Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.083382] ================================================================== [ 19.084814] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.084876] Read of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.084929] [ 19.084969] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.085055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.085085] Hardware name: linux,dummy-virt (DT) [ 19.085119] Call trace: [ 19.085143] show_stack+0x20/0x38 (C) [ 19.085194] dump_stack_lvl+0x8c/0xd0 [ 19.085253] print_report+0x118/0x5d0 [ 19.085301] kasan_report+0xdc/0x128 [ 19.085346] kasan_check_range+0x100/0x1a8 [ 19.085394] __kasan_check_read+0x20/0x30 [ 19.085449] copy_user_test_oob+0x3c8/0xec8 [ 19.085497] kunit_try_run_case+0x170/0x3f0 [ 19.085545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.085604] kthread+0x328/0x630 [ 19.085647] ret_from_fork+0x10/0x20 [ 19.085698] [ 19.085724] Allocated by task 286: [ 19.085752] kasan_save_stack+0x3c/0x68 [ 19.085795] kasan_save_track+0x20/0x40 [ 19.085834] kasan_save_alloc_info+0x40/0x58 [ 19.085876] __kasan_kmalloc+0xd4/0xd8 [ 19.085914] __kmalloc_noprof+0x198/0x4c8 [ 19.085956] kunit_kmalloc_array+0x34/0x88 [ 19.085994] copy_user_test_oob+0xac/0xec8 [ 19.086034] kunit_try_run_case+0x170/0x3f0 [ 19.086078] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.086125] kthread+0x328/0x630 [ 19.086163] ret_from_fork+0x10/0x20 [ 19.086214] [ 19.086234] The buggy address belongs to the object at fff00000c58c3b00 [ 19.086234] which belongs to the cache kmalloc-128 of size 128 [ 19.086296] The buggy address is located 0 bytes inside of [ 19.086296] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.086362] [ 19.086383] The buggy address belongs to the physical page: [ 19.086416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.086469] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.086517] page_type: f5(slab) [ 19.086572] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.086694] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.086831] page dumped because: kasan: bad access detected [ 19.086868] [ 19.086889] Memory state around the buggy address: [ 19.087190] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.087373] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.087745] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.087831] ^ [ 19.087879] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.087925] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.087967] ================================================================== [ 19.036339] ================================================================== [ 19.036457] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.036850] Write of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.036908] [ 19.036958] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.037048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.037078] Hardware name: linux,dummy-virt (DT) [ 19.037114] Call trace: [ 19.037142] show_stack+0x20/0x38 (C) [ 19.037210] dump_stack_lvl+0x8c/0xd0 [ 19.037266] print_report+0x118/0x5d0 [ 19.037313] kasan_report+0xdc/0x128 [ 19.037360] kasan_check_range+0x100/0x1a8 [ 19.037410] __kasan_check_write+0x20/0x30 [ 19.037455] copy_user_test_oob+0x234/0xec8 [ 19.037502] kunit_try_run_case+0x170/0x3f0 [ 19.037554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.037608] kthread+0x328/0x630 [ 19.037652] ret_from_fork+0x10/0x20 [ 19.037702] [ 19.037724] Allocated by task 286: [ 19.037756] kasan_save_stack+0x3c/0x68 [ 19.037801] kasan_save_track+0x20/0x40 [ 19.037841] kasan_save_alloc_info+0x40/0x58 [ 19.037882] __kasan_kmalloc+0xd4/0xd8 [ 19.037921] __kmalloc_noprof+0x198/0x4c8 [ 19.037962] kunit_kmalloc_array+0x34/0x88 [ 19.038001] copy_user_test_oob+0xac/0xec8 [ 19.038039] kunit_try_run_case+0x170/0x3f0 [ 19.038080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.038126] kthread+0x328/0x630 [ 19.038159] ret_from_fork+0x10/0x20 [ 19.040484] [ 19.040520] The buggy address belongs to the object at fff00000c58c3b00 [ 19.040520] which belongs to the cache kmalloc-128 of size 128 [ 19.040772] The buggy address is located 0 bytes inside of [ 19.040772] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.040851] [ 19.040879] The buggy address belongs to the physical page: [ 19.040947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.041014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.041070] page_type: f5(slab) [ 19.041117] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.041172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.041227] page dumped because: kasan: bad access detected [ 19.041260] [ 19.041280] Memory state around the buggy address: [ 19.041317] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.041365] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.041411] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.041453] ^ [ 19.041496] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.041542] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.041584] ================================================================== [ 19.088652] ================================================================== [ 19.088707] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.088761] Write of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.088974] [ 19.089026] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.089161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.089192] Hardware name: linux,dummy-virt (DT) [ 19.089247] Call trace: [ 19.089303] show_stack+0x20/0x38 (C) [ 19.089354] dump_stack_lvl+0x8c/0xd0 [ 19.089402] print_report+0x118/0x5d0 [ 19.089458] kasan_report+0xdc/0x128 [ 19.089504] kasan_check_range+0x100/0x1a8 [ 19.089554] __kasan_check_write+0x20/0x30 [ 19.089600] copy_user_test_oob+0x434/0xec8 [ 19.089648] kunit_try_run_case+0x170/0x3f0 [ 19.089695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.089749] kthread+0x328/0x630 [ 19.089791] ret_from_fork+0x10/0x20 [ 19.089839] [ 19.089859] Allocated by task 286: [ 19.089887] kasan_save_stack+0x3c/0x68 [ 19.089930] kasan_save_track+0x20/0x40 [ 19.089978] kasan_save_alloc_info+0x40/0x58 [ 19.090021] __kasan_kmalloc+0xd4/0xd8 [ 19.090065] __kmalloc_noprof+0x198/0x4c8 [ 19.090105] kunit_kmalloc_array+0x34/0x88 [ 19.090154] copy_user_test_oob+0xac/0xec8 [ 19.090192] kunit_try_run_case+0x170/0x3f0 [ 19.090485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.090533] kthread+0x328/0x630 [ 19.090569] ret_from_fork+0x10/0x20 [ 19.090614] [ 19.090637] The buggy address belongs to the object at fff00000c58c3b00 [ 19.090637] which belongs to the cache kmalloc-128 of size 128 [ 19.090700] The buggy address is located 0 bytes inside of [ 19.090700] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.090765] [ 19.090786] The buggy address belongs to the physical page: [ 19.090818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.090873] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.090921] page_type: f5(slab) [ 19.090958] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.091011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.091053] page dumped because: kasan: bad access detected [ 19.091090] [ 19.091111] Memory state around the buggy address: [ 19.091144] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.091190] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.091248] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.091289] ^ [ 19.091333] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.091378] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.091419] ================================================================== [ 