Date
July 9, 2025, 12:11 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 22.275449] ================================================================== [ 22.275503] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 22.275583] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.275655] [ 22.275743] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.275845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.275899] Hardware name: linux,dummy-virt (DT) [ 22.275973] Call trace: [ 22.275999] show_stack+0x20/0x38 (C) [ 22.276147] dump_stack_lvl+0x8c/0xd0 [ 22.276243] print_report+0x118/0x608 [ 22.276311] kasan_report+0xdc/0x128 [ 22.276359] kasan_check_range+0x100/0x1a8 [ 22.276420] __kasan_check_write+0x20/0x30 [ 22.276467] copy_user_test_oob+0x434/0xec8 [ 22.276517] kunit_try_run_case+0x170/0x3f0 [ 22.276721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.276880] kthread+0x328/0x630 [ 22.276976] ret_from_fork+0x10/0x20 [ 22.277077] [ 22.277156] Allocated by task 286: [ 22.277224] kasan_save_stack+0x3c/0x68 [ 22.277321] kasan_save_track+0x20/0x40 [ 22.277429] kasan_save_alloc_info+0x40/0x58 [ 22.277486] __kasan_kmalloc+0xd4/0xd8 [ 22.277525] __kmalloc_noprof+0x198/0x4c8 [ 22.277705] kunit_kmalloc_array+0x34/0x88 [ 22.277836] copy_user_test_oob+0xac/0xec8 [ 22.278080] kunit_try_run_case+0x170/0x3f0 [ 22.278148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.278234] kthread+0x328/0x630 [ 22.278514] ret_from_fork+0x10/0x20 [ 22.278584] [ 22.278606] The buggy address belongs to the object at fff00000c6e98900 [ 22.278606] which belongs to the cache kmalloc-128 of size 128 [ 22.278678] The buggy address is located 0 bytes inside of [ 22.278678] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.278744] [ 22.278780] The buggy address belongs to the physical page: [ 22.278814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.278868] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.278933] page_type: f5(slab) [ 22.278974] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.279026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.279068] page dumped because: kasan: bad access detected [ 22.279112] [ 22.279141] Memory state around the buggy address: [ 22.279175] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.279221] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.279271] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.279322] ^ [ 22.279365] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.279769] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.279868] ================================================================== [ 22.280427] ================================================================== [ 22.280477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 22.280527] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.280579] [ 22.280610] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.280695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.280765] Hardware name: linux,dummy-virt (DT) [ 22.280802] Call trace: [ 22.280825] show_stack+0x20/0x38 (C) [ 22.280887] dump_stack_lvl+0x8c/0xd0 [ 22.281037] print_report+0x118/0x608 [ 22.281096] kasan_report+0xdc/0x128 [ 22.281142] kasan_check_range+0x100/0x1a8 [ 22.281193] __kasan_check_read+0x20/0x30 [ 22.281240] copy_user_test_oob+0x4a0/0xec8 [ 22.281475] kunit_try_run_case+0x170/0x3f0 [ 22.281559] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.281663] kthread+0x328/0x630 [ 22.281709] ret_from_fork+0x10/0x20 [ 22.281777] [ 22.281853] Allocated by task 286: [ 22.281903] kasan_save_stack+0x3c/0x68 [ 22.281958] kasan_save_track+0x20/0x40 [ 22.282000] kasan_save_alloc_info+0x40/0x58 [ 22.282043] __kasan_kmalloc+0xd4/0xd8 [ 22.282083] __kmalloc_noprof+0x198/0x4c8 [ 22.282147] kunit_kmalloc_array+0x34/0x88 [ 22.282189] copy_user_test_oob+0xac/0xec8 [ 22.282387] kunit_try_run_case+0x170/0x3f0 [ 22.282474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.282541] kthread+0x328/0x630 [ 22.282598] ret_from_fork+0x10/0x20 [ 22.282638] [ 22.282721] The buggy address belongs to the object at fff00000c6e98900 [ 22.282721] which belongs to the cache kmalloc-128 of size 128 [ 22.282798] The buggy address is located 0 bytes inside of [ 22.282798] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.282888] [ 22.282927] The buggy address belongs to the physical page: [ 22.282979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.283032] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.283081] page_type: f5(slab) [ 22.283146] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.283199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.283366] page dumped because: kasan: bad access detected [ 22.283551] [ 22.283638] Memory state around the buggy address: [ 22.283694] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.283760] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.283835] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.283897] ^ [ 22.283942] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.283987] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.284076] ================================================================== [ 22.270186] ================================================================== [ 22.270241] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 22.270502] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.270558] [ 22.270592] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.270677] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.270707] Hardware name: linux,dummy-virt (DT) [ 22.270741] Call trace: [ 22.270766] show_stack+0x20/0x38 (C) [ 22.270816] dump_stack_lvl+0x8c/0xd0 [ 22.270865] print_report+0x118/0x608 [ 22.270913] kasan_report+0xdc/0x128 [ 22.270961] kasan_check_range+0x100/0x1a8 [ 22.271012] __kasan_check_read+0x20/0x30 [ 22.271058] copy_user_test_oob+0x3c8/0xec8 [ 22.271108] kunit_try_run_case+0x170/0x3f0 [ 22.271158] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.271213] kthread+0x328/0x630 [ 22.271257] ret_from_fork+0x10/0x20 [ 22.271306] [ 22.271328] Allocated by task 286: [ 22.271358] kasan_save_stack+0x3c/0x68 [ 22.271415] kasan_save_track+0x20/0x40 [ 22.271456] kasan_save_alloc_info+0x40/0x58 [ 22.271500] __kasan_kmalloc+0xd4/0xd8 [ 22.271539] __kmalloc_noprof+0x198/0x4c8 [ 22.271618] kunit_kmalloc_array+0x34/0x88 [ 22.271678] copy_user_test_oob+0xac/0xec8 [ 22.271746] kunit_try_run_case+0x170/0x3f0 [ 22.271834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.271901] kthread+0x328/0x630 [ 22.271961] ret_from_fork+0x10/0x20 [ 22.272076] [ 22.272117] The buggy address belongs to the object at fff00000c6e98900 [ 22.272117] which belongs to the cache kmalloc-128 of size 128 [ 22.272207] The buggy address is located 0 bytes inside of [ 22.272207] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.272356] [ 22.272436] The buggy address belongs to the physical page: [ 22.272498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.272853] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.272987] page_type: f5(slab) [ 22.273046] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.273131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.273264] page dumped because: kasan: bad access detected [ 22.273313] [ 22.273353] Memory state around the buggy address: [ 22.273676] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.273795] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.273909] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.273972] ^ [ 22.274018] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.274377] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.274530] ================================================================== [ 22.223260] ================================================================== [ 22.223373] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 22.224887] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.224995] [ 22.225071] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.225551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.225613] Hardware name: linux,dummy-virt (DT) [ 22.226013] Call trace: [ 22.226054] show_stack+0x20/0x38 (C) [ 22.226480] dump_stack_lvl+0x8c/0xd0 [ 22.226540] print_report+0x118/0x608 [ 22.226596] kasan_report+0xdc/0x128 [ 22.226646] kasan_check_range+0x100/0x1a8 [ 22.226697] __kasan_check_write+0x20/0x30 [ 22.226781] copy_user_test_oob+0x234/0xec8 [ 22.226842] kunit_try_run_case+0x170/0x3f0 [ 22.226897] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.226951] kthread+0x328/0x630 [ 22.227006] ret_from_fork+0x10/0x20 [ 22.227068] [ 22.227089] Allocated by task 286: [ 22.227122] kasan_save_stack+0x3c/0x68 [ 22.227180] kasan_save_track+0x20/0x40 [ 22.227221] kasan_save_alloc_info+0x40/0x58 [ 22.227264] __kasan_kmalloc+0xd4/0xd8 [ 22.227314] __kmalloc_noprof+0x198/0x4c8 [ 22.227367] kunit_kmalloc_array+0x34/0x88 [ 22.227432] copy_user_test_oob+0xac/0xec8 [ 22.227488] kunit_try_run_case+0x170/0x3f0 [ 22.227536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.227588] kthread+0x328/0x630 [ 22.227623] ret_from_fork+0x10/0x20 [ 22.227683] [ 22.227713] The buggy address belongs to the object at fff00000c6e98900 [ 22.227713] which belongs to the cache kmalloc-128 of size 128 [ 22.227785] The buggy address is located 0 bytes inside of [ 22.227785] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.227865] [ 22.227900] The buggy address belongs to the physical page: [ 22.227945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.228012] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.229368] page_type: f5(slab) [ 22.229480] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.229572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.229636] page dumped because: kasan: bad access detected [ 22.229669] [ 22.229719] Memory state around the buggy address: [ 22.229757] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.229823] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.229885] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.229949] ^ [ 22.229995] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.230058] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.230126] ================================================================== [ 22.238930] ================================================================== [ 22.239028] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 22.239168] Read of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.239234] [ 22.239271] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.239790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.239832] Hardware name: linux,dummy-virt (DT) [ 22.239867] Call trace: [ 22.239894] show_stack+0x20/0x38 (C) [ 22.240233] dump_stack_lvl+0x8c/0xd0 [ 22.240327] print_report+0x118/0x608 [ 22.240465] kasan_report+0xdc/0x128 [ 22.240555] kasan_check_range+0x100/0x1a8 [ 22.240643] __kasan_check_read+0x20/0x30 [ 22.240786] copy_user_test_oob+0x728/0xec8 [ 22.240837] kunit_try_run_case+0x170/0x3f0 [ 22.241303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.241691] kthread+0x328/0x630 [ 22.241871] ret_from_fork+0x10/0x20 [ 22.241930] [ 22.241981] Allocated by task 286: [ 22.242230] kasan_save_stack+0x3c/0x68 [ 22.242420] kasan_save_track+0x20/0x40 [ 22.242644] kasan_save_alloc_info+0x40/0x58 [ 22.242891] __kasan_kmalloc+0xd4/0xd8 [ 22.243068] __kmalloc_noprof+0x198/0x4c8 [ 22.243861] kunit_kmalloc_array+0x34/0x88 [ 22.243948] copy_user_test_oob+0xac/0xec8 [ 22.244009] kunit_try_run_case+0x170/0x3f0 [ 22.244106] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.244299] kthread+0x328/0x630 [ 22.244583] ret_from_fork+0x10/0x20 [ 22.244905] [ 22.244946] The buggy address belongs to the object at fff00000c6e98900 [ 22.244946] which belongs to the cache kmalloc-128 of size 128 [ 22.245435] The buggy address is located 0 bytes inside of [ 22.245435] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.245555] [ 22.245597] The buggy address belongs to the physical page: [ 22.245632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.245688] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.245748] page_type: f5(slab) [ 22.245804] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.245859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.245915] page dumped because: kasan: bad access detected [ 22.245958] [ 22.245979] Memory state around the buggy address: [ 22.246022] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.246069] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.246123] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.246164] ^ [ 22.246208] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.246254] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.246304] ================================================================== [ 22.254932] ================================================================== [ 22.254999] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 22.255300] Write of size 121 at addr fff00000c6e98900 by task kunit_try_catch/286 [ 22.255482] [ 22.255525] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 22.255784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.255827] Hardware name: linux,dummy-virt (DT) [ 22.255992] Call trace: [ 22.256019] show_stack+0x20/0x38 (C) [ 22.256214] dump_stack_lvl+0x8c/0xd0 [ 22.256474] print_report+0x118/0x608 [ 22.256641] kasan_report+0xdc/0x128 [ 22.256997] kasan_check_range+0x100/0x1a8 [ 22.257109] __kasan_check_write+0x20/0x30 [ 22.257332] copy_user_test_oob+0x35c/0xec8 [ 22.257391] kunit_try_run_case+0x170/0x3f0 [ 22.257837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.258445] kthread+0x328/0x630 [ 22.258511] ret_from_fork+0x10/0x20 [ 22.260097] [ 22.260145] Allocated by task 286: [ 22.260440] kasan_save_stack+0x3c/0x68 [ 22.260510] kasan_save_track+0x20/0x40 [ 22.263819] kasan_save_alloc_info+0x40/0x58 [ 22.263990] __kasan_kmalloc+0xd4/0xd8 [ 22.264967] __kmalloc_noprof+0x198/0x4c8 [ 22.265606] kunit_kmalloc_array+0x34/0x88 [ 22.265689] copy_user_test_oob+0xac/0xec8 [ 22.266444] kunit_try_run_case+0x170/0x3f0 [ 22.266503] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.266550] kthread+0x328/0x630 [ 22.266589] ret_from_fork+0x10/0x20 [ 22.266628] [ 22.266651] The buggy address belongs to the object at fff00000c6e98900 [ 22.266651] which belongs to the cache kmalloc-128 of size 128 [ 22.266714] The buggy address is located 0 bytes inside of [ 22.266714] allocated 120-byte region [fff00000c6e98900, fff00000c6e98978) [ 22.266779] [ 22.266803] The buggy address belongs to the physical page: [ 22.266843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106e98 [ 22.266900] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.266952] page_type: f5(slab) [ 22.266995] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.267049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.267093] page dumped because: kasan: bad access detected [ 22.267127] [ 22.267148] Memory state around the buggy address: [ 22.267183] fff00000c6e98800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.267229] fff00000c6e98880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.267274] >fff00000c6e98900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.267316] ^ [ 22.267359] fff00000c6e98980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.267415] fff00000c6e98a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.267458] ==================================================================
[ 16.679088] ================================================================== [ 16.679405] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.679853] Read of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302 [ 16.680173] [ 16.680301] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.680347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.680360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.680382] Call Trace: [ 16.680401] <TASK> [ 16.680420] dump_stack_lvl+0x73/0xb0 [ 16.680478] print_report+0xd1/0x650 [ 16.680504] ? __virt_addr_valid+0x1db/0x2d0 [ 16.680528] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.680593] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.680631] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.680668] kasan_report+0x141/0x180 [ 16.680718] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.680747] kasan_check_range+0x10c/0x1c0 [ 16.680797] __kasan_check_read+0x15/0x20 [ 16.680818] copy_user_test_oob+0x4aa/0x10f0 [ 16.680844] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.680880] ? finish_task_switch.isra.0+0x153/0x700 [ 16.680904] ? __switch_to+0x47/0xf50 [ 16.680930] ? __schedule+0x10cc/0x2b60 [ 16.680968] ? __pfx_read_tsc+0x10/0x10 [ 16.680990] ? ktime_get_ts64+0x86/0x230 [ 16.681015] kunit_try_run_case+0x1a5/0x480 [ 16.681041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.681065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.681091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.681147] ? __kthread_parkme+0x82/0x180 [ 16.681170] ? preempt_count_sub+0x50/0x80 [ 16.681205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.681230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.681257] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.681314] kthread+0x337/0x6f0 [ 16.681335] ? trace_preempt_on+0x20/0xc0 [ 16.681359] ? __pfx_kthread+0x10/0x10 [ 16.681401] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.681424] ? calculate_sigpending+0x7b/0xa0 [ 16.681450] ? __pfx_kthread+0x10/0x10 [ 16.681483] ret_from_fork+0x116/0x1d0 [ 16.681502] ? __pfx_kthread+0x10/0x10 [ 16.681524] ret_from_fork_asm+0x1a/0x30 [ 16.681557] </TASK> [ 16.681569] [ 16.688952] Allocated by task 302: [ 16.689130] kasan_save_stack+0x45/0x70 [ 