Date
July 18, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.611545] ================================================================== [ 18.611604] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 18.611656] Write of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.611711] [ 18.612272] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.612398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.612747] Hardware name: linux,dummy-virt (DT) [ 18.612825] Call trace: [ 18.612852] show_stack+0x20/0x38 (C) [ 18.612906] dump_stack_lvl+0x8c/0xd0 [ 18.612962] print_report+0x118/0x5d0 [ 18.613106] kasan_report+0xdc/0x128 [ 18.613159] kasan_check_range+0x100/0x1a8 [ 18.613237] __kasan_check_write+0x20/0x30 [ 18.613396] copy_user_test_oob+0x35c/0xec8 [ 18.613447] kunit_try_run_case+0x170/0x3f0 [ 18.613502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.613747] kthread+0x328/0x630 [ 18.614048] ret_from_fork+0x10/0x20 [ 18.614161] [ 18.614259] Allocated by task 285: [ 18.614352] kasan_save_stack+0x3c/0x68 [ 18.614406] kasan_save_track+0x20/0x40 [ 18.614640] kasan_save_alloc_info+0x40/0x58 [ 18.614831] __kasan_kmalloc+0xd4/0xd8 [ 18.614913] __kmalloc_noprof+0x198/0x4c8 [ 18.615106] kunit_kmalloc_array+0x34/0x88 [ 18.615295] copy_user_test_oob+0xac/0xec8 [ 18.615445] kunit_try_run_case+0x170/0x3f0 [ 18.615535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.615773] kthread+0x328/0x630 [ 18.615998] ret_from_fork+0x10/0x20 [ 18.616195] [ 18.616365] The buggy address belongs to the object at fff00000c771e200 [ 18.616365] which belongs to the cache kmalloc-128 of size 128 [ 18.616449] The buggy address is located 0 bytes inside of [ 18.616449] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.616603] [ 18.616663] The buggy address belongs to the physical page: [ 18.616743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.617137] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.617231] page_type: f5(slab) [ 18.617518] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.617614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.617735] page dumped because: kasan: bad access detected [ 18.617844] [ 18.617914] Memory state around the buggy address: [ 18.618067] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.618163] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.618226] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.618552] ^ [ 18.618741] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.618825] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.618878] ================================================================== [ 18.596106] ================================================================== [ 18.596224] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 18.596308] Read of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.596553] [ 18.596612] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.596997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.597049] Hardware name: linux,dummy-virt (DT) [ 18.597085] Call trace: [ 18.597110] show_stack+0x20/0x38 (C) [ 18.597240] dump_stack_lvl+0x8c/0xd0 [ 18.597292] print_report+0x118/0x5d0 [ 18.597460] kasan_report+0xdc/0x128 [ 18.597549] kasan_check_range+0x100/0x1a8 [ 18.597701] __kasan_check_read+0x20/0x30 [ 18.597767] copy_user_test_oob+0x728/0xec8 [ 18.597816] kunit_try_run_case+0x170/0x3f0 [ 18.598215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.598362] kthread+0x328/0x630 [ 18.598490] ret_from_fork+0x10/0x20 [ 18.598611] [ 18.598672] Allocated by task 285: [ 18.598767] kasan_save_stack+0x3c/0x68 [ 18.598847] kasan_save_track+0x20/0x40 [ 18.599164] kasan_save_alloc_info+0x40/0x58 [ 18.599233] __kasan_kmalloc+0xd4/0xd8 [ 18.599277] __kmalloc_noprof+0x198/0x4c8 [ 18.599319] kunit_kmalloc_array+0x34/0x88 [ 18.599523] copy_user_test_oob+0xac/0xec8 [ 18.599714] kunit_try_run_case+0x170/0x3f0 [ 18.599911] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.600060] kthread+0x328/0x630 [ 18.600099] ret_from_fork+0x10/0x20 [ 18.600156] [ 18.600240] The buggy address belongs to the object at fff00000c771e200 [ 18.600240] which belongs to the cache kmalloc-128 of size 128 [ 18.600622] The buggy address is located 0 bytes inside of [ 18.600622] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.600710] [ 18.600826] The buggy address belongs to the physical page: [ 18.600906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.601056] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.601106] page_type: f5(slab) [ 18.601180] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.601406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.601625] page dumped because: kasan: bad access detected [ 18.601874] [ 18.601922] Memory state around the buggy address: [ 18.602177] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.602252] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602316] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.602367] ^ [ 18.602447] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602492] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.602534] ================================================================== [ 18.636261] ================================================================== [ 18.636337] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 18.636390] Read of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.636844] [ 18.637073] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.637272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.637311] Hardware name: linux,dummy-virt (DT) [ 18.637545] Call trace: [ 18.637594] show_stack+0x20/0x38 (C) [ 18.637659] dump_stack_lvl+0x8c/0xd0 [ 18.637723] print_report+0x118/0x5d0 [ 18.637782] kasan_report+0xdc/0x128 [ 18.637841] kasan_check_range+0x100/0x1a8 [ 18.637902] __kasan_check_read+0x20/0x30 [ 18.637949] copy_user_test_oob+0x4a0/0xec8 [ 18.637999] kunit_try_run_case+0x170/0x3f0 [ 18.638056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.638111] kthread+0x328/0x630 [ 18.638154] ret_from_fork+0x10/0x20 [ 18.638213] [ 18.638234] Allocated by task 285: [ 18.638272] kasan_save_stack+0x3c/0x68 [ 18.638316] kasan_save_track+0x20/0x40 [ 18.638369] kasan_save_alloc_info+0x40/0x58 [ 18.638411] __kasan_kmalloc+0xd4/0xd8 [ 18.638452] __kmalloc_noprof+0x198/0x4c8 [ 18.638490] kunit_kmalloc_array+0x34/0x88 [ 18.638530] copy_user_test_oob+0xac/0xec8 [ 18.638578] kunit_try_run_case+0x170/0x3f0 [ 18.638618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.638665] kthread+0x328/0x630 [ 18.638699] ret_from_fork+0x10/0x20 [ 18.638747] [ 18.638777] The buggy address belongs to the object at fff00000c771e200 [ 18.638777] which belongs to the cache kmalloc-128 of size 128 [ 18.638836] The buggy address is located 0 bytes inside of [ 18.638836] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.638900] [ 18.638923] The buggy address belongs to the physical page: [ 18.638956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.639010] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.639060] page_type: f5(slab) [ 18.639109] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.639163] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.639205] page dumped because: kasan: bad access detected [ 18.639239] [ 18.639260] Memory state around the buggy address: [ 18.639294] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.639349] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.639555] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.639751] ^ [ 18.640013] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.640318] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.640508] ================================================================== [ 18.581300] ================================================================== [ 18.582407] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 18.582494] Write of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.582909] [ 18.583273] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.583490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.583571] Hardware name: linux,dummy-virt (DT) [ 18.583983] Call trace: [ 18.584039] show_stack+0x20/0x38 (C) [ 18.584365] dump_stack_lvl+0x8c/0xd0 [ 18.584546] print_report+0x118/0x5d0 [ 18.584621] kasan_report+0xdc/0x128 [ 18.584991] kasan_check_range+0x100/0x1a8 [ 18.585070] __kasan_check_write+0x20/0x30 [ 18.585120] copy_user_test_oob+0x234/0xec8 [ 18.585170] kunit_try_run_case+0x170/0x3f0 [ 18.585253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.585362] kthread+0x328/0x630 [ 18.585422] ret_from_fork+0x10/0x20 [ 18.585870] [ 18.585920] Allocated by task 285: [ 18.585991] kasan_save_stack+0x3c/0x68 [ 18.586157] kasan_save_track+0x20/0x40 [ 18.586206] kasan_save_alloc_info+0x40/0x58 [ 18.586255] __kasan_kmalloc+0xd4/0xd8 [ 18.586319] __kmalloc_noprof+0x198/0x4c8 [ 18.586381] kunit_kmalloc_array+0x34/0x88 [ 