19.091534] ================================================================== [ 19.091576] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.091621] Read of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.091673] [ 19.091702] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.091859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.091894] Hardware name: linux,dummy-virt (DT) [ 19.091941] Call trace: [ 19.091965] show_stack+0x20/0x38 (C) [ 19.092223] dump_stack_lvl+0x8c/0xd0 [ 19.092819] print_report+0x118/0x5d0 [ 19.092918] kasan_report+0xdc/0x128 [ 19.093063] kasan_check_range+0x100/0x1a8 [ 19.093159] __kasan_check_read+0x20/0x30 [ 19.093493] copy_user_test_oob+0x4a0/0xec8 [ 19.093556] kunit_try_run_case+0x170/0x3f0 [ 19.093605] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.093662] kthread+0x328/0x630 [ 19.093703] ret_from_fork+0x10/0x20 [ 19.093751] [ 19.093772] Allocated by task 286: [ 19.093801] kasan_save_stack+0x3c/0x68 [ 19.093844] kasan_save_track+0x20/0x40 [ 19.093886] kasan_save_alloc_info+0x40/0x58 [ 19.093930] __kasan_kmalloc+0xd4/0xd8 [ 19.093968] __kmalloc_noprof+0x198/0x4c8 [ 19.094008] kunit_kmalloc_array+0x34/0x88 [ 19.094046] copy_user_test_oob+0xac/0xec8 [ 19.094085] kunit_try_run_case+0x170/0x3f0 [ 19.094125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.094169] kthread+0x328/0x630 [ 19.094222] ret_from_fork+0x10/0x20 [ 19.094260] [ 19.094282] The buggy address belongs to the object at fff00000c58c3b00 [ 19.094282] which belongs to the cache kmalloc-128 of size 128 [ 19.094343] The buggy address is located 0 bytes inside of [ 19.094343] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.094491] [ 19.094571] The buggy address belongs to the physical page: [ 19.094738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.094876] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.094931] page_type: f5(slab) [ 19.095079] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.095313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.095459] page dumped because: kasan: bad access detected [ 19.095777] [ 19.095851] Memory state around the buggy address: [ 19.095913] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.096008] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.096090] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.096132] ^ [ 19.096176] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.096471] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.096547] ================================================================== [ 19.050379] ================================================================== [ 19.050444] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.050501] Read of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.050554] [ 19.050589] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.050675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.050704] Hardware name: linux,dummy-virt (DT) [ 19.050738] Call trace: [ 19.050762] show_stack+0x20/0x38 (C) [ 19.050813] dump_stack_lvl+0x8c/0xd0 [ 19.053109] print_report+0x118/0x5d0 [ 19.053176] kasan_report+0xdc/0x128 [ 19.053238] kasan_check_range+0x100/0x1a8 [ 19.053290] __kasan_check_read+0x20/0x30 [ 19.053335] copy_user_test_oob+0x728/0xec8 [ 19.053382] kunit_try_run_case+0x170/0x3f0 [ 19.053433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.053488] kthread+0x328/0x630 [ 19.053531] ret_from_fork+0x10/0x20 [ 19.053588] [ 19.053608] Allocated by task 286: [ 19.053637] kasan_save_stack+0x3c/0x68 [ 19.053682] kasan_save_track+0x20/0x40 [ 19.053721] kasan_save_alloc_info+0x40/0x58 [ 19.053763] __kasan_kmalloc+0xd4/0xd8 [ 19.053801] __kmalloc_noprof+0x198/0x4c8 [ 19.053842] kunit_kmalloc_array+0x34/0x88 [ 19.053882] copy_user_test_oob+0xac/0xec8 [ 19.053923] kunit_try_run_case+0x170/0x3f0 [ 19.053964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.054010] kthread+0x328/0x630 [ 19.054044] ret_from_fork+0x10/0x20 [ 19.054082] [ 19.054103] The buggy address belongs to the object at fff00000c58c3b00 [ 19.054103] which belongs to the cache kmalloc-128 of size 128 [ 19.054165] The buggy address is located 0 bytes inside of [ 19.054165] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.054246] [ 19.054269] The buggy address belongs to the physical page: [ 19.054304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.054361] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.054411] page_type: f5(slab) [ 19.054452] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.054507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.054552] page dumped because: kasan: bad access detected [ 19.054587] [ 19.054611] Memory state around the buggy address: [ 19.054648] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.054694] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.054741] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.054783] ^ [ 19.054826] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.054872] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.054913] ================================================================== [ 19.070450] ================================================================== [ 19.070784] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.070848] Write of size 121 at addr fff00000c58c3b00 by task kunit_try_catch/286 [ 19.070904] [ 19.070939] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.071025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.071054] Hardware name: linux,dummy-virt (DT) [ 19.071088] Call trace: [ 19.071112] show_stack+0x20/0x38 (C) [ 19.071163] dump_stack_lvl+0x8c/0xd0 [ 19.071227] print_report+0x118/0x5d0 [ 19.071276] kasan_report+0xdc/0x128 [ 19.071334] kasan_check_range+0x100/0x1a8 [ 19.071383] __kasan_check_write+0x20/0x30 [ 19.071738] copy_user_test_oob+0x35c/0xec8 [ 19.072033] kunit_try_run_case+0x170/0x3f0 [ 19.072112] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.073970] kthread+0x328/0x630 [ 19.074189] ret_from_fork+0x10/0x20 [ 19.074508] [ 19.074817] Allocated by task 286: [ 19.075235] kasan_save_stack+0x3c/0x68 [ 19.075723] kasan_save_track+0x20/0x40 [ 19.075780] kasan_save_alloc_info+0x40/0x58 [ 19.076413] __kasan_kmalloc+0xd4/0xd8 [ 19.077882] __kmalloc_noprof+0x198/0x4c8 [ 19.078331] kunit_kmalloc_array+0x34/0x88 [ 19.078739] copy_user_test_oob+0xac/0xec8 [ 19.079325] kunit_try_run_case+0x170/0x3f0 [ 19.079520] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.080226] kthread+0x328/0x630 [ 19.080635] ret_from_fork+0x10/0x20 [ 19.080729] [ 19.080825] The buggy address belongs to the object at fff00000c58c3b00 [ 19.080825] which belongs to the cache kmalloc-128 of size 128 [ 19.080942] The buggy address is located 0 bytes inside of [ 19.080942] allocated 120-byte region [fff00000c58c3b00, fff00000c58c3b78) [ 19.081865] [ 19.082216] The buggy address belongs to the physical page: [ 19.082257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c3 [ 19.082315] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.082367] page_type: f5(slab) [ 19.082410] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.082464] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.082508] page dumped because: kasan: bad access detected [ 19.082542] [ 19.082562] Memory state around the buggy address: [ 19.082598] fff00000c58c3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.082645] fff00000c58c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.082691] >fff00000c58c3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.082731] ^ [ 19.082776] fff00000c58c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.082822] fff00000c58c3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.082864] ==================================================================