16.689373] kasan_save_track+0x18/0x40 [ 16.689622] kasan_save_alloc_info+0x3b/0x50 [ 16.689840] __kasan_kmalloc+0xb7/0xc0 [ 16.690057] __kmalloc_noprof+0x1c9/0x500 [ 16.690234] kunit_kmalloc_array+0x25/0x60 [ 16.690515] copy_user_test_oob+0xab/0x10f0 [ 16.690743] kunit_try_run_case+0x1a5/0x480 [ 16.690888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.691074] kthread+0x337/0x6f0 [ 16.691195] ret_from_fork+0x116/0x1d0 [ 16.691338] ret_from_fork_asm+0x1a/0x30 [ 16.691585] [ 16.691684] The buggy address belongs to the object at ffff888102ab9c00 [ 16.691684] which belongs to the cache kmalloc-128 of size 128 [ 16.692235] The buggy address is located 0 bytes inside of [ 16.692235] allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78) [ 16.692893] [ 16.693027] The buggy address belongs to the physical page: [ 16.693338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9 [ 16.693580] flags: 0x200000000000000(node=0|zone=2) [ 16.693742] page_type: f5(slab) [ 16.693864] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.694184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.694921] page dumped because: kasan: bad access detected [ 16.695206] [ 16.695307] Memory state around the buggy address: [ 16.695464] ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.695862] ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.696142] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.696583] ^ [ 16.696795] ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697021] ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697435] ================================================================== [ 16.698253] ================================================================== [ 16.698620] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.698979] Write of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302 [ 16.699381] [ 16.699487] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.699532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.699545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.699566] Call Trace: [ 16.699585] <TASK> [ 16.699602] dump_stack_lvl+0x73/0xb0 [ 16.699633] print_report+0xd1/0x650 [ 16.699658] ? __virt_addr_valid+0x1db/0x2d0 [ 16.699698] ? copy_user_test_oob+0x557/0x10f0 [ 16.699723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.699748] ? copy_user_test_oob+0x557/0x10f0 [ 16.699773] kasan_report+0x141/0x180 [ 16.699796] ? copy_user_test_oob+0x557/0x10f0 [ 16.699860] kasan_check_range+0x10c/0x1c0 [ 16.699885] __kasan_check_write+0x18/0x20 [ 16.699917] copy_user_test_oob+0x557/0x10f0 [ 16.699954] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.699978] ? finish_task_switch.isra.0+0x153/0x700 [ 16.700002] ? __switch_to+0x47/0xf50 [ 16.700028] ? __schedule+0x10cc/0x2b60 [ 16.700052] ? __pfx_read_tsc+0x10/0x10 [ 16.700075] ? ktime_get_ts64+0x86/0x230 [ 16.700100] kunit_try_run_case+0x1a5/0x480 [ 16.700126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.700150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.700176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.700202] ? __kthread_parkme+0x82/0x180 [ 16.700224] ? preempt_count_sub+0x50/0x80 [ 16.700248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.700275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.700329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.700356] kthread+0x337/0x6f0 [ 16.700387] ? trace_preempt_on+0x20/0xc0 [ 16.700412] ? __pfx_kthread+0x10/0x10 [ 16.700463] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.700485] ? calculate_sigpending+0x7b/0xa0 [ 16.700522] ? __pfx_kthread+0x10/0x10 [ 16.700544] ret_from_fork+0x116/0x1d0 [ 16.700564] ? __pfx_kthread+0x10/0x10 [ 16.700586] ret_from_fork_asm+0x1a/0x30 [ 16.700618] </TASK> [ 16.700631] [ 16.708312] Allocated by task 302: [ 16.708539] kasan_save_stack+0x45/0x70 [ 16.708743] kasan_save_track+0x18/0x40 [ 16.708956] kasan_save_alloc_info+0x3b/0x50 [ 16.709140] __kasan_kmalloc+0xb7/0xc0 [ 16.709270] __kmalloc_noprof+0x1c9/0x500 [ 16.709535] kunit_kmalloc_array+0x25/0x60 [ 16.709819] copy_user_test_oob+0xab/0x10f0 [ 16.710084] kunit_try_run_case+0x1a5/0x480 [ 16.710305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.710560] kthread+0x337/0x6f0 [ 16.710718] ret_from_fork+0x116/0x1d0 [ 16.710878] ret_from_fork_asm+0x1a/0x30 [ 16.711023] [ 16.711093] The buggy address belongs to the object at ffff888102ab9c00 [ 16.711093] which belongs to