Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.948247] ================================================================== [ 19.948771] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.949160] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.949782] [ 19.949830] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.950713] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.950756] Hardware name: linux,dummy-virt (DT) [ 19.951240] Call trace: [ 19.951308] show_stack+0x20/0x38 (C) [ 19.951680] dump_stack_lvl+0x8c/0xd0 [ 19.952278] print_report+0x118/0x608 [ 19.953018] kasan_report+0xdc/0x128 [ 19.953543] kasan_check_range+0x100/0x1a8 [ 19.954098] __kasan_check_read+0x20/0x30 [ 19.954161] copy_user_test_oob+0x3c8/0xec8 [ 19.954799] kunit_try_run_case+0x170/0x3f0 [ 19.955150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.955475] kthread+0x328/0x630 [ 19.956004] ret_from_fork+0x10/0x20 [ 19.956615] [ 19.956643] Allocated by task 285: [ 19.957200] kasan_save_stack+0x3c/0x68 [ 19.957962] kasan_save_track+0x20/0x40 [ 19.958026] kasan_save_alloc_info+0x40/0x58 [ 19.958072] __kasan_kmalloc+0xd4/0xd8 [ 19.958125] __kmalloc_noprof+0x198/0x4c8 [ 19.959057] kunit_kmalloc_array+0x34/0x88 [ 19.959117] copy_user_test_oob+0xac/0xec8 [ 19.959159] kunit_try_run_case+0x170/0x3f0 [ 19.959202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.959249] kthread+0x328/0x630 [ 19.960133] ret_from_fork+0x10/0x20 [ 19.960836] [ 19.961243] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.961243] which belongs to the cache kmalloc-128 of size 128 [ 19.961346] The buggy address is located 0 bytes inside of [ 19.961346] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.961459] [ 19.961516] The buggy address belongs to the physical page: [ 19.961580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.961933] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.962179] page_type: f5(slab) [ 19.962636] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.962853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.962925] page dumped because: kasan: bad access detected [ 19.962960] [ 19.963143] Memory state around the buggy address: [ 19.963359] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.963449] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.963559] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.963905] ^ [ 19.964065] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.964252] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.964344] ================================================================== [ 19.918503] ================================================================== [ 19.918598] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.918657] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.918711] [ 19.918746] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.918878] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.918913] Hardware name: linux,dummy-virt (DT) [ 19.918974] Call trace: [ 19.919045] show_stack+0x20/0x38 (C) [ 19.919159] dump_stack_lvl+0x8c/0xd0 [ 19.919240] print_report+0x118/0x608 [ 19.919307] kasan_report+0xdc/0x128 [ 19.919363] kasan_check_range+0x100/0x1a8 [ 19.919414] __kasan_check_read+0x20/0x30 [ 19.919461] copy_user_test_oob+0x728/0xec8 [ 19.919648] kunit_try_run_case+0x170/0x3f0 [ 19.919723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.919853] kthread+0x328/0x630 [ 19.919919] ret_from_fork+0x10/0x20 [ 19.919972] [ 19.920060] Allocated by task 285: [ 19.920115] kasan_save_stack+0x3c/0x68 [ 19.920160] kasan_save_track+0x20/0x40 [ 19.920452] kasan_save_alloc_info+0x40/0x58 [ 19.920574] __kasan_kmalloc+0xd4/0xd8 [ 19.920618] __kmalloc_noprof+0x198/0x4c8 [ 19.920683] kunit_kmalloc_array+0x34/0x88 [ 19.920783] copy_user_test_oob+0xac/0xec8 [ 19.920829] kunit_try_run_case+0x170/0x3f0 [ 19.920878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.920969] kthread+0x328/0x630 [ 19.921037] ret_from_fork+0x10/0x20 [ 19.921094] [ 19.921155] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.921155] which belongs to the cache kmalloc-128 of size 128 [ 19.921236] The buggy address is located 0 bytes inside of [ 19.921236] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.921328] [ 19.921356] The buggy address belongs to the physical page: [ 19.921390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.921445] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.921607] page_type: f5(slab) [ 19.921677] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.921915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.922025] page dumped because: kasan: bad access detected [ 19.922121] [ 19.922209] Memory state around the buggy address: [ 19.922279] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.922388] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922521] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.922629] ^ [ 19.922774] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922821] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922885] ================================================================== [ 19.928989] ================================================================== [ 19.929362] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.929439] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.929496] [ 19.929533] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.929624] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.929657] Hardware name: linux,dummy-virt (DT) [ 19.929691] Call trace: [ 19.929715] show_stack+0x20/0x38 (C) [ 19.929767] dump_stack_lvl+0x8c/0xd0 [ 19.929819] print_report+0x118/0x608 [ 19.929869] kasan_report+0xdc/0x128 [ 19.930022] kasan_check_range+0x100/0x1a8 [ 19.930209] __kasan_check_write+0x20/0x30 [ 19.930256] copy_user_test_oob+0x35c/0xec8 [ 19.930307] kunit_try_run_case+0x170/0x3f0 [ 19.930358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.931043] kthread+0x328/0x630 [ 19.932258] ret_from_fork+0x10/0x20 [ 19.932313] [ 19.933284] Allocated by task 285: [ 19.933618] kasan_save_stack+0x3c/0x68 [ 19.934249] kasan_save_track+0x20/0x40 [ 19.934305] kasan_save_alloc_info+0x40/0x58 [ 19.934872] __kasan_kmalloc+0xd4/0xd8 [ 19.935326] __kmalloc_noprof+0x198/0x4c8 [ 19.935496] kunit_kmalloc_array+0x34/0x88 [ 19.935757] copy_user_test_oob+0xac/0xec8 [ 19.935805] kunit_try_run_case+0x170/0x3f0 [ 19.936985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.937203] kthread+0x328/0x630 [ 19.937264] ret_from_fork+0x10/0x20 [ 19.937304] [ 19.937927] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.937927] which belongs to the cache kmalloc-128 of size 128 [ 19.938205] The buggy address is located 0 bytes inside of [ 19.938205] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.939118] [ 19.939476] The buggy address belongs to the physical page: [ 19.939576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.939639] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.939699] page_type: f5(slab) [ 19.939744] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.939799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.939843] page dumped because: kasan: bad access detected [ 19.939879] [ 19.940906] Memory state around the buggy address: [ 19.941946] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.942036] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.942096] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.942404] ^ [ 19.942911] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.943679] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.943868] ================================================================== [ 19.975613] ================================================================== [ 19.975723] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.975818] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.976052] [ 19.976214] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.976320] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.976441] Hardware name: linux,dummy-virt (DT) [ 19.976517] Call trace: [ 19.976544] show_stack+0x20/0x38 (C) [ 19.976883] dump_stack_lvl+0x8c/0xd0 [ 19.977278] print_report+0x118/0x608 [ 19.977356] kasan_report+0xdc/0x128 [ 19.977447] kasan_check_range+0x100/0x1a8 [ 19.977542] __kasan_check_read+0x20/0x30 [ 19.977725] copy_user_test_oob+0x4a0/0xec8 [ 19.977965] kunit_try_run_case+0x170/0x3f0 [ 19.978138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.978247] kthread+0x328/0x630 [ 19.978294] ret_from_fork+0x10/0x20 [ 19.978409] [ 19.978433] Allocated by task 285: [ 19.978473] kasan_save_stack+0x3c/0x68 [ 19.978519] kasan_save_track+0x20/0x40 [ 19.978691] kasan_save_alloc_info+0x40/0x58 [ 19.978744] __kasan_kmalloc+0xd4/0xd8 [ 19.978791] __kmalloc_noprof+0x198/0x4c8 [ 