Date
July 23, 2025, 2:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.636493] ================================================================== [ 18.636822] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.637007] Read of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.637070] [ 18.637130] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.637468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.637581] Hardware name: linux,dummy-virt (DT) [ 18.637804] Call trace: [ 18.637845] show_stack+0x20/0x38 (C) [ 18.637915] dump_stack_lvl+0x8c/0xd0 [ 18.637963] print_report+0x118/0x5d0 [ 18.638012] kasan_report+0xdc/0x128 [ 18.638164] kasan_check_range+0x100/0x1a8 [ 18.638228] __kasan_check_read+0x20/0x30 [ 18.638274] copy_user_test_oob+0x4a0/0xec8 [ 18.638323] kunit_try_run_case+0x170/0x3f0 [ 18.638376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.638452] kthread+0x328/0x630 [ 18.638511] ret_from_fork+0x10/0x20 [ 18.639015] [ 18.639142] Allocated by task 285: [ 18.639184] kasan_save_stack+0x3c/0x68 [ 18.639508] kasan_save_track+0x20/0x40 [ 18.639707] kasan_save_alloc_info+0x40/0x58 [ 18.639780] __kasan_kmalloc+0xd4/0xd8 [ 18.640072] __kmalloc_noprof+0x198/0x4c8 [ 18.640213] kunit_kmalloc_array+0x34/0x88 [ 18.640284] copy_user_test_oob+0xac/0xec8 [ 18.640539] kunit_try_run_case+0x170/0x3f0 [ 18.640762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.640873] kthread+0x328/0x630 [ 18.640950] ret_from_fork+0x10/0x20 [ 18.641067] [ 18.641130] The buggy address belongs to the object at fff00000c648f500 [ 18.641130] which belongs to the cache kmalloc-128 of size 128 [ 18.641295] The buggy address is located 0 bytes inside of [ 18.641295] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.641367] [ 18.641389] The buggy address belongs to the physical page: [ 18.641763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.642117] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.642241] page_type: f5(slab) [ 18.642360] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.642481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.642911] page dumped because: kasan: bad access detected [ 18.643197] [ 18.643249] Memory state around the buggy address: [ 18.643321] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.643405] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.643488] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.643767] ^ [ 18.643824] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.644143] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.644474] ================================================================== [ 18.577422] ================================================================== [ 18.577524] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.577605] Write of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.578458] [ 18.578580] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.579010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.579100] Hardware name: linux,dummy-virt (DT) [ 18.579193] Call trace: [ 18.579241] show_stack+0x20/0x38 (C) [ 18.579318] dump_stack_lvl+0x8c/0xd0 [ 18.579708] print_report+0x118/0x5d0 [ 18.579803] kasan_report+0xdc/0x128 [ 18.579880] kasan_check_range+0x100/0x1a8 [ 18.580145] __kasan_check_write+0x20/0x30 [ 18.580232] copy_user_test_oob+0x234/0xec8 [ 18.580507] kunit_try_run_case+0x170/0x3f0 [ 18.580608] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.580696] kthread+0x328/0x630 [ 18.580769] ret_from_fork+0x10/0x20 [ 18.580886] [ 18.580944] Allocated by task 285: [ 18.581188] kasan_save_stack+0x3c/0x68 [ 18.581270] kasan_save_track+0x20/0x40 [ 18.581563] kasan_save_alloc_info+0x40/0x58 [ 18.581649] __kasan_kmalloc+0xd4/0xd8 [ 18.581712] __kmalloc_noprof+0x198/0x4c8 [ 18.581780] kunit_kmalloc_array+0x34/0x88 [ 18.582096] copy_user_test_oob+0xac/0xec8 [ 18.582199] kunit_try_run_case+0x170/0x3f0 [ 18.582275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.582324] kthread+0x328/0x630 [ 18.582387] ret_from_fork+0x10/0x20 [ 18.582718] [ 18.582770] The buggy address belongs to the object at fff00000c648f500 [ 18.582770] which belongs to the cache kmalloc-128 of size 128 [ 18.582905] The buggy address is located 0 bytes inside of [ 18.582905] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.582977] [ 18.583174] The buggy address belongs to the physical