120-byte region [ffff8881029dff00, ffff8881029dff78) [ 17.125984] [ 17.126061] The buggy address belongs to the physical page: [ 17.126248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029df [ 17.126528] flags: 0x200000000000000(node=0|zone=2) [ 17.126790] page_type: f5(slab) [ 17.126966] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.127315] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.127665] page dumped because: kasan: bad access detected [ 17.128131] [ 17.128233] Memory state around the buggy address: [ 17.128402] ffff8881029dfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.128649] ffff8881029dfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.129229] >ffff8881029dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.129556] ^ [ 17.129857] ffff8881029dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.130113] ffff8881029e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.130447] ==================================================================