19.978832] kunit_kmalloc_array+0x34/0x88 [ 19.979077] copy_user_test_oob+0xac/0xec8 [ 19.979174] kunit_try_run_case+0x170/0x3f0 [ 19.979335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.979477] kthread+0x328/0x630 [ 19.979830] ret_from_fork+0x10/0x20 [ 19.979898] [ 19.979973] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.979973] which belongs to the cache kmalloc-128 of size 128 [ 19.980114] The buggy address is located 0 bytes inside of [ 19.980114] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.980480] [ 19.980536] The buggy address belongs to the physical page: [ 19.980645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.980884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.980960] page_type: f5(slab) [ 19.981308] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.981577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.981713] page dumped because: kasan: bad access detected [ 19.981813] [ 19.981926] Memory state around the buggy address: [ 19.982035] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.982105] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982151] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.982325] ^ [ 19.982377] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982615] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982684] ================================================================== [ 19.965808] ================================================================== [ 19.966133] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.966206] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.966434] [ 19.966520] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.966698] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.966732] Hardware name: linux,dummy-virt (DT) [ 19.967019] Call trace: [ 19.967274] show_stack+0x20/0x38 (C) [ 19.967372] dump_stack_lvl+0x8c/0xd0 [ 19.967429] print_report+0x118/0x608 [ 19.967760] kasan_report+0xdc/0x128 [ 19.967871] kasan_check_range+0x100/0x1a8 [ 19.968203] __kasan_check_write+0x20/0x30 [ 19.968343] copy_user_test_oob+0x434/0xec8 [ 19.968456] kunit_try_run_case+0x170/0x3f0 [ 19.968841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.969029] kthread+0x328/0x630 [ 19.969099] ret_from_fork+0x10/0x20 [ 19.969447] [ 19.969558] Allocated by task 285: [ 19.969614] kasan_save_stack+0x3c/0x68 [ 19.969677] kasan_save_track+0x20/0x40 [ 19.969995] kasan_save_alloc_info+0x40/0x58 [ 19.970071] __kasan_kmalloc+0xd4/0xd8 [ 19.970223] __kmalloc_noprof+0x198/0x4c8 [ 19.970427] kunit_kmalloc_array+0x34/0x88 [ 19.970634] copy_user_test_oob+0xac/0xec8 [ 19.970747] kunit_try_run_case+0x170/0x3f0 [ 19.970854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.970913] kthread+0x328/0x630 [ 19.971112] ret_from_fork+0x10/0x20 [ 19.971369] [ 19.971429] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.971429] which belongs to the cache kmalloc-128 of size 128 [ 19.971802] The buggy address is located 0 bytes inside of [ 19.971802] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.971997] [ 19.972074] The buggy address belongs to the physical page: [ 19.972425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.972594] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.972668] page_type: f5(slab) [ 19.972719] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.973033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.973143] page dumped because: kasan: bad access detected [ 19.973217] [ 19.973457] Memory state around the buggy address: [ 19.973545] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.973777] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.973861] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.974022] ^ [ 19.974148] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.974250] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.974470] ================================================================== [ 19.907335] ================================================================== [ 19.907762] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.907869] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.907988] [ 19.908081] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.908197] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.908228] Hardware name: linux,dummy-virt (DT) [ 19.908404] Call trace: [ 19.908444] show_stack+0x20/0x38 (C) [ 19.908502] dump_stack_lvl+0x8c/0xd0 [ 19.908556] print_report+0x118/0x608 [ 19.908606] kasan_report+0xdc/0x128 [ 19.908751] kasan_check_range+0x100/0x1a8 [ 19.908842] __kasan_check_write+0x20/0x30 [ 19.908895] copy_user_test_oob+0x234/0xec8 [ 19.909016] kunit_try_run_case+0x170/0x3f0 [ 19.909080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.909148] kthread+0x328/0x630 [ 19.909194] ret_from_fork+0x10/0x20 [ 19.909266] [ 19.909289] Allocated by task 285: [ 19.909321] kasan_save_stack+0x3c/0x68 [ 19.909368] kasan_save_track+0x20/0x40 [ 19.909566] kasan_save_alloc_info+0x40/0x58 [ 19.909644] __kasan_kmalloc+0xd4/0xd8 [ 19.909720] __kmalloc_noprof+0x198/0x4c8 [ 19.909801] kunit_kmalloc_array+0x34/0x88 [ 19.909864] copy_user_test_oob+0xac/0xec8 [ 19.909903] kunit_try_run_case+0x170/0x3f0 [ 19.909944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.909991] kthread+0x328/0x630 [ 19.910164] ret_from_fork+0x10/0x20 [ 19.910207] [ 19.910275] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.910275] which belongs to the cache kmalloc-128 of size 128 [ 19.910431] The buggy address is located 0 bytes inside of [ 19.910431] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.910556] [ 19.910633] The buggy address belongs to the physical page: [ 19.910678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.910754] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.911100] page_type: f5(slab) [ 19.911187] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.911422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.911529] page dumped because: kasan: bad access detected [ 19.911661] [ 19.911760] Memory state around the buggy address: [ 19.911858] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.911973] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912109] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.912193] ^ [ 19.912274] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912626] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912749] ==================================================================
[ 16.691608] ================================================================== [ 16.691991] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.692287] Write of size 121 at addr ffff8881029c7e00 by task kunit_try_catch/302 [ 16.692610] [ 16.692728] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.692777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.692790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.692815] Call Trace: [ 16.692828] <TASK> [ 16.692846] dump_stack_lvl+0x73/0xb0 [ 16.692875] print_report+0xd1/0x650 [ 16.692899] ? __virt_addr_valid+0x1db/0x2d0 [ 16.692924] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.692959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.692985] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.693009] kasan_report+0x141/0x180 [ 16.693033] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.693063] kasan_check_range+0x10c/0x1c0 [ 16.693087] __kasan_check_write+0x18/0x20 [ 16.693107] copy_user_test_oob+0x3fd/0x10f0 [ 16.693134] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.693158] ? finish_task_switch.isra.0+0x153/0x700 [ 16.693184] ? __switch_to+0x47/0xf50 [ 16.693211] ? __schedule+0x10cc/0x2b60 [ 16.693234] ? __pfx_read_tsc+0x10/0x10 [ 16.693256] ? ktime_get_ts64+0x86/0x230 [ 16.693282] kunit_try_run_case+0x1a5/0x480 [ 16.693308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.693332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.693357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.693382] ? __kthread_parkme+0x82/0x180 [ 16.693404] ? preempt_count_sub+0x50/0x80 [ 16.693429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.693455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.693480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.693507] kthread+0x337/0x6f0 [ 16.693526] ? trace_preempt_on+0x20/0xc0 [ 16.693551] ? __pfx_kthread+0x10/0x10 [ 16.693573] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.693606] ? calculate_sigpending+0x7b/0xa0 [ 16.693633] ? __pfx_kthread+0x10/0x10 [ 16.693655] ret_from_fork+0x116/0x1d0 [ 16.693675] ? __pfx_kthread+0x10/0x10 [ 16.693696] ret_from_fork_asm+0x1a/0x30 [ 16.693728] </TASK> [ 16.693739] [ 16.700791] Allocated by task 302: [ 16.701113] kasan_save_stack+0x45/0x70 [ 16.701316] kasan_save_track+0x18/0x40 [ 16.701486] kasan_save_alloc_info+0x3b/0x50 [ 16.701646] __kasan_kmalloc+0xb7/0xc0 [ 16.701782] __kmalloc_noprof+0x1c9/0x500 [ 16.701924] kunit_kmalloc_array+0x25/0x60 [ 16.702207] copy_user_test_oob+0xab/0x10f0 [ 16.702419] kunit_try_run_case+0x1a5/0x480 [ 16.702644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.702942] kthread+0x337/0x6f0 [ 16.703115] ret_from_fork+0x116/0x1d0 [ 16.703307] ret_from_fork_asm+0x1a/0x30 [ 16.703678] [ 16.703757] The buggy address belongs to the object at ffff8881029c7e00 [ 16.703757] which belongs to the cache kmalloc-128 of size 128 [ 16.704243] The buggy address is located 0 bytes inside of [ 16.704243] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.704691] [ 16.704802] The buggy address belongs to the physical page: [ 16.705061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.705370] flags: 0x200000000000000(node=0|zone=2) [ 16.705535] page_type: f5(slab) [ 16.705691] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.706034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.706447] page dumped because: kasan: bad access detected [ 16.706631] [ 16.706700] Memory state around the buggy address: [ 16.707093] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.707403] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.707970] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.708243] ^ [ 16.708460] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.708740] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.709886] ================================================================== [ 16.710683] ================================================================== [ 16.711675] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.712372] Read of size 121 at addr ffff8881029c7e00 by task kunit_try_catch/302 [ 16.713160] [ 16.713328] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.713387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.713402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.713424] Call Trace: [ 16.713442] <TASK> [ 16.713459] dump_stack_lvl+0x73/0xb0 [ 16.713489] print_report+0xd1/0x650 [ 16.713512] ? __virt_addr_valid+0x1db/0x2d0 [ 16.713537] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.713561] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.713585] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.713618] kasan_report+0x141/0x180 [ 16.713641] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.713670] kasan_check_range+0x10c/0x1c0 [ 16.713694] __kasan_check_read+0x15/0x20 [ 16.713714] copy_user_test_oob+0x4aa/0x10f0 [ 16.713740] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.713817] ? finish_task_switch.isra.0+0x153/0x700 [ 16.713844] ? __switch_to+0x47/0xf50 [ 16.713871] ? __schedule+0x10cc/0x2b60 [ 16.713905] ? __pfx_read_tsc+0x10/0x10 [ 16.713927] ? ktime_get_ts64+0x86/0x230 [ 16.713951] kunit_try_run_case+0x1a5/0x480 [ 16.713977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.714001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.714026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.714051] ? __kthread_parkme+0x82/0x180 [ 16.714073] ? preempt_count_sub+0x50/0x80 [ 16.714097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.714122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.714148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.714174] kthread+0x337/0x6f0 [ 16.714195] ? trace_preempt_on+0x20/0xc0 [ 16.714219] ? __pfx_kthread+0x10/0x10 [ 16.714241] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.714263] ? calculate_sigpending+0x7b/0xa0 [ 16.714289] ? __pfx_kthread+0x10/0x10 [ 16.714312] ret_from_fork+0x116/0x1d0 [ 16.714330] ? __pfx_kthread+0x10/0x10 [ 16.714351] ret_from_fork_asm+0x1a/0x30 [ 16.714382] </TASK> [ 16.714393] [ 16.726543] Allocated by task 302: [ 16.726747] kasan_save_stack+0x45/0x70 [ 16.726965] kasan_save_track+0x18/0x40 [ 16.727106] kasan_save_alloc_info+0x3b/0x50 [ 16.727276] __kasan_kmalloc+0xb7/0xc0 [ 16.727464] __kmalloc_noprof+0x1c9/0x500 [ 16.727674] kunit_kmalloc_array+0x25/0x60 [ 16.727910] copy_user_test_oob+0xab/0x10f0 [ 16.728071] kunit_try_run_case+0x1a5/0x480 [ 16.728219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.728478] kthread+0x337/0x6f0 [ 16.728663] ret_from_fork+0x116/0x1d0 [ 16.728849] ret_from_fork_asm+0x1a/0x30 [ 16.729007] [ 16.729089] The buggy address belongs to the object at ffff8881029c7e00 [ 16.729089] which belongs to the cache