Date
July 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 22.324274] ================================================================== [ 22.324454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 22.324573] Write of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.324635] [ 22.324669] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.324836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.324895] Hardware name: linux,dummy-virt (DT) [ 22.324933] Call trace: [ 22.324957] show_stack+0x20/0x38 (C) [ 22.325014] dump_stack_lvl+0x8c/0xd0 [ 22.325064] print_report+0x118/0x608 [ 22.325114] kasan_report+0xdc/0x128 [ 22.325351] kasan_check_range+0x100/0x1a8 [ 22.325608] __kasan_check_write+0x20/0x30 [ 22.325672] copy_user_test_oob+0x434/0xec8 [ 22.325970] kunit_try_run_case+0x170/0x3f0 [ 22.326033] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.326088] kthread+0x328/0x630 [ 22.326131] ret_from_fork+0x10/0x20 [ 22.326195] [ 22.326274] Allocated by task 285: [ 22.326329] kasan_save_stack+0x3c/0x68 [ 22.326401] kasan_save_track+0x20/0x40 [ 22.326493] kasan_save_alloc_info+0x40/0x58 [ 22.326536] __kasan_kmalloc+0xd4/0xd8 [ 22.326576] __kmalloc_noprof+0x198/0x4c8 [ 22.326652] kunit_kmalloc_array+0x34/0x88 [ 22.326729] copy_user_test_oob+0xac/0xec8 [ 22.326795] kunit_try_run_case+0x170/0x3f0 [ 22.326837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.326894] kthread+0x328/0x630 [ 22.326928] ret_from_fork+0x10/0x20 [ 22.326967] [ 22.326988] The buggy address belongs to the object at fff00000c63b9300 [ 22.326988] which belongs to the cache kmalloc-128 of size 128 [ 22.327050] The buggy address is located 0 bytes inside of [ 22.327050] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.327115] [ 22.327136] The buggy address belongs to the physical page: [ 22.327343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.327430] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.327638] page_type: f5(slab) [ 22.327693] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.327749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.327793] page dumped because: kasan: bad access detected [ 22.327855] [ 22.327891] Memory state around the buggy address: [ 22.327976] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.328085] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.328258] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.328376] ^ [ 22.328493] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.328560] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.328628] ================================================================== [ 22.318434] ================================================================== [ 22.318548] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 22.318600] Read of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.318674] [ 22.318944] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.319052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.319090] Hardware name: linux,dummy-virt (DT) [ 22.319138] Call trace: [ 22.319174] show_stack+0x20/0x38 (C) [ 22.319225] dump_stack_lvl+0x8c/0xd0 [ 22.319278] print_report+0x118/0x608 [ 22.319445] kasan_report+0xdc/0x128 [ 22.319642] kasan_check_range+0x100/0x1a8 [ 22.319842] __kasan_check_read+0x20/0x30 [ 22.319925] copy_user_test_oob+0x3c8/0xec8 [ 22.320255] kunit_try_run_case+0x170/0x3f0 [ 22.320371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.320516] kthread+0x328/0x630 [ 22.320592] ret_from_fork+0x10/0x20 [ 22.320720] [ 22.320799] Allocated by task 285: [ 22.320909] kasan_save_stack+0x3c/0x68 [ 22.320984] kasan_save_track+0x20/0x40 [ 22.321023] kasan_save_alloc_info+0x40/0x58 [ 22.321076] __kasan_kmalloc+0xd4/0xd8 [ 22.321115] __kmalloc_noprof+0x198/0x4c8 [ 22.321424] kunit_kmalloc_array+0x34/0x88 [ 22.321546] copy_user_test_oob+0xac/0xec8 [ 22.321601] kunit_try_run_case+0x170/0x3f0 [ 22.321654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.321931] kthread+0x328/0x630 [ 22.322083] ret_from_fork+0x10/0x20 [ 22.322184] [ 22.322229] The buggy address belongs to the object at fff00000c63b9300 [ 22.322229] which belongs to the cache kmalloc-128 of size 128 [ 22.322302] The buggy address is located 0 bytes inside of [ 22.322302] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.322370] [ 22.322404] The buggy address belongs to the physical page: [ 22.322440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.322494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.322563] page_type: f5(slab) [ 22.322604] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.322666] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.322717] page dumped because: kasan: bad access detected [ 22.322761] [ 22.322787] Memory state around the buggy address: [ 22.322832] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.322899] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.322948] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.322990] ^ [ 22.323035] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.323093] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.323136] ================================================================== [ 22.329211] ================================================================== [ 22.329264] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 22.329328] Read of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.329706] [ 22.329799] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.329888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.329930] Hardware name: linux,dummy-virt (DT) [ 22.329964] Call trace: [ 22.329989] show_stack+0x20/0x38 (C) [ 22.330338] dump_stack_lvl+0x8c/0xd0 [ 22.330422] print_report+0x118/0x608 [ 22.330472] kasan_report+0xdc/0x128 [ 22.330535] kasan_check_range+0x100/0x1a8 [ 22.330587] __kasan_check_read+0x20/0x30 [ 22.330654] copy_user_test_oob+0x4a0/0xec8 [ 22.330980] kunit_try_run_case+0x170/0x3f0 [ 22.331086] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.331181] kthread+0x328/0x630 [ 22.331253] ret_from_fork+0x10/0x20 [ 22.331350] [ 22.331373] Allocated by task 285: [ 22.331424] kasan_save_stack+0x3c/0x68 [ 22.331469] kasan_save_track+0x20/0x40 [ 22.331676] kasan_save_alloc_info+0x40/0x58 [ 22.331732] __kasan_kmalloc+0xd4/0xd8 [ 22.331770] __kmalloc_noprof+0x198/0x4c8 [ 22.331838] kunit_kmalloc_array+0x34/0x88 [ 22.331876] copy_user_test_oob+0xac/0xec8 [ 22.331916] kunit_try_run_case+0x170/0x3f0 [ 22.332265] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.332408] kthread+0x328/0x630 [ 22.332464] ret_from_fork+0x10/0x20 [ 22.332502] [ 22.332525] The buggy address belongs to the object at fff00000c63b9300 [ 22.332525] which belongs to the cache kmalloc-128 of size 128 [ 22.332588] The buggy address is located 0 bytes inside of [ 22.332588] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.332663] [ 22.332694] The buggy address belongs to the physical page: [ 22.332742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.332819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.332877] page_type: f5(slab) [ 22.332919] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.332989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.333039] page dumped because: kasan: bad access detected [ 22.333074] [ 22.333103] Memory state around the buggy address: [ 22.333153] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.333213] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.333260] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.333303] ^ [ 22.333348] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.333405] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.333447] ================================================================== [ 22.292955] ================================================================== [ 22.293018] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 22.295293] Read of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.295374] [ 22.295411] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.296787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.296838] Hardware name: linux,dummy-virt (DT) [ 22.296873] Call trace: [ 22.296900] show_stack+0x20/0x38 (C) [ 22.299203] dump_stack_lvl+0x8c/0xd0 [ 22.301177] print_report+0x118/0x608 [ 22.301592] kasan_report+0xdc/0x128 [ 22.302701] kasan_check_range+0x100/0x1a8 [ 22.302767] __kasan_check_read+0x20/0x30 [ 22.302816] copy_user_test_oob+0x728/0xec8 [ 22.303557] kunit_try_run_case+0x170/0x3f0 [ 22.303732] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.303826] kthread+0x328/0x630 [ 22.303871] ret_from_fork+0x10/0x20 [ 22.303922] [ 22.303944] Allocated by task 285: [ 22.303975] kasan_save_stack+0x3c/0x68 [ 22.304272] kasan_save_track+0x20/0x40 [ 22.304421] kasan_save_alloc_info+0x40/0x58 [ 22.304493] __kasan_kmalloc+0xd4/0xd8 [ 22.304532] __kmalloc_noprof+0x198/0x4c8 [ 22.304838] kunit_kmalloc_array+0x34/0x88 [ 22.304964] copy_user_test_oob+0xac/0xec8 [ 