18.586423] copy_user_test_oob+0xac/0xec8 [ 18.586462] kunit_try_run_case+0x170/0x3f0 [ 18.586503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.586559] kthread+0x328/0x630 [ 18.586596] ret_from_fork+0x10/0x20 [ 18.586636] [ 18.586667] The buggy address belongs to the object at fff00000c771e200 [ 18.586667] which belongs to the cache kmalloc-128 of size 128 [ 18.586731] The buggy address is located 0 bytes inside of [ 18.586731] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.586794] [ 18.586826] The buggy address belongs to the physical page: [ 18.586870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.586941] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.587020] page_type: f5(slab) [ 18.587067] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.587121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.587171] page dumped because: kasan: bad access detected [ 18.587207] [ 18.587237] Memory state around the buggy address: [ 18.587285] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.587350] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.587897] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.587967] ^ [ 18.588040] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.588119] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.588514] ================================================================== [ 18.627391] ================================================================== [ 18.627659] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 18.627865] Write of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.628051] [ 18.628137] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.628265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.628587] Hardware name: linux,dummy-virt (DT) [ 18.628631] Call trace: [ 18.628658] show_stack+0x20/0x38 (C) [ 18.628714] dump_stack_lvl+0x8c/0xd0 [ 18.628812] print_report+0x118/0x5d0 [ 18.628864] kasan_report+0xdc/0x128 [ 18.628911] kasan_check_range+0x100/0x1a8 [ 18.629412] __kasan_check_write+0x20/0x30 [ 18.629517] copy_user_test_oob+0x434/0xec8 [ 18.629592] kunit_try_run_case+0x170/0x3f0 [ 18.629868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.630103] kthread+0x328/0x630 [ 18.630188] ret_from_fork+0x10/0x20 [ 18.630287] [ 18.630411] Allocated by task 285: [ 18.630488] kasan_save_stack+0x3c/0x68 [ 18.630535] kasan_save_track+0x20/0x40 [ 18.630574] kasan_save_alloc_info+0x40/0x58 [ 18.630826] __kasan_kmalloc+0xd4/0xd8 [ 18.630994] __kmalloc_noprof+0x198/0x4c8 [ 18.631068] kunit_kmalloc_array+0x34/0x88 [ 18.631315] copy_user_test_oob+0xac/0xec8 [ 18.631492] kunit_try_run_case+0x170/0x3f0 [ 18.631575] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.631706] kthread+0x328/0x630 [ 18.631784] ret_from_fork+0x10/0x20 [ 18.631873] [ 18.631925] The buggy address belongs to the object at fff00000c771e200 [ 18.631925] which belongs to the cache kmalloc-128 of size 128 [ 18.632350] The buggy address is located 0 bytes inside of [ 18.632350] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.632458] [ 18.632785] The buggy address belongs to the physical page: [ 18.632842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.633053] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.633162] page_type: f5(slab) [ 18.633231] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.633489] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.633674] page dumped because: kasan: bad access detected [ 18.633738] [ 18.633917] Memory state around the buggy address: [ 18.634142] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.634214] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.634556] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.634662] ^ [ 18.634814] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.634910] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.635138] ================================================================== [ 18.620248] ================================================================== [ 18.620504] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 18.620667] Read of size 121 at addr fff00000c771e200 by task kunit_try_catch/285 [ 18.620730] [ 18.620940] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.621145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.621365] Hardware name: linux,dummy-virt (DT) [ 18.621411] Call trace: [ 18.621436] show_stack+0x20/0x38 (C) [ 18.621702] dump_stack_lvl+0x8c/0xd0 [ 