kmalloc-128 of size 128 [ 16.729553] The buggy address is located 0 bytes inside of [ 16.729553] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.729983] [ 16.730081] The buggy address belongs to the physical page: [ 16.730328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.730570] flags: 0x200000000000000(node=0|zone=2) [ 16.730745] page_type: f5(slab) [ 16.730928] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.731279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.731640] page dumped because: kasan: bad access detected [ 16.731985] [ 16.732058] Memory state around the buggy address: [ 16.732249] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.732467] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.732798] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.733151] ^ [ 16.733403] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.733634] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.734072] ================================================================== [ 16.753006] ================================================================== [ 16.753752] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.754041] Read of size 121 at addr ffff8881029c7e00 by task kunit_try_catch/302 [ 16.754273] [ 16.754362] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.754407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.754420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.754442] Call Trace: [ 16.754459] <TASK> [ 16.754476] dump_stack_lvl+0x73/0xb0 [ 16.754505] print_report+0xd1/0x650 [ 16.754528] ? __virt_addr_valid+0x1db/0x2d0 [ 16.754552] ? copy_user_test_oob+0x604/0x10f0 [ 16.754576] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.754611] ? copy_user_test_oob+0x604/0x10f0 [ 16.754636] kasan_report+0x141/0x180 [ 16.754658] ? copy_user_test_oob+0x604/0x10f0 [ 16.754687] kasan_check_range+0x10c/0x1c0 [ 16.754713] __kasan_check_read+0x15/0x20 [ 16.754733] copy_user_test_oob+0x604/0x10f0 [ 16.754759] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.754783] ? finish_task_switch.isra.0+0x153/0x700 [ 16.754819] ? __switch_to+0x47/0xf50 [ 16.754852] ? __schedule+0x10cc/0x2b60 [ 16.754875] ? __pfx_read_tsc+0x10/0x10 [ 16.754898] ? ktime_get_ts64+0x86/0x230 [ 16.754923] kunit_try_run_case+0x1a5/0x480 [ 16.754950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.754974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.755000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.755025] ? __kthread_parkme+0x82/0x180 [ 16.755047] ? preempt_count_sub+0x50/0x80 [ 16.755071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.755097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.755123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.755149] kthread+0x337/0x6f0 [ 16.755169] ? trace_preempt_on+0x20/0xc0 [ 16.755194] ? __pfx_kthread+0x10/0x10 [ 16.755216] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.755240] ? calculate_sigpending+0x7b/0xa0 [ 16.755265] ? __pfx_kthread+0x10/0x10 [ 16.755287] ret_from_fork+0x116/0x1d0 [ 16.755306] ? __pfx_kthread+0x10/0x10 [ 16.755327] ret_from_fork_asm+0x1a/0x30 [ 16.755358] </TASK> [ 16.755369] [ 16.762600] Allocated by task 302: [ 16.762754] kasan_save_stack+0x45/0x70 [ 16.762976] kasan_save_track+0x18/0x40 [ 16.763140] kasan_save_alloc_info+0x3b/0x50 [ 16.763339] __kasan_kmalloc+0xb7/0xc0 [ 16.763507] __kmalloc_noprof+0x1c9/0x500 [ 16.763711] kunit_kmalloc_array+0x25/0x60 [ 16.763923] copy_user_test_oob+0xab/0x10f0 [ 16.764114] kunit_try_run_case+0x1a5/0x480 [ 16.764273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.764474] kthread+0x337/0x6f0 [ 16.764654] ret_from_fork+0x116/0x1d0 [ 16.764842] ret_from_fork_asm+0x1a/0x30 [ 16.765052] [ 16.765123] The buggy address belongs to the object at ffff8881029c7e00 [ 16.765123] which belongs to the cache kmalloc-128 of size 128 [ 16.765642] The buggy address is located 0 bytes inside of [ 16.765642] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.766147] [ 16.766234] The buggy address belongs to the physical page: [ 16.766471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.766807] flags: 0x200000000000000(node=0|zone=2) [ 16.767021] page_type: f5(slab) [ 16.767185] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.767478] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.767765] page dumped because: kasan: bad access detected [ 