22.305054] kunit_try_run_case+0x170/0x3f0 [ 22.305141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.305243] kthread+0x328/0x630 [ 22.305313] ret_from_fork+0x10/0x20 [ 22.305420] [ 22.305520] The buggy address belongs to the object at fff00000c63b9300 [ 22.305520] which belongs to the cache kmalloc-128 of size 128 [ 22.305621] The buggy address is located 0 bytes inside of [ 22.305621] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.305733] [ 22.305818] The buggy address belongs to the physical page: [ 22.305894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.305963] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.306015] page_type: f5(slab) [ 22.306421] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.306505] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.306598] page dumped because: kasan: bad access detected [ 22.306633] [ 22.306654] Memory state around the buggy address: [ 22.306691] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.306739] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.306787] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.306830] ^ [ 22.306875] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.306934] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.306981] ================================================================== [ 22.276792] ================================================================== [ 22.277303] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 22.277401] Write of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.277581] [ 22.277630] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.278037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.278341] Hardware name: linux,dummy-virt (DT) [ 22.278414] Call trace: [ 22.278471] show_stack+0x20/0x38 (C) [ 22.278554] dump_stack_lvl+0x8c/0xd0 [ 22.278692] print_report+0x118/0x608 [ 22.278747] kasan_report+0xdc/0x128 [ 22.278932] kasan_check_range+0x100/0x1a8 [ 22.278986] __kasan_check_write+0x20/0x30 [ 22.279355] copy_user_test_oob+0x234/0xec8 [ 22.279428] kunit_try_run_case+0x170/0x3f0 [ 22.279535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.279733] kthread+0x328/0x630 [ 22.279787] ret_from_fork+0x10/0x20 [ 22.279866] [ 22.279894] Allocated by task 285: [ 22.280180] kasan_save_stack+0x3c/0x68 [ 22.280262] kasan_save_track+0x20/0x40 [ 22.280422] kasan_save_alloc_info+0x40/0x58 [ 22.280565] __kasan_kmalloc+0xd4/0xd8 [ 22.280630] __kmalloc_noprof+0x198/0x4c8 [ 22.280947] kunit_kmalloc_array+0x34/0x88 [ 22.281078] copy_user_test_oob+0xac/0xec8 [ 22.281449] kunit_try_run_case+0x170/0x3f0 [ 22.281823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.281913] kthread+0x328/0x630 [ 22.282350] ret_from_fork+0x10/0x20 [ 22.282458] [ 22.282538] The buggy address belongs to the object at fff00000c63b9300 [ 22.282538] which belongs to the cache kmalloc-128 of size 128 [ 22.282677] The buggy address is located 0 bytes inside of [ 22.282677] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.282778] [ 22.283178] The buggy address belongs to the physical page: [ 22.283240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.283363] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.283435] page_type: f5(slab) [ 22.283491] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.283672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.283864] page dumped because: kasan: bad access detected [ 22.283979] [ 22.284103] Memory state around the buggy address: [ 22.284411] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.284668] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.284842] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.285000] ^ [ 22.285049] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.285120] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.285179] ================================================================== [ 22.313415] ================================================================== [ 22.313594] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 22.313688] Write of size 121 at addr fff00000c63b9300 by task kunit_try_catch/285 [ 22.313746] [ 22.313797] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.313937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.313984] Hardware name: linux,dummy-virt (DT) [ 22.314064] Call trace: [ 22.314103] show_stack+0x20/0x38 (C) [ 22.314175] dump_stack_lvl+0x8c/0xd0 [ 22.314282] print_report+0x118/0x608 [ 22.314369] kasan_report+0xdc/0x128 [ 