Date
July 10, 2025, 6:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.945472] ================================================================== [ 19.945593] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.945673] Write of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 19.945727] [ 19.945770] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.945858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.945888] Hardware name: linux,dummy-virt (DT) [ 19.945962] Call trace: [ 19.945989] show_stack+0x20/0x38 (C) [ 19.946403] dump_stack_lvl+0x8c/0xd0 [ 19.946497] print_report+0x118/0x608 [ 19.946548] kasan_report+0xdc/0x128 [ 19.946597] kasan_check_range+0x100/0x1a8 [ 19.946772] __kasan_check_write+0x20/0x30 [ 19.946906] copy_user_test_oob+0x234/0xec8 [ 19.946979] kunit_try_run_case+0x170/0x3f0 [ 19.947099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.947175] kthread+0x328/0x630 [ 19.947236] ret_from_fork+0x10/0x20 [ 19.947394] [ 19.947489] Allocated by task 285: [ 19.947550] kasan_save_stack+0x3c/0x68 [ 19.947597] kasan_save_track+0x20/0x40 [ 19.947675] kasan_save_alloc_info+0x40/0x58 [ 19.947739] __kasan_kmalloc+0xd4/0xd8 [ 19.947779] __kmalloc_noprof+0x198/0x4c8 [ 19.947822] kunit_kmalloc_array+0x34/0x88 [ 19.948082] copy_user_test_oob+0xac/0xec8 [ 19.948171] kunit_try_run_case+0x170/0x3f0 [ 19.948286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.948576] kthread+0x328/0x630 [ 19.948665] ret_from_fork+0x10/0x20 [ 19.948776] [ 19.948811] The buggy address belongs to the object at fff00000c5a57c00 [ 19.948811] which belongs to the cache kmalloc-128 of size 128 [ 19.948966] The buggy address is located 0 bytes inside of [ 19.948966] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 19.949164] [ 19.949254] The buggy address belongs to the physical page: [ 19.949329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 19.949451] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.949541] page_type: f5(slab) [ 19.949583] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.949636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.949677] page dumped because: kasan: bad access detected [ 19.949712] [ 19.949734] Memory state around the buggy address: [ 19.950071] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.950224] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.950330] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.950686] ^ [ 19.950883] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.950928] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.950970] ================================================================== [ 20.001182] ================================================================== [ 20.001237] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.001294] Read of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 20.002029] [ 20.002224] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 20.002631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.003069] Hardware name: linux,dummy-virt (DT) [ 20.003120] Call trace: [ 20.003444] show_stack+0x20/0x38 (C) [ 20.003551] dump_stack_lvl+0x8c/0xd0 [ 20.003760] print_report+0x118/0x608 [ 20.003816] kasan_report+0xdc/0x128 [ 20.003888] kasan_check_range+0x100/0x1a8 [ 20.004225] __kasan_check_read+0x20/0x30 [ 20.004567] copy_user_test_oob+0x4a0/0xec8 [ 20.004958] kunit_try_run_case+0x170/0x3f0 [ 20.005036] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.005103] kthread+0x328/0x630 [ 20.005149] ret_from_fork+0x10/0x20 [ 20.005210] [ 20.005241] Allocated by task 285: [ 20.005274] kasan_save_stack+0x3c/0x68 [ 20.005331] kasan_save_track+0x20/0x40 [ 20.005406] kasan_save_alloc_info+0x40/0x58 [ 20.005469] __kasan_kmalloc+0xd4/0xd8 [ 20.005523] __kmalloc_noprof+0x198/0x4c8 [ 20.005565] kunit_kmalloc_array+0x34/0x88 [ 20.005620] copy_user_test_oob+0xac/0xec8 [ 20.005662] kunit_try_run_case+0x170/0x3f0 [ 20.005702] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.005749] kthread+0x328/0x630 [ 20.005786] ret_from_fork+0x10/0x20 [ 20.005823] [ 20.005854] The buggy address belongs to the object at fff00000c5a57c00 [ 20.005854] which belongs to the cache kmalloc-128 of size 128 [ 20.006529] The buggy address is located 0 bytes inside of [ 20.006529] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 20.006623] [ 20.006679] The buggy address belongs to