the cache kmalloc-128 of size 128 [ 16.711542] The buggy address is located 0 bytes inside of [ 16.711542] allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78) [ 16.713177] [ 16.713287] The buggy address belongs to the physical page: [ 16.713584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9 [ 16.714152] flags: 0x200000000000000(node=0|zone=2) [ 16.714504] page_type: f5(slab) [ 16.714805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.715243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.715828] page dumped because: kasan: bad access detected [ 16.716195] [ 16.716410] Memory state around the buggy address: [ 16.716708] ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.717131] ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.717643] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.717987] ^ [ 16.718303] ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.718677] ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.718963] ================================================================== [ 16.719569] ================================================================== [ 16.719813] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.720993] Read of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302 [ 16.721874] [ 16.722002] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.722050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.722325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.722350] Call Trace: [ 16.722371] <TASK> [ 16.722392] dump_stack_lvl+0x73/0xb0 [ 16.722427] print_report+0xd1/0x650 [ 16.722453] ? __virt_addr_valid+0x1db/0x2d0 [ 16.722478] ? copy_user_test_oob+0x604/0x10f0 [ 16.722503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.722528] ? copy_user_test_oob+0x604/0x10f0 [ 16.722553] kasan_report+0x141/0x180 [ 16.722576] ? copy_user_test_oob+0x604/0x10f0 [ 16.722605] kasan_check_range+0x10c/0x1c0 [ 16.722630] __kasan_check_read+0x15/0x20 [ 16.722650] copy_user_test_oob+0x604/0x10f0 [ 16.722677] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.722701] ? finish_task_switch.isra.0+0x153/0x700 [ 16.722732] ? __switch_to+0x47/0xf50 [ 16.722758] ? __schedule+0x10cc/0x2b60 [ 16.722781] ? __pfx_read_tsc+0x10/0x10 [ 16.722804] ? ktime_get_ts64+0x86/0x230 [ 16.722829] kunit_try_run_case+0x1a5/0x480 [ 16.722854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.722879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.722904] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.722929] ? __kthread_parkme+0x82/0x180 [ 16.722963] ? preempt_count_sub+0x50/0x80 [ 16.722988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.723014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.723040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.723066] kthread+0x337/0x6f0 [ 16.723086] ? trace_preempt_on+0x20/0xc0 [ 16.723111] ? __pfx_kthread+0x10/0x10 [ 16.723132] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.723155] ? calculate_sigpending+0x7b/0xa0 [ 16.723181] ? __pfx_kthread+0x10/0x10 [ 16.723203] ret_from_fork+0x116/0x1d0 [ 16.723223] ? __pfx_kthread+0x10/0x10 [ 16.723244] ret_from_fork_asm+0x1a/0x30 [ 16.723288] </TASK> [ 16.723300] [ 16.733240] Allocated by task 302: [ 16.733440] kasan_save_stack+0x45/0x70 [ 16.733651] kasan_save_track+0x18/0x40 [ 16.733833] kasan_save_alloc_info+0x3b/0x50 [ 16.734800] __kasan_kmalloc+0xb7/0xc0 [ 16.734972] __kmalloc_noprof+0x1c9/0x500 [ 16.735449] kunit_kmalloc_array+0x25/0x60 [ 16.735770] copy_user_test_oob+0xab/0x10f0 [ 16.736118] kunit_try_run_case+0x1a5/0x480 [ 16.736359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.736595] kthread+0x337/0x6f0 [ 16.736771] ret_from_fork+0x116/0x1d0 [ 16.736967] ret_from_fork_asm+0x1a/0x30 [ 16.737160] [ 16.737247] The buggy address belongs to the object at ffff888102ab9c00 [ 16.737247] which belongs to the cache kmalloc-128 of size 128 [ 16.738173] The buggy address is located 0 bytes inside of [ 16.738173] allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78) [ 16.739000] [ 16.739111] The buggy address belongs to the physical page: [ 16.739522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9 [ 16.739998] flags: 0x200000000000000(node=0|zone=2) [ 16.740347] page_type: f5(slab) [ 16.740533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.740812] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.741157] page dumped because: kasan: bad access detected [ 