16.768007] [ 16.768076] Memory state around the buggy address: [ 16.768232] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.768450] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.768676] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.768979] ^ [ 16.769455] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.769740] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.769959] ================================================================== [ 16.734854] ================================================================== [ 16.735133] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.735452] Write of size 121 at addr ffff8881029c7e00 by task kunit_try_catch/302 [ 16.735866] [ 16.735967] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.736013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.736025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.736048] Call Trace: [ 16.736065] <TASK> [ 16.736082] dump_stack_lvl+0x73/0xb0 [ 16.736112] print_report+0xd1/0x650 [ 16.736136] ? __virt_addr_valid+0x1db/0x2d0 [ 16.736160] ? copy_user_test_oob+0x557/0x10f0 [ 16.736184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.736209] ? copy_user_test_oob+0x557/0x10f0 [ 16.736234] kasan_report+0x141/0x180 [ 16.736256] ? copy_user_test_oob+0x557/0x10f0 [ 16.736285] kasan_check_range+0x10c/0x1c0 [ 16.736309] __kasan_check_write+0x18/0x20 [ 16.736329] copy_user_test_oob+0x557/0x10f0 [ 16.736355] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.736379] ? finish_task_switch.isra.0+0x153/0x700 [ 16.736404] ? __switch_to+0x47/0xf50 [ 16.736430] ? __schedule+0x10cc/0x2b60 [ 16.736453] ? __pfx_read_tsc+0x10/0x10 [ 16.736475] ? ktime_get_ts64+0x86/0x230 [ 16.736501] kunit_try_run_case+0x1a5/0x480 [ 16.736526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.736550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.736575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.736612] ? __kthread_parkme+0x82/0x180 [ 16.736634] ? preempt_count_sub+0x50/0x80 [ 16.736658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.736684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.736710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.736736] kthread+0x337/0x6f0 [ 16.736755] ? trace_preempt_on+0x20/0xc0 [ 16.736788] ? __pfx_kthread+0x10/0x10 [ 16.736809] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.736832] ? calculate_sigpending+0x7b/0xa0 [ 16.736858] ? __pfx_kthread+0x10/0x10 [ 16.736880] ret_from_fork+0x116/0x1d0 [ 16.736898] ? __pfx_kthread+0x10/0x10 [ 16.736919] ret_from_fork_asm+0x1a/0x30 [ 16.736954] </TASK> [ 16.736965] [ 16.743862] Allocated by task 302: [ 16.744043] kasan_save_stack+0x45/0x70 [ 16.744241] kasan_save_track+0x18/0x40 [ 16.744431] kasan_save_alloc_info+0x3b/0x50 [ 16.744648] __kasan_kmalloc+0xb7/0xc0 [ 16.744791] __kmalloc_noprof+0x1c9/0x500 [ 16.744997] kunit_kmalloc_array+0x25/0x60 [ 16.745184] copy_user_test_oob+0xab/0x10f0 [ 16.745331] kunit_try_run_case+0x1a5/0x480 [ 16.745478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.745737] kthread+0x337/0x6f0 [ 16.746071] ret_from_fork+0x116/0x1d0 [ 16.746262] ret_from_fork_asm+0x1a/0x30 [ 16.746460] [ 16.746560] The buggy address belongs to the object at ffff8881029c7e00 [ 16.746560] which belongs to the cache kmalloc-128 of size 128 [ 16.747069] The buggy address is located 0 bytes inside of [ 16.747069] allocated 120-byte region [ffff8881029c7e00, ffff8881029c7e78) [ 16.747528] [ 16.747635] The buggy address belongs to the physical page: [ 16.747866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c7 [ 16.748192] flags: 0x200000000000000(node=0|zone=2) [ 16.748405] page_type: f5(slab) [ 16.748575] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.748924] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.749229] page dumped because: kasan: bad access detected [ 16.749457] [ 16.749533] Memory state around the buggy address: [ 16.749750] ffff8881029c7d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.750035] ffff8881029c7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.750327] >ffff8881029c7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.750542] ^ [ 16.750858] ffff8881029c7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.751330] ffff8881029c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.751552] ==================================================================