the physical page: [ 20.006873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 20.007188] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.007414] page_type: f5(slab) [ 20.007463] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.007671] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.007978] page dumped because: kasan: bad access detected [ 20.008155] [ 20.008179] Memory state around the buggy address: [ 20.008262] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.008457] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.008822] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.009042] ^ [ 20.009480] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.009966] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.010077] ================================================================== [ 19.974881] ================================================================== [ 19.974957] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.975181] Write of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 19.975384] [ 19.975480] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.975589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.975699] Hardware name: linux,dummy-virt (DT) [ 19.975749] Call trace: [ 19.975775] show_stack+0x20/0x38 (C) [ 19.975840] dump_stack_lvl+0x8c/0xd0 [ 19.976073] print_report+0x118/0x608 [ 19.976144] kasan_report+0xdc/0x128 [ 19.976573] kasan_check_range+0x100/0x1a8 [ 19.976652] __kasan_check_write+0x20/0x30 [ 19.976828] copy_user_test_oob+0x35c/0xec8 [ 19.976900] kunit_try_run_case+0x170/0x3f0 [ 19.977025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.977307] kthread+0x328/0x630 [ 19.977557] ret_from_fork+0x10/0x20 [ 19.977620] [ 19.977660] Allocated by task 285: [ 19.977751] kasan_save_stack+0x3c/0x68 [ 19.977842] kasan_save_track+0x20/0x40 [ 19.977887] kasan_save_alloc_info+0x40/0x58 [ 19.978295] __kasan_kmalloc+0xd4/0xd8 [ 19.978531] __kmalloc_noprof+0x198/0x4c8 [ 19.978583] kunit_kmalloc_array+0x34/0x88 [ 19.978939] copy_user_test_oob+0xac/0xec8 [ 19.979154] kunit_try_run_case+0x170/0x3f0 [ 19.979331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.979439] kthread+0x328/0x630 [ 19.979517] ret_from_fork+0x10/0x20 [ 19.979661] [ 19.979732] The buggy address belongs to the object at fff00000c5a57c00 [ 19.979732] which belongs to the cache kmalloc-128 of size 128 [ 19.980150] The buggy address is located 0 bytes inside of [ 19.980150] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 19.980469] [ 19.980555] The buggy address belongs to the physical page: [ 19.980697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 19.980793] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.980935] page_type: f5(slab) [ 19.981013] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.981090] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.981312] page dumped because: kasan: bad access detected [ 19.981509] [ 19.981670] Memory state around the buggy address: [ 19.981936] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.982373] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982463] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.982517] ^ [ 19.982577] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982633] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982866] ================================================================== [ 19.990452] ================================================================== [ 19.990603] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.990737] Write of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 19.990949] [ 19.991148] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.991283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.991436] Hardware name: linux,dummy-virt (DT) [ 19.991482] Call trace: [ 19.991878] show_stack+0x20/0x38 (C) [ 19.991967] dump_stack_lvl+0x8c/0xd0 [ 19.992025] print_report+0x118/0x608 [ 19.992084] kasan_report+0xdc/0x128 [ 19.992134] kasan_check_range+0x100/0x1a8 [ 19.992184] __kasan_check_write+0x20/0x30 [ 19.992591] copy_user_test_oob+0x434/0xec8 [ 19.992667] kunit_try_run_case+0x170/0x3f0 [ 19.992856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.992927] kthread+0x328/0x630 [ 19.993203] ret_from_fork+0x10/0x20 [ 19.993276] [ 19.993306] Allocated by task 285: [ 19.993354] kasan_save_stack+0x3c/0x68 [ 