[ 19.746773] ================================================================== [ 19.746826] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.746875] Write of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.746929] [ 19.746960] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.747050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.747079] Hardware name: linux,dummy-virt (DT) [ 19.747139] Call trace: [ 19.747163] show_stack+0x20/0x38 (C) [ 19.747227] dump_stack_lvl+0x8c/0xd0 [ 19.747274] print_report+0x118/0x5d0 [ 19.747321] kasan_report+0xdc/0x128 [ 19.747370] kasan_check_range+0x100/0x1a8 [ 19.747419] __kasan_check_write+0x20/0x30 [ 19.747466] copy_user_test_oob+0x434/0xec8 [ 19.747516] kunit_try_run_case+0x170/0x3f0 [ 19.747564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.747627] kthread+0x328/0x630 [ 19.748149] ret_from_fork+0x10/0x20 [ 19.748217] [ 19.748241] Allocated by task 286: [ 19.748458] kasan_save_stack+0x3c/0x68 [ 19.748547] kasan_save_track+0x20/0x40 [ 19.748608] kasan_save_alloc_info+0x40/0x58 [ 19.748689] __kasan_kmalloc+0xd4/0xd8 [ 19.748772] __kmalloc_noprof+0x198/0x4c8 [ 19.748813] kunit_kmalloc_array+0x34/0x88 [ 19.749007] copy_user_test_oob+0xac/0xec8 [ 19.749160] kunit_try_run_case+0x170/0x3f0 [ 19.749279] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.749364] kthread+0x328/0x630 [ 19.749457] ret_from_fork+0x10/0x20 [ 19.749532] [ 19.749588] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.749588] which belongs to the cache kmalloc-128 of size 128 [ 19.749729] The buggy address is located 0 bytes inside of [ 19.749729] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.749807] [ 19.749828] The buggy address belongs to the physical page: [ 19.749873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.749928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.750159] page_type: f5(slab) [ 19.750273] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.750366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.750577] page dumped because: kasan: bad access detected [ 19.750790] [ 19.750901] Memory state around the buggy address: [ 19.751296] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.751412] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751524] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.751567] ^ [ 19.751635] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751685] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.751881] ================================================================== [ 19.734111] ================================================================== [ 19.734269] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.734340] Write of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.734595] [ 19.734638] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.734761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.734861] Hardware name: linux,dummy-virt (DT) [ 19.734905] Call trace: [ 19.734930] show_stack+0x20/0x38 (C) [ 19.734981] dump_stack_lvl+0x8c/0xd0 [ 19.735027] print_report+0x118/0x5d0 [ 19.735113] kasan_report+0xdc/0x128 [ 19.735264] kasan_check_range+0x100/0x1a8 [ 19.735326] __kasan_check_write+0x20/0x30 [ 19.735376] copy_user_test_oob+0x35c/0xec8 [ 19.735498] kunit_try_run_case+0x170/0x3f0 [ 19.735594] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.735871] kthread+0x328/0x630 [ 19.736024] ret_from_fork+0x10/0x20 [ 19.736162] [ 19.736312] Allocated by task 286: [ 19.736403] kasan_save_stack+0x3c/0x68 [ 19.736729] kasan_save_track+0x20/0x40 [ 19.736815] kasan_save_alloc_info+0x40/0x58 [ 19.736939] __kasan_kmalloc+0xd4/0xd8 [ 19.737046] __kmalloc_noprof+0x198/0x4c8 [ 19.737143] kunit_kmalloc_array+0x34/0x88 [ 19.737275] copy_user_test_oob+0xac/0xec8 [ 19.737384] kunit_try_run_case+0x170/0x3f0 [ 19.737424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.737477] kthread+0x328/0x630 [ 19.737513] ret_from_fork+0x10/0x20 [ 19.737550] [ 19.737758] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.737758] which belongs to the cache kmalloc-128 of size 128 [ 19.737944] The buggy address is located 0 bytes inside of [ 19.737944] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.738107] [ 19.738188] The buggy address belongs to the physical page: [ 19.738232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.738289] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.738341] page_type: f5(slab) [ 19.738381] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.738447] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.738492] page dumped because: kasan: bad access detected [ 19.738536] [ 19.738559] Memory state around the buggy address: [ 19.738594] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.738647] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.738695] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.738737] ^ [ 19.738782] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.738843] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.738887] ================================================================== [ 19.739363] ================================================================== [ 19.739838] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.740108] Read of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.740306] [ 19.740442] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.740559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.740590] Hardware name: linux,dummy-virt (DT) [ 19.740622] Call trace: [ 19.740646] show_stack+0x20/0x38 (C) [ 19.740699] dump_stack_lvl+0x8c/0xd0 [ 19.740746] print_report+0x118/0x5d0 [ 19.740794] kasan_report+0xdc/0x128 [ 19.740995] kasan_check_range+0x100/0x1a8 [ 19.741108] __kasan_check_read+0x20/0x30 [ 19.741244] copy_user_test_oob+0x3c8/0xec8 [ 19.741517] kunit_try_run_case+0x170/0x3f0 [ 19.741577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.741908] kthread+0x328/0x630 [ 19.742294] ret_from_fork+0x10/0x20 [ 19.742473] [ 19.742550] Allocated by task 286: [ 19.742583] kasan_save_stack+0x3c/0x68 [ 19.742625] kasan_save_track+0x20/0x40 [ 19.742898] kasan_save_alloc_info+0x40/0x58 [ 19.743067] __kasan_kmalloc+0xd4/0xd8 [ 19.743163] __kmalloc_noprof+0x198/0x4c8 [ 19.743516] kunit_kmalloc_array+0x34/0x88 [ 19.743635] copy_user_test_oob+0xac/0xec8 [ 19.743724] kunit_try_run_case+0x170/0x3f0 [ 19.743850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.743946] kthread+0x328/0x630 [ 19.744000] ret_from_fork+0x10/0x20 [ 19.744039] [ 19.744224] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.744224] which belongs to the cache kmalloc-128 of size 128 [ 19.744291] The buggy address is located 0 bytes inside of [ 19.744291] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.744465] [ 19.744549] The buggy address belongs to the physical page: [ 19.744632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.744744] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.744886] page_type: f5(slab) [ 19.745252] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.745346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.745453] page dumped because: kasan: bad access detected [ 19.745546] [ 19.745613] Memory state around the buggy address: [ 19.745690] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.745852] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.745900] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.746050] ^ [ 19.746141] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.746237] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.746280] ================================================================== [ 19.709709] ================================================================== [ 