22.314419] kasan_check_range+0x100/0x1a8 [ 22.314470] __kasan_check_write+0x20/0x30 [ 22.314516] copy_user_test_oob+0x35c/0xec8 [ 22.314565] kunit_try_run_case+0x170/0x3f0 [ 22.314618] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.314674] kthread+0x328/0x630 [ 22.314726] ret_from_fork+0x10/0x20 [ 22.314776] [ 22.314797] Allocated by task 285: [ 22.314825] kasan_save_stack+0x3c/0x68 [ 22.314880] kasan_save_track+0x20/0x40 [ 22.314926] kasan_save_alloc_info+0x40/0x58 [ 22.314972] __kasan_kmalloc+0xd4/0xd8 [ 22.315015] __kmalloc_noprof+0x198/0x4c8 [ 22.315059] kunit_kmalloc_array+0x34/0x88 [ 22.315101] copy_user_test_oob+0xac/0xec8 [ 22.315151] kunit_try_run_case+0x170/0x3f0 [ 22.315502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.315641] kthread+0x328/0x630 [ 22.315754] ret_from_fork+0x10/0x20 [ 22.315815] [ 22.315837] The buggy address belongs to the object at fff00000c63b9300 [ 22.315837] which belongs to the cache kmalloc-128 of size 128 [ 22.315902] The buggy address is located 0 bytes inside of [ 22.315902] allocated 120-byte region [fff00000c63b9300, fff00000c63b9378) [ 22.315969] [ 22.316105] The buggy address belongs to the physical page: [ 22.316144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063b9 [ 22.316270] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.316374] page_type: f5(slab) [ 22.316481] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.316600] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.316942] page dumped because: kasan: bad access detected [ 22.317081] [ 22.317201] Memory state around the buggy address: [ 22.317473] fff00000c63b9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.317665] fff00000c63b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.317771] >fff00000c63b9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.317862] ^ [ 22.317920] fff00000c63b9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.317967] fff00000c63b9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.318042] ==================================================================
[ 16.490927] ================================================================== [ 16.491301] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.491663] Write of size 121 at addr ffff888102675c00 by task kunit_try_catch/303 [ 16.491977] [ 16.492098] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.492147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.492161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.492184] Call Trace: [ 16.492201] <TASK> [ 16.492221] dump_stack_lvl+0x73/0xb0 [ 16.492253] print_report+0xd1/0x650 [ 16.492278] ? __virt_addr_valid+0x1db/0x2d0 [ 16.492303] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.492329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.492354] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.492378] kasan_report+0x141/0x180 [ 16.492401] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.492430] kasan_check_range+0x10c/0x1c0 [ 16.492455] __kasan_check_write+0x18/0x20 [ 16.492476] copy_user_test_oob+0x3fd/0x10f0 [ 16.492502] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.492537] ? finish_task_switch.isra.0+0x153/0x700 [ 16.492562] ? __switch_to+0x47/0xf50 [ 16.492590] ? __schedule+0x10cc/0x2b60 [ 16.492625] ? __pfx_read_tsc+0x10/0x10 [ 16.492648] ? ktime_get_ts64+0x86/0x230 [ 16.492675] kunit_try_run_case+0x1a5/0x480 [ 16.492702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.492726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.492752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.492777] ? __kthread_parkme+0x82/0x180 [ 16.492799] ? preempt_count_sub+0x50/0x80 [ 16.492824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.492849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.492875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.492901] kthread+0x337/0x6f0 [ 16.492921] ? trace_preempt_on+0x20/0xc0 [ 16.492947] ? __pfx_kthread+0x10/0x10 [ 16.492968] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.492991] ? calculate_sigpending+0x7b/0xa0 [ 16.493016] ? __pfx_kthread+0x10/0x10 [ 16.493039] ret_from_fork+0x116/0x1d0 [ 16.493058] ? __pfx_kthread+0x10/0x10 [ 16.493080] ret_from_fork_asm+0x1a/0x30 [ 16.493113] </TASK> [ 16.493124] [ 16.500222] Allocated by task 303: [ 16.500395] kasan_save_stack+0x45/0x70 [ 16.500631] kasan_save_track+0x18/0x40 [ 16.500807] kasan_save_alloc_info+0x3b/0x50 [ 16.500979] __kasan_kmalloc+0xb7/0xc0 [ 16.501112] __kmalloc_noprof+0x1c9/0x500 [ 16.501251] kunit_kmalloc_array+0x25/0x60 [ 16.501410] copy_user_test_oob+0xab/0x10f0 [ 16.501624] kunit_try_run_case+0x1a5/0x480 [ 16.501840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.502128] kthread+0x337/0x6f0 [ 16.502248] ret_from_fork+0x116/0x1d0 [ 16.502379] ret_from_fork_asm+0x1a/0x30 [ 16.502517] [ 16.502614] The buggy address belongs to the object at ffff888102675c00 [ 16.502614] which belongs to the cache kmalloc-128 of size 128 [ 16.503161] The buggy address is located 0 bytes inside of [ 16.503161] allocated 120-byte region [ffff888102675c00, ffff888102675c78) [ 16.503713] [ 16.503786] The buggy address belongs to the physical page: [ 16.503958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102675 [ 16.504194] flags: 0x200000000000000(node=0|zone=2) [ 16.504394] page_type: f5(slab) [ 16.504559] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.504905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.505237] page dumped because: kasan: bad access detected [ 16.505543] [ 16.505620] Memory state around the buggy address: [ 16.505776] ffff888102675b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.505988] ffff888102675b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.506198] >ffff888102675c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.506541] ^ [ 16.506869] ffff888102675c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.507197] ffff888102675d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.507526] ================================================================== [ 16.548884] ================================================================== [ 16.549397] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.549847] Read of size 121 at addr ffff888102675c00 by task kunit_try_catch/303 [ 16.550087] [ 16.550397] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.550447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.550461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.550483] Call Trace: [ 16.550609] <TASK> [ 16.550631] dump_stack_lvl+0x73/0xb0 [ 16.550667] print_report+0xd1/0x650 [ 16.550692] ? __virt_addr_valid+0x1db/0x2d0 [ 16.550717] ? copy_user_test_oob+0x604/0x10f0 [ 16.550742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.550766] ? copy_user_test_oob+0x604/0x10f0 [ 16.550791] kasan_report+0x141/0x180 [ 16.550814] ? copy_user_test_oob+0x604/0x10f0 [ 16.550844] kasan_check_range+0x10c/0x1c0 [ 16.550869] __kasan_check_read+0x15/0x20 [ 16.550890] copy_user_test_oob+0x604/0x10f0 [ 16.550916] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.550940] ? finish_task_switch.isra.0+0x153/0x700 [ 16.550965] ? __switch_to+0x47/0xf50 [ 16.550993] ? __schedule+0x10cc/0x2b60 [ 16.551016] ? __pfx_read_tsc+0x10/0x10 [ 16.551038] ? ktime_get_ts64+0x86/0x230 [ 16.551065] kunit_try_run_case+0x1a5/0x480 [ 16.551091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.551115] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.551141] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.551166] ? __kthread_parkme+0x82/0x180 [ 16.551188] ? preempt_count_sub+0x50/0x80 [ 16.551214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.551240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.551265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.551292] kthread+0x337/0x6f0 [ 16.551312] ? trace_preempt_on+0x20/0xc0 [ 16.551337] ? __pfx_kthread+0x10/0x10 [ 16.551358] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.551381] ? calculate_sigpending+0x7b/0xa0 [ 16.551407] ? __pfx_kthread+0x10/0x10 [ 16.551430] ret_from_fork+0x116/0x1d0 [ 16.551449] ? __pfx_kthread+0x10/0x10 [ 16.551470] ret_from_fork_asm+0x1a/0x30 [ 16.551528] </TASK> [ 16.551540] [ 16.561062] Allocated by task 303: [ 16.561390] kasan_save_stack+0x45/0x70 [ 16.561712] kasan_save_track+0x18/0x40 [ 16.561871] kasan_save_alloc_info+0x3b/0x50 [ 16.562199] __kasan_kmalloc+0xb7/0xc0 [ 16.562379] __kmalloc_noprof+0x1c9/0x500 [ 16.562717] kunit_kmalloc_array+0x25/0x60 [ 16.563000] copy_user_test_oob+0xab/0x10f0 [ 16.563176] kunit_try_run_case+0x1a5/0x480 [ 16.563467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.563848] kthread+0x337/0x6f0 [ 16.564010] ret_from_fork+0x116/0x1d0 [ 16.564195] ret_from_fork_asm+0x1a/0x30 [ 16.564383] [ 16.564461] The buggy address belongs to the object at ffff888102675c00 [ 16.564461] which belongs to the cache kmalloc-128 of size 128 [ 16.565288] The buggy address is located 0 bytes inside of [ 