19.993400] kasan_save_track+0x20/0x40 [ 19.993925] kasan_save_alloc_info+0x40/0x58 [ 19.993993] __kasan_kmalloc+0xd4/0xd8 [ 19.994379] __kmalloc_noprof+0x198/0x4c8 [ 19.994641] kunit_kmalloc_array+0x34/0x88 [ 19.994820] copy_user_test_oob+0xac/0xec8 [ 19.994902] kunit_try_run_case+0x170/0x3f0 [ 19.994971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.995127] kthread+0x328/0x630 [ 19.995204] ret_from_fork+0x10/0x20 [ 19.995242] [ 19.995287] The buggy address belongs to the object at fff00000c5a57c00 [ 19.995287] which belongs to the cache kmalloc-128 of size 128 [ 19.995560] The buggy address is located 0 bytes inside of [ 19.995560] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 19.995762] [ 19.995797] The buggy address belongs to the physical page: [ 19.996111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 19.996268] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.996414] page_type: f5(slab) [ 19.998038] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.998323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.998387] page dumped because: kasan: bad access detected [ 19.998591] [ 19.998825] Memory state around the buggy address: [ 19.998909] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.999135] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.999311] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.999639] ^ [ 19.999874] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.999937] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.000281] ================================================================== [ 19.961831] ================================================================== [ 19.961892] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.962068] Read of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 19.962425] [ 19.962497] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.962665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.962804] Hardware name: linux,dummy-virt (DT) [ 19.962862] Call trace: [ 19.962933] show_stack+0x20/0x38 (C) [ 19.963043] dump_stack_lvl+0x8c/0xd0 [ 19.963152] print_report+0x118/0x608 [ 19.963498] kasan_report+0xdc/0x128 [ 19.963567] kasan_check_range+0x100/0x1a8 [ 19.963707] __kasan_check_read+0x20/0x30 [ 19.963815] copy_user_test_oob+0x728/0xec8 [ 19.963865] kunit_try_run_case+0x170/0x3f0 [ 19.963973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.964030] kthread+0x328/0x630 [ 19.964076] ret_from_fork+0x10/0x20 [ 19.964264] [ 19.964292] Allocated by task 285: [ 19.964324] kasan_save_stack+0x3c/0x68 [ 19.964383] kasan_save_track+0x20/0x40 [ 19.964535] kasan_save_alloc_info+0x40/0x58 [ 19.964627] __kasan_kmalloc+0xd4/0xd8 [ 19.964669] __kmalloc_noprof+0x198/0x4c8 [ 19.964739] kunit_kmalloc_array+0x34/0x88 [ 19.964829] copy_user_test_oob+0xac/0xec8 [ 19.964949] kunit_try_run_case+0x170/0x3f0 [ 19.965054] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.965436] kthread+0x328/0x630 [ 19.965490] ret_from_fork+0x10/0x20 [ 19.965531] [ 19.965571] The buggy address belongs to the object at fff00000c5a57c00 [ 19.965571] which belongs to the cache kmalloc-128 of size 128 [ 19.965630] The buggy address is located 0 bytes inside of [ 19.965630] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 19.965702] [ 19.965744] The buggy address belongs to the physical page: [ 19.965777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 19.965833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.965883] page_type: f5(slab) [ 19.965953] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.966003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.966045] page dumped because: kasan: bad access detected [ 19.966080] [ 19.966270] Memory state around the buggy address: [ 19.966381] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.966442] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.966517] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.966597] ^ [ 19.966728] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.966808] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.966853] ================================================================== [ 19.983881] ================================================================== [ 19.984048] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.984203] Read of size 121 at addr fff00000c5a57c00 by task kunit_try_catch/285 [ 