19.709811] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.709889] Write of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.710111] [ 19.710170] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.710459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.710531] Hardware name: linux,dummy-virt (DT) [ 19.710617] Call trace: [ 19.710674] show_stack+0x20/0x38 (C) [ 19.710747] dump_stack_lvl+0x8c/0xd0 [ 19.710808] print_report+0x118/0x5d0 [ 19.710874] kasan_report+0xdc/0x128 [ 19.710929] kasan_check_range+0x100/0x1a8 [ 19.710994] __kasan_check_write+0x20/0x30 [ 19.711047] copy_user_test_oob+0x234/0xec8 [ 19.711099] kunit_try_run_case+0x170/0x3f0 [ 19.711397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.713191] kthread+0x328/0x630 [ 19.713515] ret_from_fork+0x10/0x20 [ 19.713598] [ 19.713635] Allocated by task 286: [ 19.713672] kasan_save_stack+0x3c/0x68 [ 19.713716] kasan_save_track+0x20/0x40 [ 19.713755] kasan_save_alloc_info+0x40/0x58 [ 19.713974] __kasan_kmalloc+0xd4/0xd8 [ 19.714216] __kmalloc_noprof+0x198/0x4c8 [ 19.714345] kunit_kmalloc_array+0x34/0x88 [ 19.714425] copy_user_test_oob+0xac/0xec8 [ 19.714489] kunit_try_run_case+0x170/0x3f0 [ 19.714591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.714668] kthread+0x328/0x630 [ 19.714712] ret_from_fork+0x10/0x20 [ 19.714811] [ 19.714894] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.714894] which belongs to the cache kmalloc-128 of size 128 [ 19.714991] The buggy address is located 0 bytes inside of [ 19.714991] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.715307] [ 19.715499] The buggy address belongs to the physical page: [ 19.715562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.715656] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.715791] page_type: f5(slab) [ 19.715857] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.715962] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.716081] page dumped because: kasan: bad access detected [ 19.716148] [ 19.716254] Memory state around the buggy address: [ 19.716317] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.716365] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.716414] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.716457] ^ [ 19.716752] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.717000] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.717088] ================================================================== [ 19.722196] ================================================================== [ 19.722260] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.722312] Read of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.722366] [ 19.722648] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.722815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.722851] Hardware name: linux,dummy-virt (DT) [ 19.723213] Call trace: [ 19.723277] show_stack+0x20/0x38 (C) [ 19.723347] dump_stack_lvl+0x8c/0xd0 [ 19.723486] print_report+0x118/0x5d0 [ 19.723582] kasan_report+0xdc/0x128 [ 19.723637] kasan_check_range+0x100/0x1a8 [ 19.723687] __kasan_check_read+0x20/0x30 [ 19.723748] copy_user_test_oob+0x728/0xec8 [ 19.723798] kunit_try_run_case+0x170/0x3f0 [ 19.724059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.724216] kthread+0x328/0x630 [ 19.724297] ret_from_fork+0x10/0x20 [ 19.724678] [ 19.724806] Allocated by task 286: [ 19.724893] kasan_save_stack+0x3c/0x68 [ 19.724940] kasan_save_track+0x20/0x40 [ 19.725285] kasan_save_alloc_info+0x40/0x58 [ 19.725396] __kasan_kmalloc+0xd4/0xd8 [ 19.725517] __kmalloc_noprof+0x198/0x4c8 [ 19.725598] kunit_kmalloc_array+0x34/0x88 [ 19.725644] copy_user_test_oob+0xac/0xec8 [ 19.725779] kunit_try_run_case+0x170/0x3f0 [ 19.726001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.726092] kthread+0x328/0x630 [ 19.726193] ret_from_fork+0x10/0x20 [ 19.726281] [ 19.726355] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.726355] which belongs to the cache kmalloc-128 of size 128 [ 19.726419] The buggy address is located 0 bytes inside of [ 19.726419] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.726484] [ 19.726509] The buggy address belongs to the physical page: [ 19.726542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.726884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.727012] page_type: f5(slab) [ 19.727085] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.727165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.727215] page dumped because: kasan: bad access detected [ 19.727286] [ 19.727623] Memory state around the buggy address: [ 19.727729] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.727843] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.727891] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.727932] ^ [ 19.728089] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.728137] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.728353] ================================================================== [ 19.753308] ================================================================== [ 19.753393] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.753539] Read of size 121 at addr fff00000c5ae0b00 by task kunit_try_catch/286 [ 19.753601] [ 19.753790] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.753909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.753970] Hardware name: linux,dummy-virt (DT) [ 19.754011] Call trace: [ 19.754035] show_stack+0x20/0x38 (C) [ 19.754106] dump_stack_lvl+0x8c/0xd0 [ 19.754421] print_report+0x118/0x5d0 [ 19.754493] kasan_report+0xdc/0x128 [ 19.754585] kasan_check_range+0x100/0x1a8 [ 19.754637] __kasan_check_read+0x20/0x30 [ 19.754684] copy_user_test_oob+0x4a0/0xec8 [ 19.754812] kunit_try_run_case+0x170/0x3f0 [ 19.754871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.754928] kthread+0x328/0x630 [ 19.755203] ret_from_fork+0x10/0x20 [ 19.755391] [ 19.755684] Allocated by task 286: [ 19.755768] kasan_save_stack+0x3c/0x68 [ 19.755836] kasan_save_track+0x20/0x40 [ 19.755876] kasan_save_alloc_info+0x40/0x58 [ 19.755920] __kasan_kmalloc+0xd4/0xd8 [ 19.756072] __kmalloc_noprof+0x198/0x4c8 [ 19.756249] kunit_kmalloc_array+0x34/0x88 [ 19.756374] copy_user_test_oob+0xac/0xec8 [ 19.756488] kunit_try_run_case+0x170/0x3f0 [ 19.756658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.756875] kthread+0x328/0x630 [ 19.757021] ret_from_fork+0x10/0x20 [ 19.757091] [ 19.757115] The buggy address belongs to the object at fff00000c5ae0b00 [ 19.757115] which belongs to the cache kmalloc-128 of size 128 [ 19.757205] The buggy address is located 0 bytes inside of [ 19.757205] allocated 120-byte region [fff00000c5ae0b00, fff00000c5ae0b78) [ 19.757273] [ 19.757295] The buggy address belongs to the physical page: [ 19.757328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae0 [ 19.757405] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.757456] page_type: f5(slab) [ 19.757495] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.757558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.757610] page dumped because: kasan: bad access detected [ 19.757661] [ 19.757681] Memory state around the buggy address: [ 19.757746] fff00000c5ae0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.757793] fff00000c5ae0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.757853] >fff00000c5ae0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.757920] ^ [ 19.757963] fff00000c5ae0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.758036] fff00000c5ae0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.758092] ==================================================================