16.741656] [ 16.741752] Memory state around the buggy address: [ 16.742140] ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.742618] ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.743038] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.743553] ^ [ 16.743975] ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.744515] ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.744826] ================================================================== [ 16.659661] ================================================================== [ 16.660066] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.660442] Write of size 121 at addr ffff888102ab9c00 by task kunit_try_catch/302 [ 16.660715] [ 16.660845] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.660915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.660929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.660964] Call Trace: [ 16.660980] <TASK> [ 16.660999] dump_stack_lvl+0x73/0xb0 [ 16.661033] print_report+0xd1/0x650 [ 16.661057] ? __virt_addr_valid+0x1db/0x2d0 [ 16.661081] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.661106] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.661131] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.661157] kasan_report+0x141/0x180 [ 16.661179] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.661241] kasan_check_range+0x10c/0x1c0 [ 16.661266] __kasan_check_write+0x18/0x20 [ 16.661310] copy_user_test_oob+0x3fd/0x10f0 [ 16.661337] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.661362] ? finish_task_switch.isra.0+0x153/0x700 [ 16.661386] ? __switch_to+0x47/0xf50 [ 16.661413] ? __schedule+0x10cc/0x2b60 [ 16.661437] ? __pfx_read_tsc+0x10/0x10 [ 16.661459] ? ktime_get_ts64+0x86/0x230 [ 16.661484] kunit_try_run_case+0x1a5/0x480 [ 16.661510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.661534] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.661559] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.661585] ? __kthread_parkme+0x82/0x180 [ 16.661607] ? preempt_count_sub+0x50/0x80 [ 16.661631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.661656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.661683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.661710] kthread+0x337/0x6f0 [ 16.661730] ? trace_preempt_on+0x20/0xc0 [ 16.661754] ? __pfx_kthread+0x10/0x10 [ 16.661776] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.661799] ? calculate_sigpending+0x7b/0xa0 [ 16.661824] ? __pfx_kthread+0x10/0x10 [ 16.661846] ret_from_fork+0x116/0x1d0 [ 16.661865] ? __pfx_kthread+0x10/0x10 [ 16.661887] ret_from_fork_asm+0x1a/0x30 [ 16.661919] </TASK> [ 16.661931] [ 16.669551] Allocated by task 302: [ 16.669799] kasan_save_stack+0x45/0x70 [ 16.670019] kasan_save_track+0x18/0x40 [ 16.670218] kasan_save_alloc_info+0x3b/0x50 [ 16.670499] __kasan_kmalloc+0xb7/0xc0 [ 16.670686] __kmalloc_noprof+0x1c9/0x500 [ 16.670910] kunit_kmalloc_array+0x25/0x60 [ 16.671139] copy_user_test_oob+0xab/0x10f0 [ 16.671379] kunit_try_run_case+0x1a5/0x480 [ 16.671528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.671704] kthread+0x337/0x6f0 [ 16.671879] ret_from_fork+0x116/0x1d0 [ 16.672084] ret_from_fork_asm+0x1a/0x30 [ 16.672286] [ 16.672424] The buggy address belongs to the object at ffff888102ab9c00 [ 16.672424] which belongs to the cache kmalloc-128 of size 128 [ 16.672924] The buggy address is located 0 bytes inside of [ 16.672924] allocated 120-byte region [ffff888102ab9c00, ffff888102ab9c78) [ 16.673531] [ 16.673607] The buggy address belongs to the physical page: [ 16.673781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab9 [ 16.674192] flags: 0x200000000000000(node=0|zone=2) [ 16.674647] page_type: f5(slab) [ 16.674825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.675195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.675609] page dumped because: kasan: bad access detected [ 16.675843] [ 16.675913] Memory state around the buggy address: [ 16.676149] ffff888102ab9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.676624] ffff888102ab9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.676955] >ffff888102ab9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.677169] ^ [ 16.677710] ffff888102ab9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.678068] ffff888102ab9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.678397] ==================================================================