page: [ 18.583366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.583532] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.583893] page_type: f5(slab) [ 18.583969] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.584131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.584462] page dumped because: kasan: bad access detected [ 18.584561] [ 18.584660] Memory state around the buggy address: [ 18.584739] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.585166] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.585241] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.585291] ^ [ 18.585339] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.585418] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.585478] ================================================================== [ 18.594347] ================================================================== [ 18.594628] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.594699] Read of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.595092] [ 18.595133] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.595605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.596039] Hardware name: linux,dummy-virt (DT) [ 18.596118] Call trace: [ 18.596254] show_stack+0x20/0x38 (C) [ 18.596339] dump_stack_lvl+0x8c/0xd0 [ 18.596430] print_report+0x118/0x5d0 [ 18.596554] kasan_report+0xdc/0x128 [ 18.596823] kasan_check_range+0x100/0x1a8 [ 18.597003] __kasan_check_read+0x20/0x30 [ 18.597088] copy_user_test_oob+0x728/0xec8 [ 18.597250] kunit_try_run_case+0x170/0x3f0 [ 18.597445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.597551] kthread+0x328/0x630 [ 18.597613] ret_from_fork+0x10/0x20 [ 18.598067] [ 18.598122] Allocated by task 285: [ 18.598228] kasan_save_stack+0x3c/0x68 [ 18.598315] kasan_save_track+0x20/0x40 [ 18.598409] kasan_save_alloc_info+0x40/0x58 [ 18.598637] __kasan_kmalloc+0xd4/0xd8 [ 18.598859] __kmalloc_noprof+0x198/0x4c8 [ 18.599006] kunit_kmalloc_array+0x34/0x88 [ 18.599095] copy_user_test_oob+0xac/0xec8 [ 18.599240] kunit_try_run_case+0x170/0x3f0 [ 18.599281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.599328] kthread+0x328/0x630 [ 18.599364] ret_from_fork+0x10/0x20 [ 18.599693] [ 18.599749] The buggy address belongs to the object at fff00000c648f500 [ 18.599749] which belongs to the cache kmalloc-128 of size 128 [ 18.599925] The buggy address is located 0 bytes inside of [ 18.599925] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.600106] [ 18.600155] The buggy address belongs to the physical page: [ 18.600223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.600554] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.600709] page_type: f5(slab) [ 18.600773] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.601114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.601270] page dumped because: kasan: bad access detected [ 18.601366] [ 18.601509] Memory state around the buggy address: [ 18.601587] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.601636] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602317] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.602397] ^ [ 18.602452] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602500] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602689] ================================================================== [ 18.620155] ================================================================== [ 18.620212] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.620267] Read of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.620322] [ 18.620357] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.620837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.621007] Hardware name: linux,dummy-virt (DT) [ 18.621076] Call trace: [ 18.621102] show_stack+0x20/0x38 (C) [ 18.621162] dump_stack_lvl+0x8c/0xd0 [ 18.621352] print_report+0x118/0x5d0 [ 18.621840] kasan_report+0xdc/0x128 [ 18.622066] kasan_check_range+0x100/0x1a8 [ 18.622143] __kasan_check_read+0x20/0x30 [ 18.622247] copy_user_test_oob+0x3c8/0xec8 [ 18.622332] kunit_try_run_case+0x170/0x3f0 [ 18.622395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.622600] kthread+0x328/0x630 [ 18.622896] ret_from_fork+0x10/0x20 [ 18.623058] [ 18.623109] Allocated by task 285: [ 18.623151] kasan_save_stack+0x3c/0x68 [ 18.623199] kasan_save_track+0x20/0x40 [ 18.623240] kasan_save_alloc_info+0x40/0x58 [ 18.623562] __kasan_kmalloc+0xd4/0xd8 [ 18.623639] __kmalloc_noprof+0x198/0x4c8 [ 18.624019] kunit_kmalloc_array+0x34/0x88 [ 18.624142] copy_user_test_oob+0xac/0xec8 [ 18.624228] kunit_try_run_case+0x170/0x3f0 [ 18.624364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.624414] kthread+0x328/0x630 [ 18.624479] ret_from_fork+0x10/0x20 [ 18.624789] [ 18.624819] The buggy address belongs to the object at fff00000c648f500 [ 18.624819] which belongs to the cache kmalloc-128 of size 128 [ 18.625281] The buggy address is located 0 bytes inside of [ 18.625281] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.625398] [ 18.625475] The buggy address belongs to the physical page: [ 18.625511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.625579] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.625640] page_type: f5(slab) [ 18.625680] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.625735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.625787] page dumped because: kasan: bad access detected [ 18.625831] [ 18.625874] Memory state around the buggy address: [ 18.625922] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.625970] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626016] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.626058] ^ [ 18.626103] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626149] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626191] ================================================================== [ 18.611865] ================================================================== [ 18.612089] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.612175] Write of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.612249] [ 18.612344] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.612437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.612465] Hardware name: linux,dummy-virt (DT) [ 18.612803] Call trace: [ 18.612847] show_stack+0x20/0x38 (C) [ 18.613243] dump_stack_lvl+0x8c/0xd0 [ 18.613343] print_report+0x118/0x5d0 [ 18.613445] kasan_report+0xdc/0x128 [ 18.613738] kasan_check_range+0x100/0x1a8 [ 18.613818] __kasan_check_write+0x20/0x30 [ 18.613943] copy_user_test_oob+0x35c/0xec8 [ 18.614018] kunit_try_run_case+0x170/0x3f0 [ 18.614109] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.614185] kthread+0x328/0x630 [ 18.614231] ret_from_fork+0x10/0x20 [ 18.614286] [ 18.614344] Allocated by task 285: [ 18.614401] kasan_save_stack+0x3c/0x68 [ 18.614454] kasan_save_track+0x20/0x40 [ 18.614805] kasan_save_alloc_info+0x40/0x58 [ 18.615151] __kasan_kmalloc+0xd4/0xd8 [ 18.615249] __kmalloc_noprof+0x198/0x4c8 [ 18.615324] kunit_kmalloc_array+0x34/0x88 [ 18.615403] copy_user_test_oob+0xac/0xec8 [ 18.615513] kunit_try_run_case+0x170/0x3f0 [ 18.615603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.615746] kthread+0x328/0x630 [ 18.615804] ret_from_fork+0x10/0x20 [ 18.615844] [ 18.616081] The buggy address belongs to the object at fff00000c648f500 [ 18.616081] which belongs to the cache kmalloc-128 of size 128 [ 18.616324] The buggy address is located 0 bytes inside of [ 18.616324] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.616437] [ 18.616648] The buggy address belongs to the physical page: [ 18.616869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.616937] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.616991] page_type: f5(slab) [ 18.617375] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.617447] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.617781] page dumped because: kasan: bad access detected [ 18.617905] [ 18.617953] Memory state around the buggy address: [ 18.618027] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.618187] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.618247] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.618600] ^ [ 18.618679] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.619045] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.619145] ================================================================== [ 18.627013] ================================================================== [ 18.627358] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.627435] Write of size 121 at addr fff00000c648f500 by task kunit_try_catch/285 [ 18.627620] [ 