[ 16.632275] ================================================================== [ 16.632802] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.633047] Write of size 121 at addr ffff888103434a00 by task kunit_try_catch/303 [ 16.633278] [ 16.633374] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.633424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.633438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.633474] Call Trace: [ 16.633489] <TASK> [ 16.633507] dump_stack_lvl+0x73/0xb0 [ 16.633539] print_report+0xd1/0x610 [ 16.633577] ? __virt_addr_valid+0x1db/0x2d0 [ 16.633602] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.633639] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.633665] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.633690] kasan_report+0x141/0x180 [ 16.633714] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.633744] kasan_check_range+0x10c/0x1c0 [ 16.633770] __kasan_check_write+0x18/0x20 [ 16.633790] copy_user_test_oob+0x3fd/0x10f0 [ 16.633818] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.633844] ? finish_task_switch.isra.0+0x153/0x700 [ 16.633879] ? __switch_to+0x47/0xf50 [ 16.633906] ? __schedule+0x10cc/0x2b60 [ 16.633941] ? __pfx_read_tsc+0x10/0x10 [ 16.633965] ? ktime_get_ts64+0x86/0x230 [ 16.633991] kunit_try_run_case+0x1a5/0x480 [ 16.634018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.634042] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.634070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.634095] ? __kthread_parkme+0x82/0x180 [ 16.634118] ? preempt_count_sub+0x50/0x80 [ 16.634143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.634178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.634205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.634242] kthread+0x337/0x6f0 [ 16.634262] ? trace_preempt_on+0x20/0xc0 [ 16.634287] ? __pfx_kthread+0x10/0x10 [ 16.634310] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.634334] ? calculate_sigpending+0x7b/0xa0 [ 16.634368] ? __pfx_kthread+0x10/0x10 [ 16.634392] ret_from_fork+0x116/0x1d0 [ 16.634411] ? __pfx_kthread+0x10/0x10 [ 16.634444] ret_from_fork_asm+0x1a/0x30 [ 16.634484] </TASK> [ 16.634495] [ 16.645841] Allocated by task 303: [ 16.645989] kasan_save_stack+0x45/0x70 [ 16.646145] kasan_save_track+0x18/0x40 [ 16.646283] kasan_save_alloc_info+0x3b/0x50 [ 16.646494] __kasan_kmalloc+0xb7/0xc0 [ 16.646823] __kmalloc_noprof+0x1c9/0x500 [ 16.647175] kunit_kmalloc_array+0x25/0x60 [ 16.647565] copy_user_test_oob+0xab/0x10f0 [ 16.647938] kunit_try_run_case+0x1a5/0x480 [ 16.648309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.648922] kthread+0x337/0x6f0 [ 16.649277] ret_from_fork+0x116/0x1d0 [ 16.649637] ret_from_fork_asm+0x1a/0x30 [ 16.650006] [ 16.650168] The buggy address belongs to the object at ffff888103434a00 [ 16.650168] which belongs to the cache kmalloc-128 of size 128 [ 16.651230] The buggy address is located 0 bytes inside of [ 16.651230] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.651982] [ 16.652060] The buggy address belongs to the physical page: [ 16.652236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.652501] flags: 0x200000000000000(node=0|zone=2) [ 16.652796] page_type: f5(slab) [ 16.652972] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.653256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.653587] page dumped because: kasan: bad access detected [ 16.653916] [ 16.653993] Memory state around the buggy address: [ 16.654168] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.654519] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.654799] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.655035] ^ [ 16.655329] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.655671] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.655914] ================================================================== [ 16.674441] ================================================================== [ 16.675021] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.675352] Write of size 121 at addr ffff888103434a00 by task kunit_try_catch/303 [ 16.675701] [ 16.675817] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.675862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.675875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.675898] Call Trace: [ 16.675916] <TASK> [ 16.675933] dump_stack_lvl+0x73/0xb0 [ 16.675964] print_report+0xd1/0x610 [ 16.675988] ? __virt_addr_valid+0x1db/0x2d0 [ 16.676021] ? copy_user_test_oob+0x557/0x10f0 [ 16.676047] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.676072] ? copy_user_test_oob+0x557/0x10f0 [ 16.676098] kasan_report+0x141/0x180 [ 16.676120] ? copy_user_test_oob+0x557/0x10f0 [ 16.676151] kasan_check_range+0x10c/0x1c0 [ 16.676175] __kasan_check_write+0x18/0x20 [ 16.676197] copy_user_test_oob+0x557/0x10f0 [ 16.676225] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.676249] ? finish_task_switch.isra.0+0x153/0x700 [ 16.676275] ? __switch_to+0x47/0xf50 [ 16.676307] ? __schedule+0x10cc/0x2b60 [ 16.676331] ? __pfx_read_tsc+0x10/0x10 [ 16.676354] ? ktime_get_ts64+0x86/0x230 [ 16.676379] kunit_try_run_case+0x1a5/0x480 [ 16.676406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.676443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.676478] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.676504] ? __kthread_parkme+0x82/0x180 [ 16.676527] ? preempt_count_sub+0x50/0x80 [ 16.676551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.676578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.676604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.676631] kthread+0x337/0x6f0 [ 16.676652] ? trace_preempt_on+0x20/0xc0 [ 16.676676] ? __pfx_kthread+0x10/0x10 [ 16.676698] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.676721] ? calculate_sigpending+0x7b/0xa0 [ 16.676748] ? __pfx_kthread+0x10/0x10 [ 16.676770] ret_from_fork+0x116/0x1d0 [ 16.676791] ? __pfx_kthread+0x10/0x10 [ 16.676814] ret_from_fork_asm+0x1a/0x30 [ 16.676848] </TASK> [ 16.676859] [ 16.684154] Allocated by task 303: [ 16.684289] kasan_save_stack+0x45/0x70 [ 16.684458] kasan_save_track+0x18/0x40 [ 16.684656] kasan_save_alloc_info+0x3b/0x50 [ 16.684877] __kasan_kmalloc+0xb7/0xc0 [ 16.685097] __kmalloc_noprof+0x1c9/0x500 [ 16.685355] kunit_kmalloc_array+0x25/0x60 [ 16.685653] copy_user_test_oob+0xab/0x10f0 [ 16.685835] kunit_try_run_case+0x1a5/0x480 [ 16.686008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.686237] kthread+0x337/0x6f0 [ 16.686359] ret_from_fork+0x116/0x1d0 [ 16.686503] ret_from_fork_asm+0x1a/0x30 [ 16.686651] [ 16.686748] The buggy address belongs to the object at ffff888103434a00 [ 16.686748] which belongs to the cache kmalloc-128 of size 128 [ 16.687296] The buggy address is located 0 bytes inside of [ 16.687296] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.687691] [ 16.687763] The buggy address belongs to the physical page: [ 16.687936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.688503] flags: 0x200000000000000(node=0|zone=2) [ 16.688750] page_type: f5(slab) [ 16.688919] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.689255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.689569] page dumped because: kasan: bad access detected [ 16.689742] [ 16.689814] Memory state around the buggy address: [ 16.689971] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.690234] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.690744] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.691065] ^ [ 16.691363] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.691684] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.691898] ================================================================== [ 16.692724] ================================================================== [ 16.693086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.693405] Read