18.621856] print_report+0x118/0x5d0 [ 18.621949] kasan_report+0xdc/0x128 [ 18.622046] kasan_check_range+0x100/0x1a8 [ 18.622338] __kasan_check_read+0x20/0x30 [ 18.622602] copy_user_test_oob+0x3c8/0xec8 [ 18.622686] kunit_try_run_case+0x170/0x3f0 [ 18.622760] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.622989] kthread+0x328/0x630 [ 18.623143] ret_from_fork+0x10/0x20 [ 18.623217] [ 18.623241] Allocated by task 285: [ 18.623345] kasan_save_stack+0x3c/0x68 [ 18.623391] kasan_save_track+0x20/0x40 [ 18.623432] kasan_save_alloc_info+0x40/0x58 [ 18.623476] __kasan_kmalloc+0xd4/0xd8 [ 18.623513] __kmalloc_noprof+0x198/0x4c8 [ 18.623564] kunit_kmalloc_array+0x34/0x88 [ 18.623622] copy_user_test_oob+0xac/0xec8 [ 18.623670] kunit_try_run_case+0x170/0x3f0 [ 18.623716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.623762] kthread+0x328/0x630 [ 18.623803] ret_from_fork+0x10/0x20 [ 18.623840] [ 18.623863] The buggy address belongs to the object at fff00000c771e200 [ 18.623863] which belongs to the cache kmalloc-128 of size 128 [ 18.623922] The buggy address is located 0 bytes inside of [ 18.623922] allocated 120-byte region [fff00000c771e200, fff00000c771e278) [ 18.623999] [ 18.624041] The buggy address belongs to the physical page: [ 18.624091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771e [ 18.624144] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.624204] page_type: f5(slab) [ 18.624242] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.624294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.624370] page dumped because: kasan: bad access detected [ 18.624918] [ 18.625188] Memory state around the buggy address: [ 18.625263] fff00000c771e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.625372] fff00000c771e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.625435] >fff00000c771e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.625500] ^ [ 18.625754] fff00000c771e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626017] fff00000c771e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.626066] ==================================================================
[ 16.364227] ================================================================== [ 16.364630] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.364955] Read of size 121 at addr ffff8881039ee400 by task kunit_try_catch/304 [ 16.365293] [ 16.365400] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.365443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.365456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.365477] Call Trace: [ 16.365492] <TASK> [ 16.365505] dump_stack_lvl+0x73/0xb0 [ 16.365543] print_report+0xd1/0x610 [ 16.365566] ? __virt_addr_valid+0x1db/0x2d0 [ 16.365588] ? copy_user_test_oob+0x604/0x10f0 [ 16.365624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.365657] ? copy_user_test_oob+0x604/0x10f0 [ 16.365682] kasan_report+0x141/0x180 [ 16.365705] ? copy_user_test_oob+0x604/0x10f0 [ 16.365744] kasan_check_range+0x10c/0x1c0 [ 16.365768] __kasan_check_read+0x15/0x20 [ 16.365788] copy_user_test_oob+0x604/0x10f0 [ 16.365823] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.365848] ? __kasan_check_write+0x18/0x20 [ 16.365867] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.365905] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.365930] ? __pfx_read_tsc+0x10/0x10 [ 16.365952] ? ktime_get_ts64+0x86/0x230 [ 16.365984] kunit_try_run_case+0x1a5/0x480 [ 16.366009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.366031] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.366065] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.366090] ? __kthread_parkme+0x82/0x180 [ 16.366110] ? preempt_count_sub+0x50/0x80 [ 16.366144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.366168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.366192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.366228] kthread+0x337/0x6f0 [ 16.366248] ? trace_preempt_on+0x20/0xc0 [ 16.366271] ? __pfx_kthread+0x10/0x10 [ 16.366293] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.366315] ? calculate_sigpending+0x7b/0xa0 [ 16.366348] ? __pfx_kthread+0x10/0x10 [ 16.366370] ret_from_fork+0x116/0x1d0 [ 16.366388] ? __pfx_kthread+0x10/0x10 [ 16.366409] ret_from_fork_asm+0x1a/0x30 [ 16.366441] </TASK> [ 16.366452] [ 16.374023] Allocated by task 304: [ 16.374457] kasan_save_stack+0x45/0x70 [ 16.374934] kasan_save_track+0x18/0x40 [ 16.375552] kasan_save_alloc_info+0x3b/0x50 [ 16.376019] __kasan_kmalloc+0xb7/0xc0 [ 16.376545] __kmalloc_noprof+0x1c9/0x500 [ 16.376874] kunit_kmalloc_array+0x25/0x60 [ 16.377081] copy_user_test_oob+0xab/0x10f0 [ 16.377281] kunit_try_run_case+0x1a5/0x480 [ 16.378223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.378429] kthread+0x337/0x6f0 [ 16.378690] ret_from_fork+0x116/0x1d0 [ 16.378862] ret_from_fork_asm+0x1a/0x30 [ 16.379044] [ 16.379137] The buggy address belongs to the object at ffff8881039ee400 [ 16.379137] which belongs to the cache kmalloc-128 of size 128 [ 16.380128] The buggy address is located 0 bytes inside of [ 16.380128] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.381049] [ 16.381315] The buggy address belongs to the physical page: [ 16.381601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.381925] flags: 0x200000000000000(node=0|zone=2) [ 16.382130] page_type: f5(slab) [ 16.382288] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.383021] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.383489] page dumped because: kasan: bad access detected [ 16.383874] [ 16.383968] Memory state around the buggy address: [ 16.384172] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.384435] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.384685] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.385022] ^ [ 16.385305] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.385675] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.385948] ================================================================== [ 16.345176] ================================================================== [ 16.345529] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.345838] Write of size 121 at addr ffff8881039ee400 by task kunit_try_catch/304 [ 16.346167] [ 16.346251] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.346292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.346305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.346337] Call Trace: [ 16.346353] <TASK> [ 16.346368] dump_stack_lvl+0x73/0xb0 [ 16.346396] print_report+0xd1/0x610 [ 16.346418] ? __virt_addr_valid+0x1db/0x2d0 [ 16.346441] ? copy_user_test_oob+0x557/0x10f0 [ 16.346465] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.346488] ? copy_user_test_oob+0x557/0x10f0 [ 16.346524] kasan_report+0x141/0x180 [ 16.346557] ? copy_user_test_oob+0x557/0x10f0 [ 16.346585] kasan_check_range+0x10c/0x1c0 [ 16.346610] __kasan_check_write+0x18/0x20 [ 16.346642] copy_user_test_oob+0x557/0x10f0 [ 16.346669] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.346694] ? __kasan_check_write+0x18/0x20 [ 16.346714] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.346740] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.346765] ? __pfx_read_tsc+0x10/0x10 [ 16.346785] ? ktime_get_ts64+0x86/0x230 [ 16.346810] kunit_try_run_case+0x1a5/0x480 [ 16.346834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.346859] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.346883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.346916] ? __kthread_parkme+0x82/0x180 [ 16.346938] ? preempt_count_sub+0x50/0x80 [ 16.346962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.346999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.347025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.347050] kthread+0x337/0x6f0 [ 16.347071] ? trace_preempt_on+0x20/0xc0 [ 16.347103] ? __pfx_kthread+0x10/0x10 [ 16.347123] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.347146] ? calculate_sigpending+0x7b/0xa0 [ 16.347181] ? __pfx_kthread+0x10/0x10 [ 16.347202] ret_from_fork+0x116/0x1d0 [ 16.347222] ? __pfx_kthread+0x10/0x10 [ 16.347243] ret_from_fork_asm+0x1a/0x30 [ 16.347282] </TASK> [ 16.347292] [ 16.355078] Allocated by task 304: [ 16.355265] kasan_save_stack+0x45/0x70 [ 16.355481] kasan_save_track+0x18/0x40 [ 16.355671] kasan_save_alloc_info+0x3b/0x50 [ 16.355856] __kasan_kmalloc+0xb7/0xc0 [ 16.356055] __kmalloc_noprof+0x1c9/0x500 [ 16.356230] kunit_kmalloc_array+0x25/0x60 [ 16.356398] copy_user_test_oob+0xab/0x10f0 [ 16.356741] kunit_try_run_case+0x1a5/0x480 [ 16.356945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.357196] kthread+0x337/0x6f0 [ 16.357385] ret_from_fork+0x116/0x1d0 [ 16.357575] ret_from_fork_asm+0x1a/0x30 [ 16.357770] [ 16.357848] The buggy address belongs to the object at ffff8881039ee400 [ 16.357848] which belongs to the cache kmalloc-128 of size 128 [ 16.358378] The buggy