19.984260] [ 19.984318] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.984827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.984874] Hardware name: linux,dummy-virt (DT) [ 19.985004] Call trace: [ 19.985047] show_stack+0x20/0x38 (C) [ 19.985318] dump_stack_lvl+0x8c/0xd0 [ 19.985490] print_report+0x118/0x608 [ 19.985552] kasan_report+0xdc/0x128 [ 19.985946] kasan_check_range+0x100/0x1a8 [ 19.986021] __kasan_check_read+0x20/0x30 [ 19.986320] copy_user_test_oob+0x3c8/0xec8 [ 19.986623] kunit_try_run_case+0x170/0x3f0 [ 19.986766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.986841] kthread+0x328/0x630 [ 19.987178] ret_from_fork+0x10/0x20 [ 19.987363] [ 19.987423] Allocated by task 285: [ 19.987475] kasan_save_stack+0x3c/0x68 [ 19.987549] kasan_save_track+0x20/0x40 [ 19.987742] kasan_save_alloc_info+0x40/0x58 [ 19.987798] __kasan_kmalloc+0xd4/0xd8 [ 19.987838] __kmalloc_noprof+0x198/0x4c8 [ 19.987879] kunit_kmalloc_array+0x34/0x88 [ 19.988029] copy_user_test_oob+0xac/0xec8 [ 19.988077] kunit_try_run_case+0x170/0x3f0 [ 19.988144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.988201] kthread+0x328/0x630 [ 19.988238] ret_from_fork+0x10/0x20 [ 19.988276] [ 19.988307] The buggy address belongs to the object at fff00000c5a57c00 [ 19.988307] which belongs to the cache kmalloc-128 of size 128 [ 19.988390] The buggy address is located 0 bytes inside of [ 19.988390] allocated 120-byte region [fff00000c5a57c00, fff00000c5a57c78) [ 19.988454] [ 19.988477] The buggy address belongs to the physical page: [ 19.988508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a57 [ 19.988572] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.988622] page_type: f5(slab) [ 19.988690] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.988753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.988807] page dumped because: kasan: bad access detected [ 19.988851] [ 19.988880] Memory state around the buggy address: [ 19.988930] fff00000c5a57b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.988989] fff00000c5a57b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.989035] >fff00000c5a57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.989085] ^ [ 19.989129] fff00000c5a57c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.989174] fff00000c5a57d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.989224] ==================================================================
[ 16.606478] ================================================================== [ 16.606774] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.607232] Read of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.607541] [ 16.607656] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.607697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.607710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.607730] Call Trace: [ 16.607745] <TASK> [ 16.607760] dump_stack_lvl+0x73/0xb0 [ 16.607789] print_report+0xd1/0x650 [ 16.607812] ? __virt_addr_valid+0x1db/0x2d0 [ 16.607836] ? copy_user_test_oob+0x604/0x10f0 [ 16.607860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.607884] ? copy_user_test_oob+0x604/0x10f0 [ 16.607909] kasan_report+0x141/0x180 [ 16.607932] ? copy_user_test_oob+0x604/0x10f0 [ 16.607967] kasan_check_range+0x10c/0x1c0 [ 16.607992] __kasan_check_read+0x15/0x20 [ 16.608012] copy_user_test_oob+0x604/0x10f0 [ 16.608406] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.608438] ? finish_task_switch.isra.0+0x153/0x700 [ 16.608464] ? __switch_to+0x47/0xf50 [ 16.608490] ? __schedule+0x10cc/0x2b60 [ 16.608514] ? __pfx_read_tsc+0x10/0x10 [ 16.608536] ? ktime_get_ts64+0x86/0x230 [ 16.608561] kunit_try_run_case+0x1a5/0x480 [ 16.608586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.608636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.608662] ? __kthread_parkme+0x82/0x180 [ 16.608684] ? preempt_count_sub+0x50/0x80 [ 16.608709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.608761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.608787] kthread+0x337/0x6f0 [ 16.608807] ? trace_preempt_on+0x20/0xc0 [ 16.608831] ? __pfx_kthread+0x10/0x10 [ 16.608852] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.608875] ? calculate_sigpending+0x7b/0xa0 [ 16.608900] ? __pfx_kthread+0x10/0x10 [ 16.608923] ret_from_fork+0x116/0x1d0 [ 16.608950] ? __pfx_kthread+0x10/0x10 [ 