of size 121 at addr ffff888103434a00 by task kunit_try_catch/303 [ 16.693762] [ 16.693856] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.693904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.693916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.693940] Call Trace: [ 16.693961] <TASK> [ 16.693979] dump_stack_lvl+0x73/0xb0 [ 16.694009] print_report+0xd1/0x610 [ 16.694033] ? __virt_addr_valid+0x1db/0x2d0 [ 16.694060] ? copy_user_test_oob+0x604/0x10f0 [ 16.694085] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.694110] ? copy_user_test_oob+0x604/0x10f0 [ 16.694135] kasan_report+0x141/0x180 [ 16.694158] ? copy_user_test_oob+0x604/0x10f0 [ 16.694189] kasan_check_range+0x10c/0x1c0 [ 16.694214] __kasan_check_read+0x15/0x20 [ 16.694235] copy_user_test_oob+0x604/0x10f0 [ 16.694262] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.694287] ? finish_task_switch.isra.0+0x153/0x700 [ 16.694312] ? __switch_to+0x47/0xf50 [ 16.694339] ? __schedule+0x10cc/0x2b60 [ 16.694364] ? __pfx_read_tsc+0x10/0x10 [ 16.694386] ? ktime_get_ts64+0x86/0x230 [ 16.694412] kunit_try_run_case+0x1a5/0x480 [ 16.694438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.694475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.694501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.694527] ? __kthread_parkme+0x82/0x180 [ 16.694549] ? preempt_count_sub+0x50/0x80 [ 16.694574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.694600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.694627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.694654] kthread+0x337/0x6f0 [ 16.694675] ? trace_preempt_on+0x20/0xc0 [ 16.694701] ? __pfx_kthread+0x10/0x10 [ 16.694723] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.694746] ? calculate_sigpending+0x7b/0xa0 [ 16.694772] ? __pfx_kthread+0x10/0x10 [ 16.694795] ret_from_fork+0x116/0x1d0 [ 16.694816] ? __pfx_kthread+0x10/0x10 [ 16.694838] ret_from_fork_asm+0x1a/0x30 [ 16.694871] </TASK> [ 16.694882] [ 16.701921] Allocated by task 303: [ 16.702232] kasan_save_stack+0x45/0x70 [ 16.702496] kasan_save_track+0x18/0x40 [ 16.702749] kasan_save_alloc_info+0x3b/0x50 [ 16.702963] __kasan_kmalloc+0xb7/0xc0 [ 16.703140] __kmalloc_noprof+0x1c9/0x500 [ 16.703298] kunit_kmalloc_array+0x25/0x60 [ 16.703529] copy_user_test_oob+0xab/0x10f0 [ 16.703744] kunit_try_run_case+0x1a5/0x480 [ 16.703932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.704147] kthread+0x337/0x6f0 [ 16.704270] ret_from_fork+0x116/0x1d0 [ 16.704514] ret_from_fork_asm+0x1a/0x30 [ 16.704715] [ 16.704812] The buggy address belongs to the object at ffff888103434a00 [ 16.704812] which belongs to the cache kmalloc-128 of size 128 [ 16.705273] The buggy address is located 0 bytes inside of [ 16.705273] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.705792] [ 16.705866] The buggy address belongs to the physical page: [ 16.706040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.706283] flags: 0x200000000000000(node=0|zone=2) [ 16.706480] page_type: f5(slab) [ 16.706650] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.707029] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.707364] page dumped because: kasan: bad access detected [ 16.707569] [ 16.707641] Memory state around the buggy address: [ 16.707798] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.708015] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.708308] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.708781] ^ [ 16.709103] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.709430] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.709972] ================================================================== [ 16.656595] ================================================================== [ 16.656907] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.657264] Read of size 121 at addr ffff888103434a00 by task kunit_try_catch/303 [ 16.657553] [ 16.657653] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.657701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.657714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.657738] Call Trace: [ 16.657758] <TASK> [ 16.657778] dump_stack_lvl+0x73/0xb0 [ 16.657809] print_report+0xd1/0x610 [ 16.657833] ? __virt_addr_valid+0x1db/0x2d0 [ 16.657858] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.657884] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.657910] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.657936] kasan_report+0x141/0x180 [ 16.657959] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.658040] kasan_check_range+0x10c/0x1c0 [ 16.658067] __kasan_check_read+0x15/0x20 [ 16.658088] copy_user_test_oob+0x4aa/0x10f0 [ 16.658116] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.658141] ? finish_task_switch.isra.0+0x153/0x700 [ 16.658166] ? __switch_to+0x47/0xf50 [ 16.658193] ? __schedule+0x10cc/0x2b60 [ 16.658217] ? __pfx_read_tsc+0x10/0x10 [ 16.658240] ? ktime_get_ts64+0x86/0x230 [ 16.658266] kunit_try_run_case+0x1a5/0x480 [ 16.658293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.658317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.658345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.658370] ? __kthread_parkme+0x82/0x180 [ 16.658394] ? preempt_count_sub+0x50/0x80 [ 16.658429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.658466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.658493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.658520] kthread+0x337/0x6f0 [ 16.658540] ? trace_preempt_on+0x20/0xc0 [ 16.658566] ? __pfx_kthread+0x10/0x10 [ 16.658588] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.658611] ? calculate_sigpending+0x7b/0xa0 [ 16.658637] ? __pfx_kthread+0x10/0x10 [ 16.658661] ret_from_fork+0x116/0x1d0 [ 16.658682] ? __pfx_kthread+0x10/0x10 [ 16.658707] ret_from_fork_asm+0x1a/0x30 [ 16.658741] </TASK> [ 16.658753] [ 16.666070] Allocated by task 303: [ 16.666201] kasan_save_stack+0x45/0x70 [ 16.666345] kasan_save_track+0x18/0x40 [ 16.666719] kasan_save_alloc_info+0x3b/0x50 [ 16.666941] __kasan_kmalloc+0xb7/0xc0 [ 16.667132] __kmalloc_noprof+0x1c9/0x500 [ 16.667336] kunit_kmalloc_array+0x25/0x60 [ 16.667581] copy_user_test_oob+0xab/0x10f0 [ 16.667778] kunit_try_run_case+0x1a5/0x480 [ 16.667926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.668171] kthread+0x337/0x6f0 [ 16.668346] ret_from_fork+0x116/0x1d0 [ 16.668492] ret_from_fork_asm+0x1a/0x30 [ 16.668635] [ 16.668729] The buggy address belongs to the object at ffff888103434a00 [ 16.668729] which belongs to the cache kmalloc-128 of size 128 [ 16.669266] The buggy address is located 0 bytes inside of [ 16.669266] allocated 120-byte region [ffff888103434a00, ffff888103434a78) [ 16.669666] [ 16.669739] The buggy address belongs to the physical page: [ 16.669911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103434 [ 16.670436] flags: 0x200000000000000(node=0|zone=2) [ 16.670681] page_type: f5(slab) [ 16.670848] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.671166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.671395] page dumped because: kasan: bad access detected [ 16.671575] [ 16.671644] Memory state around the buggy address: [ 16.671829] ffff888103434900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.672326] ffff888103434980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.672622] >ffff888103434a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.672833] ^ [ 16.673220] ffff888103434a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.673721] ffff888103434b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.673952] ==================================================================