18.627790] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.628011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.628307] Hardware name: linux,dummy-virt (DT) [ 18.628617] Call trace: [ 18.628666] show_stack+0x20/0x38 (C) [ 18.628722] dump_stack_lvl+0x8c/0xd0 [ 18.628843] print_report+0x118/0x5d0 [ 18.628915] kasan_report+0xdc/0x128 [ 18.628962] kasan_check_range+0x100/0x1a8 [ 18.629295] __kasan_check_write+0x20/0x30 [ 18.629356] copy_user_test_oob+0x434/0xec8 [ 18.629678] kunit_try_run_case+0x170/0x3f0 [ 18.629845] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.630030] kthread+0x328/0x630 [ 18.630084] ret_from_fork+0x10/0x20 [ 18.630414] [ 18.630475] Allocated by task 285: [ 18.630510] kasan_save_stack+0x3c/0x68 [ 18.630666] kasan_save_track+0x20/0x40 [ 18.630750] kasan_save_alloc_info+0x40/0x58 [ 18.630820] __kasan_kmalloc+0xd4/0xd8 [ 18.631120] __kmalloc_noprof+0x198/0x4c8 [ 18.631321] kunit_kmalloc_array+0x34/0x88 [ 18.631401] copy_user_test_oob+0xac/0xec8 [ 18.631724] kunit_try_run_case+0x170/0x3f0 [ 18.631818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.632180] kthread+0x328/0x630 [ 18.632312] ret_from_fork+0x10/0x20 [ 18.632400] [ 18.632463] The buggy address belongs to the object at fff00000c648f500 [ 18.632463] which belongs to the cache kmalloc-128 of size 128 [ 18.632820] The buggy address is located 0 bytes inside of [ 18.632820] allocated 120-byte region [fff00000c648f500, fff00000c648f578) [ 18.633286] [ 18.633334] The buggy address belongs to the physical page: [ 18.633394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648f [ 18.633838] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.633932] page_type: f5(slab) [ 18.634013] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.634147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.634219] page dumped because: kasan: bad access detected [ 18.634262] [ 18.634283] Memory state around the buggy address: [ 18.634603] fff00000c648f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.634961] fff00000c648f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.635095] >fff00000c648f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.635181] ^ [ 18.635373] fff00000c648f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.635431] fff00000c648f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.635474] ==================================================================
[ 16.465850] ================================================================== [ 16.466122] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.466405] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.466750] [ 16.466852] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.466896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.466909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.466931] Call Trace: [ 16.466947] <TASK> [ 16.466965] dump_stack_lvl+0x73/0xb0 [ 16.466994] print_report+0xd1/0x610 [ 16.467016] ? __virt_addr_valid+0x1db/0x2d0 [ 16.467039] ? copy_user_test_oob+0x557/0x10f0 [ 16.467064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.467087] ? copy_user_test_oob+0x557/0x10f0 [ 16.467112] kasan_report+0x141/0x180 [ 16.467148] ? copy_user_test_oob+0x557/0x10f0 [ 16.467177] kasan_check_range+0x10c/0x1c0 [ 16.467201] __kasan_check_write+0x18/0x20 [ 16.467221] copy_user_test_oob+0x557/0x10f0 [ 16.467247] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.467271] ? finish_task_switch.isra.0+0x153/0x700 [ 16.467294] ? __switch_to+0x47/0xf50 [ 16.467320] ? __schedule+0x10c6/0x2b60 [ 16.467343] ? __pfx_read_tsc+0x10/0x10 [ 16.467365] ? ktime_get_ts64+0x86/0x230 [ 16.467389] kunit_try_run_case+0x1a5/0x480 [ 16.467414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.467462] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.467487] ? __kthread_parkme+0x82/0x180 [ 16.467509] ? preempt_count_sub+0x50/0x80 [ 16.467533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.467582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.467607] kthread+0x337/0x6f0 [ 16.467628] ? trace_preempt_on+0x20/0xc0 [ 16.467651] ? __pfx_kthread+0x10/0x10 [ 16.467673] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.467696] ? calculate_sigpending+0x7b/0xa0 [ 16.467720] ? __pfx_kthread+0x10/0x10 [ 16.467743] ret_from_fork+0x116/0x1d0 [ 16.467762] ? __pfx_kthread+0x10/0x10 [ 16.467783] ret_from_fork_asm+0x1a/0x30 [ 16.467824] </TASK> [ 16.467835] [ 16.475993] Allocated by task 302: [ 16.476238] kasan_save_stack+0x45/0x70 [ 16.476389] kasan_save_track+0x18/0x40 [ 16.476528] kasan_save_alloc_info+0x3b/0x50 [ 16.476683] __kasan_kmalloc+0xb7/0xc0 [ 16.476829] __kmalloc_noprof+0x1c9/0x500 [ 16.476986] kunit_kmalloc_array+0x25/0x60 [ 16.477138] copy_user_test_oob+0xab/0x10f0 [ 16.478240] kunit_try_run_case+0x1a5/0x480 [ 16.478745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.479464] kthread+0x337/0x6f0 [ 16.480039] ret_from_fork+0x116/0x1d0 [ 16.480612] ret_from_fork_asm+0x1a/0x30 [ 16.481480] [ 16.481746] The buggy address belongs to the object at ffff888102b16500 [ 16.481746] which belongs to the cache kmalloc-128 of size 128 [ 16.483464] The buggy address is located 0 bytes inside of [ 16.483464] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.484341] [ 16.484591] The buggy address belongs to the physical page: [ 16.485459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.486057] flags: 0x200000000000000(node=0|zone=2) [ 16.486848] page_type: f5(slab) [ 16.487304] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.487553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.487788] page dumped because: kasan: bad access detected [ 16.488184] [ 16.488308] Memory state around the buggy address: [ 16.488805] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.489155] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.489802] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.490341] ^ [ 16.490828] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.491048] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.491727] ================================================================== [ 16.441662] ================================================================== [ 16.441983] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.442341] Read of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.442580] [ 16.442692] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.442735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.442748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.442770] Call Trace: [ 16.442783] <TASK> [ 16.442797] dump_stack_lvl+0x73/0xb0 [ 16.442835] print_report+0xd1/0x610 [ 16.442858] ? __virt_addr_valid+0x1db/0x2d0 [ 16.442881] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.442905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.442928] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.442953] kasan_report+0x141/0x180 [ 16.442976] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.443005] kasan_check_range+0x10c/0x1c0 [ 16.443030] __kasan_check_read+0x15/0x20 [ 16.443050] copy_user_test_oob+0x4aa/0x10f0 [ 16.443076] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.443099] ? finish_task_switch.isra.0+0x153/0x700 [ 16.443134] ? __switch_to+0x47/0xf50 [ 16.443161] ? __schedule+0x10c6/0x2b60 [ 16.443183] ? __pfx_read_tsc+0x10/0x10 [ 16.443205] ? ktime_get_ts64+0x86/0x230 [ 16.443230] kunit_try_run_case+0x1a5/0x480 [ 16.443255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.443279] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.443303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.443328] ? __kthread_parkme+0x82/0x180 [ 16.443350] ? preempt_count_sub+0x50/0x80 [ 16.443374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.443399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.443424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.443449] kthread+0x337/0x6f0 [ 16.443470] ? trace_preempt_on+0x20/0xc0 [ 16.443494] ? __pfx_kthread+0x10/0x10 [ 16.443515] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.443538] ? calculate_sigpending+0x7b/0xa0 [ 16.443562] ? __pfx_kthread+0x10/0x10 [ 16.443585] ret_from_fork+0x116/0x1d0 [ 16.443605] ? __pfx_kthread+0x10/0x10 [ 16.443626] ret_from_fork_asm+0x1a/0x30 [ 16.443657] </TASK> [ 16.443669] [ 16.456982] Allocated by task 302: [ 16.457368] kasan_save_stack+0x45/0x70 [ 16.457728] kasan_save_track+0x18/0x40 [ 16.458106] kasan_save_alloc_info+0x3b/0x50 [ 16.458513] __kasan_kmalloc+0xb7/0xc0 [ 16.458761] __kmalloc_noprof+0x1c9/0x500 [ 16.458915] kunit_kmalloc_array+0x25/0x60 [ 16.459064] copy_user_test_oob+0xab/0x10f0 [ 16.459238] kunit_try_run_case+0x1a5/0x480 [ 16.459387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.459565] kthread+0x337/0x6f0 [ 16.459689] ret_from_fork+0x116/0x1d0 [ 16.459834] ret_from_fork_asm+0x1a/0x30 [ 16.459996] [ 16.460096] The buggy address belongs to the object at ffff888102b16500 [ 16.460096] which belongs to the cache kmalloc-128 of size 128 [ 16.460575] The buggy address is located 0 bytes inside of [ 16.460575] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.461065] [ 16.461184] The buggy address belongs to the physical page: [ 16.461402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.461691] flags: 0x200000000000000(node=0|zone=2) [ 16.461873] page_type: f5(slab) [ 16.462035] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.462396] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.462681] page dumped because: kasan: bad access detected [ 16.462955] [ 16.463053] Memory state around the buggy address: [ 16.463467] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.463753] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.464016] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.464360] ^ [ 16.464739] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.465044] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.465357] ================================================================== [ 16.492805] ================================================================== [ 16.493499] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.493741] Read of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.493987] [ 16.494105] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.494152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.494166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.494188] Call Trace: [ 16.494241] <TASK> [ 16.494258] dump_stack_lvl+0x73/0xb0 [ 16.494300] print_report+0xd1/0x610 [ 16.494324] ? __virt_addr_valid+0x1db/0x2d0 [ 16.494346] ? copy_user_test_oob+0x604/0x10f0 [ 16.494385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.494408] ? copy_user_test_oob+0x604/0x10f0 [ 16.494432] kasan_report+0x141/0x180 [ 16.494456] ? copy_user_test_oob+0x604/0x10f0 [ 16.494485] kasan_check_range+0x10c/0x1c0 [ 16.494510] __kasan_check_read+0x15/0x20 [ 16.494530] copy_user_test_oob+0x604/0x10f0 [ 16.494557] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.494580] ? finish_task_switch.isra.0+0x153/0x700 [ 16.494604] ? __switch_to+0x47/0xf50 [ 16.494629] ? __schedule+0x10c6/0x2b60 [ 16.494653] ? __pfx_read_tsc+0x10/0x10 [ 16.494674] ? ktime_get_ts64+0x86/0x230 [ 16.494698] kunit_try_run_case+0x1a5/0x480 [ 16.494723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.494747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.494771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.494796] ? __kthread_parkme+0x82/0x180 [ 16.494852] ? preempt_count_sub+0x50/0x80 [ 16.494876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.494901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.494936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.494961] kthread+0x337/0x6f0 [ 16.494982] ? trace_preempt_on+0x20/0xc0 [ 16.495005] ? __pfx_kthread+0x10/0x10 [ 16.495027] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.495050] ? calculate_sigpending+0x7b/0xa0 [ 16.495080] ? __pfx_kthread+0x10/0x10 [ 16.495116] ret_from_fork+0x116/0x1d0 [ 16.495136] ? __pfx_kthread+0x10/0x10 [ 16.495156] ret_from_fork_asm+0x1a/0x30 [ 16.495188] </TASK> [ 16.495199] [ 16.508523] Allocated by task 302: [ 16.508903] kasan_save_stack+0x45/0x70 [ 16.509205] kasan_save_track+0x18/0x40 [ 16.509494] kasan_save_alloc_info+0x3b/0x50 [ 16.509652] __kasan_kmalloc+0xb7/0xc0 [ 16.509788] __kmalloc_noprof+0x1c9/0x500 [ 16.509938] kunit_kmalloc_array+0x25/0x60 [ 16.510081] copy_user_test_oob+0xab/0x10f0 [ 16.510537] kunit_try_run_case+0x1a5/0x480 [ 16.510966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.511450] kthread+0x337/0x6f0 [ 16.511787] ret_from_fork+0x116/0x1d0 [ 16.512188] ret_from_fork_asm+0x1a/0x30 [ 16.512641] [ 16.512904] The buggy address belongs to the object at ffff888102b16500 [ 16.512904] which belongs to the cache kmalloc-128 of size 128 [ 16.514250] The buggy address is located 0 bytes inside of [ 16.514250] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.514616] [ 16.514691] The buggy address belongs to the physical page: [ 16.514883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.515203] flags: 0x200000000000000(node=0|zone=2) [ 