16.608972] ret_from_fork_asm+0x1a/0x30 [ 16.609003] </TASK> [ 16.609013] [ 16.618432] Allocated by task 302: [ 16.618700] kasan_save_stack+0x45/0x70 [ 16.618976] kasan_save_track+0x18/0x40 [ 16.619176] kasan_save_alloc_info+0x3b/0x50 [ 16.619477] __kasan_kmalloc+0xb7/0xc0 [ 16.619740] __kmalloc_noprof+0x1c9/0x500 [ 16.619906] kunit_kmalloc_array+0x25/0x60 [ 16.620147] copy_user_test_oob+0xab/0x10f0 [ 16.620468] kunit_try_run_case+0x1a5/0x480 [ 16.620669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.620898] kthread+0x337/0x6f0 [ 16.621289] ret_from_fork+0x116/0x1d0 [ 16.621472] ret_from_fork_asm+0x1a/0x30 [ 16.621773] [ 16.621876] The buggy address belongs to the object at ffff888102791f00 [ 16.621876] which belongs to the cache kmalloc-128 of size 128 [ 16.622469] The buggy address is located 0 bytes inside of [ 16.622469] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.623130] [ 16.623297] The buggy address belongs to the physical page: [ 16.623568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.624039] flags: 0x200000000000000(node=0|zone=2) [ 16.624272] page_type: f5(slab) [ 16.624414] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.624745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.625290] page dumped because: kasan: bad access detected [ 16.625586] [ 16.625667] Memory state around the buggy address: [ 16.625869] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.626340] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.626720] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.626976] ^ [ 16.627501] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.627885] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.628263] ================================================================== [ 16.583979] ================================================================== [ 16.584576] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.585018] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.585302] [ 16.585597] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.585642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.585655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.585675] Call Trace: [ 16.585691] <TASK> [ 16.585706] dump_stack_lvl+0x73/0xb0 [ 16.585735] print_report+0xd1/0x650 [ 16.585759] ? __virt_addr_valid+0x1db/0x2d0 [ 16.585782] ? copy_user_test_oob+0x557/0x10f0 [ 16.585806] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.585831] ? copy_user_test_oob+0x557/0x10f0 [ 16.585856] kasan_report+0x141/0x180 [ 16.585879] ? copy_user_test_oob+0x557/0x10f0 [ 16.585908] kasan_check_range+0x10c/0x1c0 [ 16.586000] __kasan_check_write+0x18/0x20 [ 16.586024] copy_user_test_oob+0x557/0x10f0 [ 16.586064] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.586088] ? finish_task_switch.isra.0+0x153/0x700 [ 16.586111] ? __switch_to+0x47/0xf50 [ 16.586137] ? __schedule+0x10cc/0x2b60 [ 16.586160] ? __pfx_read_tsc+0x10/0x10 [ 16.586184] ? ktime_get_ts64+0x86/0x230 [ 16.586209] kunit_try_run_case+0x1a5/0x480 [ 16.586235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.586285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.586310] ? __kthread_parkme+0x82/0x180 [ 16.586332] ? preempt_count_sub+0x50/0x80 [ 16.586356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.586408] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.586435] kthread+0x337/0x6f0 [ 16.586456] ? trace_preempt_on+0x20/0xc0 [ 16.586479] ? __pfx_kthread+0x10/0x10 [ 16.586501] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.586524] ? calculate_sigpending+0x7b/0xa0 [ 16.586549] ? __pfx_kthread+0x10/0x10 [ 16.586572] ret_from_fork+0x116/0x1d0 [ 16.586592] ? __pfx_kthread+0x10/0x10 [ 16.586613] ret_from_fork_asm+0x1a/0x30 [ 16.586645] </TASK> [ 16.586656] [ 16.595814] Allocated by task 302: [ 16.596186] kasan_save_stack+0x45/0x70 [ 16.596371] kasan_save_track+0x18/0x40 [ 16.596674] kasan_save_alloc_info+0x3b/0x50 [ 16.596946] __kasan_kmalloc+0xb7/0xc0 [ 16.597113] __kmalloc_noprof+0x1c9/0x500 [ 16.597318] kunit_kmalloc_array+0x25/0x60 [ 16.597685] copy_user_test_oob+0xab/0x10f0 [ 16.597878] kunit_try_run_case+0x1a5/0x480 [ 16.598237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.598485] kthread+0x337/0x6f0 [ 16.598749] ret_from_fork+0x116/0x1d0 [ 16.598927] ret_from_fork_asm+0x1a/0x30 [ 16.599275] [ 16.599359] The buggy address belongs to the