[ 16.998512] ================================================================== [ 16.999038] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 17.000217] Write of size 121 at addr ffff8881025b8100 by task kunit_try_catch/304 [ 17.000471] [ 17.000568] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.000614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.000628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.000651] Call Trace: [ 17.000667] <TASK> [ 17.000684] dump_stack_lvl+0x73/0xb0 [ 17.000717] print_report+0xd1/0x610 [ 17.000741] ? __virt_addr_valid+0x1db/0x2d0 [ 17.000766] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.000792] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.000818] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.000843] kasan_report+0x141/0x180 [ 17.000866] ? copy_user_test_oob+0x3fd/0x10f0 [ 17.000896] kasan_check_range+0x10c/0x1c0 [ 17.000921] __kasan_check_write+0x18/0x20 [ 17.000943] copy_user_test_oob+0x3fd/0x10f0 [ 17.000970] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.000996] ? finish_task_switch.isra.0+0x153/0x700 [ 17.001021] ? __switch_to+0x47/0xf50 [ 17.001047] ? __schedule+0x10cc/0x2b60 [ 17.001697] ? __pfx_read_tsc+0x10/0x10 [ 17.001725] ? ktime_get_ts64+0x86/0x230 [ 17.001752] kunit_try_run_case+0x1a5/0x480 [ 17.001782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.001808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.001834] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.001860] ? __kthread_parkme+0x82/0x180 [ 17.001883] ? preempt_count_sub+0x50/0x80 [ 17.001909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.001936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.001963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.001990] kthread+0x337/0x6f0 [ 17.002011] ? trace_preempt_on+0x20/0xc0 [ 17.002037] ? __pfx_kthread+0x10/0x10 [ 17.002073] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.002097] ? calculate_sigpending+0x7b/0xa0 [ 17.002147] ? __pfx_kthread+0x10/0x10 [ 17.002170] ret_from_fork+0x116/0x1d0 [ 17.002192] ? __pfx_kthread+0x10/0x10 [ 17.002215] ret_from_fork_asm+0x1a/0x30 [ 17.002247] </TASK> [ 17.002258] [ 17.011946] Allocated by task 304: [ 17.012792] kasan_save_stack+0x45/0x70 [ 17.012996] kasan_save_track+0x18/0x40 [ 17.013184] kasan_save_alloc_info+0x3b/0x50 [ 17.013548] __kasan_kmalloc+0xb7/0xc0 [ 17.013747] __kmalloc_noprof+0x1c9/0x500 [ 17.013938] kunit_kmalloc_array+0x25/0x60 [ 17.014459] copy_user_test_oob+0xab/0x10f0 [ 17.014670] kunit_try_run_case+0x1a5/0x480 [ 17.014966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.015397] kthread+0x337/0x6f0 [ 17.015662] ret_from_fork+0x116/0x1d0 [ 17.015867] ret_from_fork_asm+0x1a/0x30 [ 17.016075] [ 17.016191] The buggy address belongs to the object at ffff8881025b8100 [ 17.016191] which belongs to the cache kmalloc-128 of size 128 [ 17.016915] The buggy address is located 0 bytes inside of [ 17.016915] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.017673] [ 17.017778] The buggy address belongs to the physical page: [ 17.018178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.018624] flags: 0x200000000000000(node=0|zone=2) [ 17.018862] page_type: f5(slab) [ 17.019171] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.019602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.020020] page dumped because: kasan: bad access detected [ 17.020353] [ 17.020451] Memory state around the buggy address: [ 17.020844] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.021362] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.021683] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.022061] ^ [ 17.022581] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.022978] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.023545] ================================================================== [ 17.024576] ================================================================== [ 17.025255] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 17.025675] Read of size 121 at addr ffff8881025b8100 by task kunit_try_catch/304 [ 17.025975] [ 17.026102] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.026148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.026162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.026285] Call Trace: [ 17.026498] <TASK> [ 17.026521] dump_stack_lvl+0x73/0xb0 [ 17.026554] print_report+0xd1/0x610 [ 17.026579] ? __virt_addr_valid+0x1db/0x2d0 [ 17.026604] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.026630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.026655] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.026680] kasan_report+0x141/0x180 [ 17.026710] ? copy_user_test_oob+0x4aa/0x10f0 [ 17.026740] kasan_check_range+0x10c/0x1c0 [ 17.026766] __kasan_check_read+0x15/0x20 [ 17.026787] copy_user_test_oob+0x4aa/0x10f0 [ 17.026814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.026839] ? finish_task_switch.isra.0+0x153/0x700 [ 17.026864] ? __switch_to+0x47/0xf50 [ 17.026891] ? __schedule+0x10cc/0x2b60 [ 17.026915] ? __pfx_read_tsc+0x10/0x10 [ 17.026938] ? ktime_get_ts64+0x86/0x230 [ 17.026965] kunit_try_run_case+0x1a5/0x480 [ 17.026992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.027017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.027043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.027080] ? __kthread_parkme+0x82/0x180 [ 17.027102] ? preempt_count_sub+0x50/0x80 [ 17.027129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.027156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.027183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.027211] kthread+0x337/0x6f0 [ 17.027231] ? trace_preempt_on+0x20/0xc0 [ 17.027258] ? __pfx_kthread+0x10/0x10 [ 17.027279] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.027303] ? calculate_sigpending+0x7b/0xa0 [ 17.027330] ? __pfx_kthread+0x10/0x10 [ 17.027353] ret_from_fork+0x116/0x1d0 [ 17.027374] ? __pfx_kthread+0x10/0x10 [ 17.027397] ret_from_fork_asm+0x1a/0x30 [ 17.027429] </TASK> [ 17.027440] [ 17.037434] Allocated by task 304: [ 17.037829] kasan_save_stack+0x45/0x70 [ 17.038034] kasan_save_track+0x18/0x40 [ 17.038400] kasan_save_alloc_info+0x3b/0x50 [ 17.038689] __kasan_kmalloc+0xb7/0xc0 [ 17.038964] __kmalloc_noprof+0x1c9/0x500 [ 17.039156] kunit_kmalloc_array+0x25/0x60 [ 17.039645] copy_user_test_oob+0xab/0x10f0 [ 17.039943] kunit_try_run_case+0x1a5/0x480 [ 17.040219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.040590] kthread+0x337/0x6f0 [ 17.040785] ret_from_fork+0x116/0x1d0 [ 17.041082] ret_from_fork_asm+0x1a/0x30 [ 17.041381] [ 17.041610] The buggy address belongs to the object at ffff8881025b8100 [ 17.041610] which belongs to the cache kmalloc-128 of size 128 [ 17.042089] The buggy address is located 0 bytes inside of [ 17.042089] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.042860] [ 17.043097] The buggy address belongs to the physical page: [ 17.043504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.043995] flags: 0x200000000000000(node=0|zone=2) [ 17.044330] page_type: f5(slab) [ 17.044522] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.044991] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.045487] page dumped because: kasan: bad access detected [ 17.045782] [ 17.045880] Memory state around the buggy address: [ 17.046233] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.046554] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.046992] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.047469] ^ [ 17.047859] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.048374] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.048704] ================================================================== [ 