16.565288] allocated 120-byte region [ffff888102675c00, ffff888102675c78) [ 16.565914] [ 16.566159] The buggy address belongs to the physical page: [ 16.566355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102675 [ 16.566881] flags: 0x200000000000000(node=0|zone=2) [ 16.567108] page_type: f5(slab) [ 16.567265] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.567534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.567950] page dumped because: kasan: bad access detected [ 16.568157] [ 16.568235] Memory state around the buggy address: [ 16.568461] ffff888102675b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.568749] ffff888102675b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.569047] >ffff888102675c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.569306] ^ [ 16.569574] ffff888102675c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.569839] ffff888102675d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.570164] ================================================================== [ 16.508164] ================================================================== [ 16.508619] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.508861] Read of size 121 at addr ffff888102675c00 by task kunit_try_catch/303 [ 16.509532] [ 16.509664] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.509714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.509727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.509748] Call Trace: [ 16.509764] <TASK> [ 16.509781] dump_stack_lvl+0x73/0xb0 [ 16.509813] print_report+0xd1/0x650 [ 16.509837] ? __virt_addr_valid+0x1db/0x2d0 [ 16.509861] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.509887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.509912] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.509938] kasan_report+0x141/0x180 [ 16.509961] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.509991] kasan_check_range+0x10c/0x1c0 [ 16.510015] __kasan_check_read+0x15/0x20 [ 16.510035] copy_user_test_oob+0x4aa/0x10f0 [ 16.510062] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.510086] ? finish_task_switch.isra.0+0x153/0x700 [ 16.510110] ? __switch_to+0x47/0xf50 [ 16.510137] ? __schedule+0x10cc/0x2b60 [ 16.510161] ? __pfx_read_tsc+0x10/0x10 [ 16.510183] ? ktime_get_ts64+0x86/0x230 [ 16.510209] kunit_try_run_case+0x1a5/0x480 [ 16.510234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.510258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.510283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.510308] ? __kthread_parkme+0x82/0x180 [ 16.510330] ? preempt_count_sub+0x50/0x80 [ 16.510355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.510381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.510406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.510433] kthread+0x337/0x6f0 [ 16.510452] ? trace_preempt_on+0x20/0xc0 [ 16.510477] ? __pfx_kthread+0x10/0x10 [ 16.510499] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.510521] ? calculate_sigpending+0x7b/0xa0 [ 16.510546] ? __pfx_kthread+0x10/0x10 [ 16.510569] ret_from_fork+0x116/0x1d0 [ 16.510588] ? __pfx_kthread+0x10/0x10 [ 16.510620] ret_from_fork_asm+0x1a/0x30 [ 16.510652] </TASK> [ 16.510662] [ 16.517881] Allocated by task 303: [ 16.518022] kasan_save_stack+0x45/0x70 [ 16.518200] kasan_save_track+0x18/0x40 [ 16.518397] kasan_save_alloc_info+0x3b/0x50 [ 16.518629] __kasan_kmalloc+0xb7/0xc0 [ 16.518762] __kmalloc_noprof+0x1c9/0x500 [ 16.518900] kunit_kmalloc_array+0x25/0x60 [ 16.519042] copy_user_test_oob+0xab/0x10f0 [ 16.519186] kunit_try_run_case+0x1a5/0x480 [ 16.519330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.519640] kthread+0x337/0x6f0 [ 16.519808] ret_from_fork+0x116/0x1d0 [ 16.519995] ret_from_fork_asm+0x1a/0x30 [ 16.520190] [ 16.520283] The buggy address belongs to the object at ffff888102675c00 [ 16.520283] which belongs to the cache kmalloc-128 of size 128 [ 16.520891] The buggy address is located 0 bytes inside of [ 16.520891] allocated 120-byte region [ffff888102675c00, ffff888102675c78) [ 16.521250] [ 16.521320] The buggy address belongs to the physical page: [ 16.521490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102675 [ 16.521861] flags: 0x200000000000000(node=0|zone=2) [ 16.522104] page_type: f5(slab) [ 16.522273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.522767] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.523074] page dumped because: kasan: bad access detected [ 