object at ffff888102791f00 [ 16.599359] which belongs to the cache kmalloc-128 of size 128 [ 16.599908] The buggy address is located 0 bytes inside of [ 16.599908] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.600745] [ 16.600840] The buggy address belongs to the physical page: [ 16.601248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.601637] flags: 0x200000000000000(node=0|zone=2) [ 16.601947] page_type: f5(slab) [ 16.602098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.602574] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.602890] page dumped because: kasan: bad access detected [ 16.603217] [ 16.603291] Memory state around the buggy address: [ 16.603503] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.603792] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.604304] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.604688] ^ [ 16.605066] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.605379] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.605807] ================================================================== [ 16.561370] ================================================================== [ 16.561671] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.562393] Read of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.562881] [ 16.563013] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.563147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.563162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.563184] Call Trace: [ 16.563255] <TASK> [ 16.563273] dump_stack_lvl+0x73/0xb0 [ 16.563304] print_report+0xd1/0x650 [ 16.563327] ? __virt_addr_valid+0x1db/0x2d0 [ 16.563351] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.563399] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563424] kasan_report+0x141/0x180 [ 16.563447] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563477] kasan_check_range+0x10c/0x1c0 [ 16.563501] __kasan_check_read+0x15/0x20 [ 16.563522] copy_user_test_oob+0x4aa/0x10f0 [ 16.563548] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.563572] ? finish_task_switch.isra.0+0x153/0x700 [ 16.563596] ? __switch_to+0x47/0xf50 [ 16.563621] ? __schedule+0x10cc/0x2b60 [ 16.563643] ? __pfx_read_tsc+0x10/0x10 [ 16.563665] ? ktime_get_ts64+0x86/0x230 [ 16.563689] kunit_try_run_case+0x1a5/0x480 [ 16.563714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.563738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.563763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.563789] ? __kthread_parkme+0x82/0x180 [ 16.563810] ? preempt_count_sub+0x50/0x80 [ 16.563834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.563860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.563887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.563914] kthread+0x337/0x6f0 [ 16.563955] ? trace_preempt_on+0x20/0xc0 [ 16.563981] ? __pfx_kthread+0x10/0x10 [ 16.564002] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.564025] ? calculate_sigpending+0x7b/0xa0 [ 16.564061] ? __pfx_kthread+0x10/0x10 [ 16.564083] ret_from_fork+0x116/0x1d0 [ 16.564103] ? __pfx_kthread+0x10/0x10 [ 16.564124] ret_from_fork_asm+0x1a/0x30 [ 16.564156] </TASK> [ 16.564168] [ 16.573544] Allocated by task 302: [ 16.573714] kasan_save_stack+0x45/0x70 [ 16.573913] kasan_save_track+0x18/0x40 [ 16.574370] kasan_save_alloc_info+0x3b/0x50 [ 16.574569] __kasan_kmalloc+0xb7/0xc0 [ 16.574738] __kmalloc_noprof+0x1c9/0x500 [ 16.574921] kunit_kmalloc_array+0x25/0x60 [ 16.575315] copy_user_test_oob+0xab/0x10f0 [ 16.575572] kunit_try_run_case+0x1a5/0x480 [ 16.575739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.576168] kthread+0x337/0x6f0 [ 16.576408] ret_from_fork+0x116/0x1d0 [ 16.576637] ret_from_fork_asm+0x1a/0x30 [ 16.576831] [ 16.576920] The buggy address belongs to the object at ffff888102791f00 [ 16.576920] which belongs to the cache kmalloc-128 of size 128 [ 16.577597] The buggy address is located 0 bytes inside of [ 16.577597] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.578210] [ 16.578432] The buggy address belongs to the physical page: [ 16.578636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.578997] flags: 0x200000000000000(node=0|zone=2) [ 16.579396] page_type: f5(slab) [ 16.579626] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.579985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.580324] page