17.068308] ================================================================== [ 17.068541] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 17.069112] Read of size 121 at addr ffff8881025b8100 by task kunit_try_catch/304 [ 17.069394] [ 17.069479] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.069522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.069534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.069558] Call Trace: [ 17.069572] <TASK> [ 17.069588] dump_stack_lvl+0x73/0xb0 [ 17.069618] print_report+0xd1/0x610 [ 17.069642] ? __virt_addr_valid+0x1db/0x2d0 [ 17.069666] ? copy_user_test_oob+0x604/0x10f0 [ 17.069691] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.069716] ? copy_user_test_oob+0x604/0x10f0 [ 17.069743] kasan_report+0x141/0x180 [ 17.069768] ? copy_user_test_oob+0x604/0x10f0 [ 17.069797] kasan_check_range+0x10c/0x1c0 [ 17.069846] __kasan_check_read+0x15/0x20 [ 17.069867] copy_user_test_oob+0x604/0x10f0 [ 17.069894] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.069919] ? finish_task_switch.isra.0+0x153/0x700 [ 17.069961] ? __switch_to+0x47/0xf50 [ 17.069988] ? __schedule+0x10cc/0x2b60 [ 17.070027] ? __pfx_read_tsc+0x10/0x10 [ 17.070061] ? ktime_get_ts64+0x86/0x230 [ 17.070101] kunit_try_run_case+0x1a5/0x480 [ 17.070140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.070174] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.070201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.070227] ? __kthread_parkme+0x82/0x180 [ 17.070250] ? preempt_count_sub+0x50/0x80 [ 17.070275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.070302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.070328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.070356] kthread+0x337/0x6f0 [ 17.070378] ? trace_preempt_on+0x20/0xc0 [ 17.070402] ? __pfx_kthread+0x10/0x10 [ 17.070424] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.070448] ? calculate_sigpending+0x7b/0xa0 [ 17.070474] ? __pfx_kthread+0x10/0x10 [ 17.070497] ret_from_fork+0x116/0x1d0 [ 17.070518] ? __pfx_kthread+0x10/0x10 [ 17.070540] ret_from_fork_asm+0x1a/0x30 [ 17.070572] </TASK> [ 17.070601] [ 17.078238] Allocated by task 304: [ 17.078368] kasan_save_stack+0x45/0x70 [ 17.078587] kasan_save_track+0x18/0x40 [ 17.078787] kasan_save_alloc_info+0x3b/0x50 [ 17.078989] __kasan_kmalloc+0xb7/0xc0 [ 17.079228] __kmalloc_noprof+0x1c9/0x500 [ 17.079424] kunit_kmalloc_array+0x25/0x60 [ 17.079617] copy_user_test_oob+0xab/0x10f0 [ 17.079862] kunit_try_run_case+0x1a5/0x480 [ 17.080124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.080400] kthread+0x337/0x6f0 [ 17.080572] ret_from_fork+0x116/0x1d0 [ 17.080761] ret_from_fork_asm+0x1a/0x30 [ 17.080957] [ 17.081062] The buggy address belongs to the object at ffff8881025b8100 [ 17.081062] which belongs to the cache kmalloc-128 of size 128 [ 17.081606] The buggy address is located 0 bytes inside of [ 17.081606] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.082211] [ 17.082308] The buggy address belongs to the physical page: [ 17.082556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.082922] flags: 0x200000000000000(node=0|zone=2) [ 17.083160] page_type: f5(slab) [ 17.083284] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.083509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.083729] page dumped because: kasan: bad access detected [ 17.083898] [ 17.083967] Memory state around the buggy address: [ 17.084337] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.084688] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.085063] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.085775] ^ [ 17.086163] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.086493] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.086818] ================================================================== [ 17.049208] ================================================================== [ 17.049506] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 17.050011] Write of size 121 at addr ffff8881025b8100 by task kunit_try_catch/304 [ 17.050277] [ 17.050367] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 17.050411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.050424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.050462] Call Trace: [ 17.050478] <TASK> [ 17.050494] dump_stack_lvl+0x73/0xb0 [ 17.050525] print_report+0xd1/0x610 [ 17.050572] ? __virt_addr_valid+0x1db/0x2d0 [ 17.050598] ? copy_user_test_oob+0x557/0x10f0 [ 17.050624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.050667] ? copy_user_test_oob+0x557/0x10f0 [ 17.050694] kasan_report+0x141/0x180 [ 17.050724] ? copy_user_test_oob+0x557/0x10f0 [ 17.050781] kasan_check_range+0x10c/0x1c0 [ 17.050807] __kasan_check_write+0x18/0x20 [ 17.050828] copy_user_test_oob+0x557/0x10f0 [ 17.050856] ? __pfx_copy_user_test_oob+0x10/0x10 [ 17.050881] ? finish_task_switch.isra.0+0x153/0x700 [ 17.050905] ? __switch_to+0x47/0xf50 [ 17.050932] ? __schedule+0x10cc/0x2b60 [ 17.050956] ? __pfx_read_tsc+0x10/0x10 [ 17.050978] ? ktime_get_ts64+0x86/0x230 [ 17.051004] kunit_try_run_case+0x1a5/0x480 [ 17.051030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.051066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.051093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.051129] ? __kthread_parkme+0x82/0x180 [ 17.051152] ? preempt_count_sub+0x50/0x80 [ 17.051177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.051203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.051230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.051258] kthread+0x337/0x6f0 [ 17.051279] ? trace_preempt_on+0x20/0xc0 [ 17.051304] ? __pfx_kthread+0x10/0x10 [ 17.051326] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.051349] ? calculate_sigpending+0x7b/0xa0 [ 17.051376] ? __pfx_kthread+0x10/0x10 [ 17.051399] ret_from_fork+0x116/0x1d0 [ 17.051421] ? __pfx_kthread+0x10/0x10 [ 17.051442] ret_from_fork_asm+0x1a/0x30 [ 17.051474] </TASK> [ 17.051484] [ 17.059145] Allocated by task 304: [ 17.059276] kasan_save_stack+0x45/0x70 [ 17.059583] kasan_save_track+0x18/0x40 [ 17.059781] kasan_save_alloc_info+0x3b/0x50 [ 17.060023] __kasan_kmalloc+0xb7/0xc0 [ 17.060356] __kmalloc_noprof+0x1c9/0x500 [ 17.060524] kunit_kmalloc_array+0x25/0x60 [ 17.060681] copy_user_test_oob+0xab/0x10f0 [ 17.060912] kunit_try_run_case+0x1a5/0x480 [ 17.061168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.061389] kthread+0x337/0x6f0 [ 17.061601] ret_from_fork+0x116/0x1d0 [ 17.061850] ret_from_fork_asm+0x1a/0x30 [ 17.062092] [ 17.062190] The buggy address belongs to the object at ffff8881025b8100 [ 17.062190] which belongs to the cache kmalloc-128 of size 128 [ 17.062728] The buggy address is located 0 bytes inside of [ 17.062728] allocated 120-byte region [ffff8881025b8100, ffff8881025b8178) [ 17.063260] [ 17.063335] The buggy address belongs to the physical page: [ 17.063504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b8 [ 17.063986] flags: 0x200000000000000(node=0|zone=2) [ 17.064375] page_type: f5(slab) [ 17.064568] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.064913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.065437] page dumped because: kasan: bad access detected [ 17.065631] [ 17.065700] Memory state around the buggy address: [ 17.065852] ffff8881025b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.066241] ffff8881025b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.066579] >ffff8881025b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.066937] ^ [ 17.067283] ffff8881025b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.067515] ffff8881025b8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.067812] ==================================================================