address is located 0 bytes inside of [ 16.358378] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.358900] [ 16.359006] The buggy address belongs to the physical page: [ 16.359254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.359646] flags: 0x200000000000000(node=0|zone=2) [ 16.359873] page_type: f5(slab) [ 16.360041] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.360297] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.360806] page dumped because: kasan: bad access detected [ 16.361047] [ 16.361119] Memory state around the buggy address: [ 16.361299] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.361817] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.362151] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.362403] ^ [ 16.362904] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.363181] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.363466] ================================================================== [ 16.307586] ================================================================== [ 16.307906] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.308263] Write of size 121 at addr ffff8881039ee400 by task kunit_try_catch/304 [ 16.308663] [ 16.308791] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.308847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.308860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.308882] Call Trace: [ 16.308895] <TASK> [ 16.308920] dump_stack_lvl+0x73/0xb0 [ 16.308948] print_report+0xd1/0x610 [ 16.308971] ? __virt_addr_valid+0x1db/0x2d0 [ 16.309009] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.309034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.309058] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.309091] kasan_report+0x141/0x180 [ 16.309114] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.309143] kasan_check_range+0x10c/0x1c0 [ 16.309177] __kasan_check_write+0x18/0x20 [ 16.309197] copy_user_test_oob+0x3fd/0x10f0 [ 16.309223] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.309249] ? __kasan_check_write+0x18/0x20 [ 16.309270] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.309297] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.309334] ? __pfx_read_tsc+0x10/0x10 [ 16.309355] ? ktime_get_ts64+0x86/0x230 [ 16.309379] kunit_try_run_case+0x1a5/0x480 [ 16.309404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.309427] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.309451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.309475] ? __kthread_parkme+0x82/0x180 [ 16.309496] ? preempt_count_sub+0x50/0x80 [ 16.309529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.309562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.309587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.309623] kthread+0x337/0x6f0 [ 16.309643] ? trace_preempt_on+0x20/0xc0 [ 16.309667] ? __pfx_kthread+0x10/0x10 [ 16.309688] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.309710] ? calculate_sigpending+0x7b/0xa0 [ 16.309734] ? __pfx_kthread+0x10/0x10 [ 16.309756] ret_from_fork+0x116/0x1d0 [ 16.309775] ? __pfx_kthread+0x10/0x10 [ 16.309796] ret_from_fork_asm+0x1a/0x30 [ 16.309827] </TASK> [ 16.309836] [ 16.317335] Allocated by task 304: [ 16.317558] kasan_save_stack+0x45/0x70 [ 16.317756] kasan_save_track+0x18/0x40 [ 16.317948] kasan_save_alloc_info+0x3b/0x50 [ 16.318158] __kasan_kmalloc+0xb7/0xc0 [ 16.318353] __kmalloc_noprof+0x1c9/0x500 [ 16.318613] kunit_kmalloc_array+0x25/0x60 [ 16.318816] copy_user_test_oob+0xab/0x10f0 [ 16.318991] kunit_try_run_case+0x1a5/0x480 [ 16.319198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.319453] kthread+0x337/0x6f0 [ 16.319745] ret_from_fork+0x116/0x1d0 [ 16.319927] ret_from_fork_asm+0x1a/0x30 [ 16.320084] [ 16.320158] The buggy address belongs to the object at ffff8881039ee400 [ 16.320158] which belongs to the cache kmalloc-128 of size 128 [ 16.320531] The buggy address is located 0 bytes inside of [ 16.320531] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.321065] [ 16.321160] The buggy address belongs to the physical page: [ 16.321429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.321858] flags: 0x200000000000000(node=0|zone=2) [ 16.322025] page_type: f5(slab) [ 16.322147] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.322421] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.323092] page dumped because: kasan: bad access detected [ 16.323381] [ 16.323474] Memory