dumped because: kasan: bad access detected [ 16.580552] [ 16.580630] Memory state around the buggy address: [ 16.580860] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.581489] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.581863] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.582224] ^ [ 16.582626] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.583045] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.583401] ================================================================== [ 16.538786] ================================================================== [ 16.539148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.539464] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.539768] [ 16.539869] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.539912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.539925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.540201] Call Trace: [ 16.540220] <TASK> [ 16.540324] dump_stack_lvl+0x73/0xb0 [ 16.540360] print_report+0xd1/0x650 [ 16.540384] ? __virt_addr_valid+0x1db/0x2d0 [ 16.540409] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540434] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.540459] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540483] kasan_report+0x141/0x180 [ 16.540506] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540535] kasan_check_range+0x10c/0x1c0 [ 16.540560] __kasan_check_write+0x18/0x20 [ 16.540580] copy_user_test_oob+0x3fd/0x10f0 [ 16.540607] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.540631] ? finish_task_switch.isra.0+0x153/0x700 [ 16.540655] ? __switch_to+0x47/0xf50 [ 16.540681] ? __schedule+0x10cc/0x2b60 [ 16.540704] ? __pfx_read_tsc+0x10/0x10 [ 16.540725] ? ktime_get_ts64+0x86/0x230 [ 16.540750] kunit_try_run_case+0x1a5/0x480 [ 16.540775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.540799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.540824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.540849] ? __kthread_parkme+0x82/0x180 [ 16.540870] ? preempt_count_sub+0x50/0x80 [ 16.540894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.540920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.540960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.540987] kthread+0x337/0x6f0 [ 16.541007] ? trace_preempt_on+0x20/0xc0 [ 16.541041] ? __pfx_kthread+0x10/0x10 [ 16.541063] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.541085] ? calculate_sigpending+0x7b/0xa0 [ 16.541110] ? __pfx_kthread+0x10/0x10 [ 16.541133] ret_from_fork+0x116/0x1d0 [ 16.541152] ? __pfx_kthread+0x10/0x10 [ 16.541174] ret_from_fork_asm+0x1a/0x30 [ 16.541206] </TASK> [ 16.541218] [ 16.550727] Allocated by task 302: [ 16.550974] kasan_save_stack+0x45/0x70 [ 16.551190] kasan_save_track+0x18/0x40 [ 16.551362] kasan_save_alloc_info+0x3b/0x50 [ 16.551552] __kasan_kmalloc+0xb7/0xc0 [ 16.551728] __kmalloc_noprof+0x1c9/0x500 [ 16.551906] kunit_kmalloc_array+0x25/0x60 [ 16.552465] copy_user_test_oob+0xab/0x10f0 [ 16.552651] kunit_try_run_case+0x1a5/0x480 [ 16.552867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.553352] kthread+0x337/0x6f0 [ 16.553497] ret_from_fork+0x116/0x1d0 [ 16.553809] ret_from_fork_asm+0x1a/0x30 [ 16.554058] [ 16.554235] The buggy address belongs to the object at ffff888102791f00 [ 16.554235] which belongs to the cache kmalloc-128 of size 128 [ 16.554819] The buggy address is located 0 bytes inside of [ 16.554819] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.555547] [ 16.555771] The buggy address belongs to the physical page: [ 16.556009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.556516] flags: 0x200000000000000(node=0|zone=2) [ 16.556798] page_type: f5(slab) [ 16.556930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.557338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.557665] page dumped because: kasan: bad access detected [ 16.557890] [ 16.557967] Memory state around the buggy address: [ 16.558479] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.558859] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.559218] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.559622] ^ [ 16.559981] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.560305] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.560708] ==================================================================