16.523274] [ 16.523372] Memory state around the buggy address: [ 16.523622] ffff888102675b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.523892] ffff888102675b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.524131] >ffff888102675c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.524342] ^ [ 16.524772] ffff888102675c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.525102] ffff888102675d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.525425] ================================================================== [ 16.525922] ================================================================== [ 16.526220] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.526613] Write of size 121 at addr ffff888102675c00 by task kunit_try_catch/303 [ 16.526876] [ 16.526962] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.527004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.527017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.527037] Call Trace: [ 16.527053] <TASK> [ 16.527070] dump_stack_lvl+0x73/0xb0 [ 16.527100] print_report+0xd1/0x650 [ 16.527123] ? __virt_addr_valid+0x1db/0x2d0 [ 16.527148] ? copy_user_test_oob+0x557/0x10f0 [ 16.527172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.527197] ? copy_user_test_oob+0x557/0x10f0 [ 16.527222] kasan_report+0x141/0x180 [ 16.527244] ? copy_user_test_oob+0x557/0x10f0 [ 16.527274] kasan_check_range+0x10c/0x1c0 [ 16.527299] __kasan_check_write+0x18/0x20 [ 16.527320] copy_user_test_oob+0x557/0x10f0 [ 16.527347] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.527371] ? finish_task_switch.isra.0+0x153/0x700 [ 16.527396] ? __switch_to+0x47/0xf50 [ 16.527423] ? __schedule+0x10cc/0x2b60 [ 16.527446] ? __pfx_read_tsc+0x10/0x10 [ 16.527468] ? ktime_get_ts64+0x86/0x230 [ 16.527494] kunit_try_run_case+0x1a5/0x480 [ 16.527527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.527551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.527577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.527613] ? __kthread_parkme+0x82/0x180 [ 16.527635] ? preempt_count_sub+0x50/0x80 [ 16.527660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.527685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.527711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.527737] kthread+0x337/0x6f0 [ 16.527757] ? trace_preempt_on+0x20/0xc0 [ 16.527782] ? __pfx_kthread+0x10/0x10 [ 16.527803] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.527826] ? calculate_sigpending+0x7b/0xa0 [ 16.527852] ? __pfx_kthread+0x10/0x10 [ 16.527874] ret_from_fork+0x116/0x1d0 [ 16.527894] ? __pfx_kthread+0x10/0x10 [ 16.527915] ret_from_fork_asm+0x1a/0x30 [ 16.527947] </TASK> [ 16.527958] [ 16.537514] Allocated by task 303: [ 16.537872] kasan_save_stack+0x45/0x70 [ 16.538165] kasan_save_track+0x18/0x40 [ 16.538409] kasan_save_alloc_info+0x3b/0x50 [ 16.538722] __kasan_kmalloc+0xb7/0xc0 [ 16.538922] __kmalloc_noprof+0x1c9/0x500 [ 16.539218] kunit_kmalloc_array+0x25/0x60 [ 16.539412] copy_user_test_oob+0xab/0x10f0 [ 16.539745] kunit_try_run_case+0x1a5/0x480 [ 16.540033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.540237] kthread+0x337/0x6f0 [ 16.540568] ret_from_fork+0x116/0x1d0 [ 16.540782] ret_from_fork_asm+0x1a/0x30 [ 16.541084] [ 16.541186] The buggy address belongs to the object at ffff888102675c00 [ 16.541186] which belongs to the cache kmalloc-128 of size 128 [ 16.541815] The buggy address is located 0 bytes inside of [ 16.541815] allocated 120-byte region [ffff888102675c00, ffff888102675c78) [ 16.542442] [ 16.542698] The buggy address belongs to the physical page: [ 16.542991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102675 [ 16.543381] flags: 0x200000000000000(node=0|zone=2) [ 16.543695] page_type: f5(slab) [ 16.543873] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.544313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.544722] page dumped because: kasan: bad access detected [ 16.544975] [ 16.545223] Memory state around the buggy address: [ 16.545441] ffff888102675b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.545842] ffff888102675b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.546149] >ffff888102675c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.546438] ^ [ 16.546974] ffff888102675c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.547326] ffff888102675d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.547756] ==================================================================