state around the buggy address: [ 16.323825] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.324142] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.324450] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.324826] ^ [ 16.325145] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.325454] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.325761] ================================================================== [ 16.326353] ================================================================== [ 16.326823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.327180] Read of size 121 at addr ffff8881039ee400 by task kunit_try_catch/304 [ 16.327550] [ 16.327663] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.327706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.327729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.327751] Call Trace: [ 16.327766] <TASK> [ 16.327781] dump_stack_lvl+0x73/0xb0 [ 16.327810] print_report+0xd1/0x610 [ 16.327832] ? __virt_addr_valid+0x1db/0x2d0 [ 16.327855] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.327890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.327914] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.327949] kasan_report+0x141/0x180 [ 16.327972] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.328001] kasan_check_range+0x10c/0x1c0 [ 16.328025] __kasan_check_read+0x15/0x20 [ 16.328046] copy_user_test_oob+0x4aa/0x10f0 [ 16.328072] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.328098] ? __kasan_check_write+0x18/0x20 [ 16.328118] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.328143] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 16.328169] ? __pfx_read_tsc+0x10/0x10 [ 16.328190] ? ktime_get_ts64+0x86/0x230 [ 16.328213] kunit_try_run_case+0x1a5/0x480 [ 16.328239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.328262] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 16.328285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.328309] ? __kthread_parkme+0x82/0x180 [ 16.328340] ? preempt_count_sub+0x50/0x80 [ 16.328364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.328389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.328413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.328438] kthread+0x337/0x6f0 [ 16.328459] ? trace_preempt_on+0x20/0xc0 [ 16.328483] ? __pfx_kthread+0x10/0x10 [ 16.328503] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.328525] ? calculate_sigpending+0x7b/0xa0 [ 16.328549] ? __pfx_kthread+0x10/0x10 [ 16.328571] ret_from_fork+0x116/0x1d0 [ 16.328590] ? __pfx_kthread+0x10/0x10 [ 16.328611] ret_from_fork_asm+0x1a/0x30 [ 16.328651] </TASK> [ 16.328661] [ 16.336594] Allocated by task 304: [ 16.336783] kasan_save_stack+0x45/0x70 [ 16.336963] kasan_save_track+0x18/0x40 [ 16.337164] kasan_save_alloc_info+0x3b/0x50 [ 16.337314] __kasan_kmalloc+0xb7/0xc0 [ 16.337459] __kmalloc_noprof+0x1c9/0x500 [ 16.337600] kunit_kmalloc_array+0x25/0x60 [ 16.337745] copy_user_test_oob+0xab/0x10f0 [ 16.337944] kunit_try_run_case+0x1a5/0x480 [ 16.338168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.338442] kthread+0x337/0x6f0 [ 16.338758] ret_from_fork+0x116/0x1d0 [ 16.338942] ret_from_fork_asm+0x1a/0x30 [ 16.339134] [ 16.339227] The buggy address belongs to the object at ffff8881039ee400 [ 16.339227] which belongs to the cache kmalloc-128 of size 128 [ 16.339751] The buggy address is located 0 bytes inside of [ 16.339751] allocated 120-byte region [ffff8881039ee400, ffff8881039ee478) [ 16.340190] [ 16.340283] The buggy address belongs to the physical page: [ 16.340628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ee [ 16.340947] flags: 0x200000000000000(node=0|zone=2) [ 16.341190] page_type: f5(slab) [ 16.341356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.341713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.342037] page dumped because: kasan: bad access detected [ 16.342297] [ 16.342403] Memory state around the buggy address: [ 16.342635] ffff8881039ee300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.342988] ffff8881039ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.343365] >ffff8881039ee400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.343700] ^ [ 16.344011] ffff8881039ee480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.344248] ffff8881039ee500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.344472] ==================================================================