16.515484] page_type: f5(slab) [ 16.515662] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.515985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.516709] page dumped because: kasan: bad access detected [ 16.517000] [ 16.517081] Memory state around the buggy address: [ 16.517405] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.517734] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.518053] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.518310] ^ [ 16.518631] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.518941] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.519507] ================================================================== [ 16.424315] ================================================================== [ 16.424657] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.424970] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.425316] [ 16.425438] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.425484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.425497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.425519] Call Trace: [ 16.425533] <TASK> [ 16.425549] dump_stack_lvl+0x73/0xb0 [ 16.425579] print_report+0xd1/0x610 [ 16.425602] ? __virt_addr_valid+0x1db/0x2d0 [ 16.425627] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.425675] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425701] kasan_report+0x141/0x180 [ 16.425725] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425755] kasan_check_range+0x10c/0x1c0 [ 16.425780] __kasan_check_write+0x18/0x20 [ 16.425800] copy_user_test_oob+0x3fd/0x10f0 [ 16.425838] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.425862] ? finish_task_switch.isra.0+0x153/0x700 [ 16.425886] ? __switch_to+0x47/0xf50 [ 16.425913] ? __schedule+0x10c6/0x2b60 [ 16.425937] ? __pfx_read_tsc+0x10/0x10 [ 16.425959] ? ktime_get_ts64+0x86/0x230 [ 16.425984] kunit_try_run_case+0x1a5/0x480 [ 16.426010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.426059] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.426084] ? __kthread_parkme+0x82/0x180 [ 16.426115] ? preempt_count_sub+0x50/0x80 [ 16.426140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.426190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.426216] kthread+0x337/0x6f0 [ 16.426236] ? trace_preempt_on+0x20/0xc0 [ 16.426261] ? __pfx_kthread+0x10/0x10 [ 16.426283] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.426306] ? calculate_sigpending+0x7b/0xa0 [ 16.426330] ? __pfx_kthread+0x10/0x10 [ 16.426353] ret_from_fork+0x116/0x1d0 [ 16.426373] ? __pfx_kthread+0x10/0x10 [ 16.426395] ret_from_fork_asm+0x1a/0x30 [ 16.426426] </TASK> [ 16.426438] [ 16.433664] Allocated by task 302: [ 16.433841] kasan_save_stack+0x45/0x70 [ 16.434024] kasan_save_track+0x18/0x40 [ 16.434233] kasan_save_alloc_info+0x3b/0x50 [ 16.434427] __kasan_kmalloc+0xb7/0xc0 [ 16.434597] __kmalloc_noprof+0x1c9/0x500 [ 16.434771] kunit_kmalloc_array+0x25/0x60 [ 16.434976] copy_user_test_oob+0xab/0x10f0 [ 16.435204] kunit_try_run_case+0x1a5/0x480 [ 16.435389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.435599] kthread+0x337/0x6f0 [ 16.435760] ret_from_fork+0x116/0x1d0 [ 16.435948] ret_from_fork_asm+0x1a/0x30 [ 16.436106] [ 16.436207] The buggy address belongs to the object at ffff888102b16500 [ 16.436207] which belongs to the cache kmalloc-128 of size 128 [ 16.436686] The buggy address is located 0 bytes inside of [ 16.436686] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.437124] [ 16.437220] The buggy address belongs to the physical page: [ 16.437459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.437747] flags: 0x200000000000000(node=0|zone=2) [ 16.437996] page_type: f5(slab) [ 16.438160] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.438463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.438769] page dumped because: kasan: bad access detected [ 16.439008] [ 16.439093] Memory state around the buggy address: [ 16.439287] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.439557] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.439777] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.440004] ^ [ 16.440295] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440878] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.441112] ==================================================================