Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.794562] ================================================================== [ 19.794679] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.794767] Write of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.794825] [ 19.795016] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.795154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.795184] Hardware name: linux,dummy-virt (DT) [ 19.795222] Call trace: [ 19.795249] show_stack+0x20/0x38 (C) [ 19.795637] dump_stack_lvl+0x8c/0xd0 [ 19.795864] print_report+0x118/0x5d0 [ 19.796046] kasan_report+0xdc/0x128 [ 19.796189] kasan_check_range+0x100/0x1a8 [ 19.796285] __kasan_check_write+0x20/0x30 [ 19.796399] copy_user_test_oob+0x234/0xec8 [ 19.796447] kunit_try_run_case+0x170/0x3f0 [ 19.796499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.796872] kthread+0x328/0x630 [ 19.797039] ret_from_fork+0x10/0x20 [ 19.797131] [ 19.797153] Allocated by task 285: [ 19.797189] kasan_save_stack+0x3c/0x68 [ 19.797282] kasan_save_track+0x20/0x40 [ 19.797325] kasan_save_alloc_info+0x40/0x58 [ 19.797368] __kasan_kmalloc+0xd4/0xd8 [ 19.797405] __kmalloc_noprof+0x198/0x4c8 [ 19.797638] kunit_kmalloc_array+0x34/0x88 [ 19.797692] copy_user_test_oob+0xac/0xec8 [ 19.797733] kunit_try_run_case+0x170/0x3f0 [ 19.797776] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.798065] kthread+0x328/0x630 [ 19.798210] ret_from_fork+0x10/0x20 [ 19.798250] [ 19.798275] The buggy address belongs to the object at fff00000c780aa00 [ 19.798275] which belongs to the cache kmalloc-128 of size 128 [ 19.798364] The buggy address is located 0 bytes inside of [ 19.798364] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.798526] [ 19.798624] The buggy address belongs to the physical page: [ 19.798680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.798754] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.798862] page_type: f5(slab) [ 19.799110] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.799168] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.799217] page dumped because: kasan: bad access detected [ 19.799263] [ 19.799306] Memory state around the buggy address: [ 19.799489] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.799598] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.799643] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.799686] ^ [ 19.799766] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.799889] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.799941] ================================================================== [ 19.839411] ================================================================== [ 19.839464] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.839515] Write of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.839569] [ 19.839747] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.839838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.839867] Hardware name: linux,dummy-virt (DT) [ 19.839915] Call trace: [ 19.839938] show_stack+0x20/0x38 (C) [ 19.840393] dump_stack_lvl+0x8c/0xd0 [ 19.840790] print_report+0x118/0x5d0 [ 19.840844] kasan_report+0xdc/0x128 [ 19.841139] kasan_check_range+0x100/0x1a8 [ 19.841311] __kasan_check_write+0x20/0x30 [ 19.841390] copy_user_test_oob+0x434/0xec8 [ 19.841439] kunit_try_run_case+0x170/0x3f0 [ 19.841575] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.841632] kthread+0x328/0x630 [ 19.841674] ret_from_fork+0x10/0x20 [ 19.841724] [ 19.841745] Allocated by task 285: [ 19.842149] kasan_save_stack+0x3c/0x68 [ 19.842396] kasan_save_track+0x20/0x40 [ 19.842488] kasan_save_alloc_info+0x40/0x58 [ 19.842532] __kasan_kmalloc+0xd4/0xd8 [ 19.842570] __kmalloc_noprof+0x198/0x4c8 [ 19.842616] kunit_kmalloc_array+0x34/0x88 [ 19.842773] copy_user_test_oob+0xac/0xec8 [ 19.842818] kunit_try_run_case+0x170/0x3f0 [ 19.842858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.842936] kthread+0x328/0x630 [ 19.843004] ret_from_fork+0x10/0x20 [ 19.843111] [ 19.843133] The buggy address belongs to the object at fff00000c780aa00 [ 19.843133] which belongs to the cache kmalloc-128 of size 128 [ 19.843222] The buggy address is located 0 bytes inside of [ 19.843222] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.843515] [ 19.843550] The buggy address belongs to the physical page: [ 19.843589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.843694] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.843801] page_type: f5(slab) [ 19.843841] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.843922] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.843967] page dumped because: kasan: bad access detected [ 19.844001] [ 19.844023] Memory state around the buggy address: [ 19.844059] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.844239] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.844292] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.844629] ^ [ 19.844718] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.844929] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.844997] ================================================================== [ 19.808237] ================================================================== [ 19.808308] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.808364] Read of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.808419] [ 19.808456] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.809056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.809204] Hardware name: linux,dummy-virt (DT) [ 19.809241] Call trace: [ 19.809549] show_stack+0x20/0x38 (C) [ 19.809831] dump_stack_lvl+0x8c/0xd0 [ 19.809886] print_report+0x118/0x5d0 [ 19.809982] kasan_report+0xdc/0x128 [ 19.810569] kasan_check_range+0x100/0x1a8 [ 19.810627] __kasan_check_read+0x20/0x30 [ 19.811090] copy_user_test_oob+0x728/0xec8 [ 19.811322] kunit_try_run_case+0x170/0x3f0 [ 19.811388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.811663] kthread+0x328/0x630 [ 19.811832] ret_from_fork+0x10/0x20 [ 19.811882] [ 19.811916] Allocated by task 285: [ 19.811953] kasan_save_stack+0x3c/0x68 [ 19.812024] kasan_save_track+0x20/0x40 [ 19.812065] kasan_save_alloc_info+0x40/0x58 [ 19.812295] __kasan_kmalloc+0xd4/0xd8 [ 19.812376] __kmalloc_noprof+0x198/0x4c8 [ 19.812485] kunit_kmalloc_array+0x34/0x88 [ 19.812794] copy_user_test_oob+0xac/0xec8 [ 19.812882] kunit_try_run_case+0x170/0x3f0 [ 19.812935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.812998] kthread+0x328/0x630 [ 19.813033] ret_from_fork+0x10/0x20 [ 19.813074] [ 19.813331] The buggy address belongs to the object at fff00000c780aa00 [ 19.813331] which belongs to the cache kmalloc-128 of size 128 [ 19.813432] The buggy address is located 0 bytes inside of [ 19.813432] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.813508] [ 19.813533] The buggy address belongs to the physical page: [ 19.813566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.813823] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.814006] page_type: f5(slab) [ 19.814124] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.814298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.814505] page dumped because: kasan: bad access detected [ 19.814612] [ 19.814638] Memory state around the buggy address: [ 19.814690] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.814739] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.814860] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.814938] ^ [ 19.814983] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.815029] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.815071] ================================================================== [ 19.827506] ================================================================== [ 19.827576] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.827638] Write of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.827693] [ 19.827729] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.827817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.827846] Hardware name: linux,dummy-virt (DT) [ 19.828154] Call trace: [ 19.828196] show_stack+0x20/0x38 (C) [ 19.828265] dump_stack_lvl+0x8c/0xd0 [ 19.828778] print_report+0x118/0x5d0 [ 19.828830] kasan_report+0xdc/0x128 [ 19.828885] kasan_check_range+0x100/0x1a8 [ 19.828947] __kasan_check_write+0x20/0x30 [ 19.828992] copy_user_test_oob+0x35c/0xec8 [ 19.829040] kunit_try_run_case+0x170/0x3f0 [ 19.829091] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.829147] kthread+0x328/0x630 [ 19.829195] ret_from_fork+0x10/0x20 [ 19.829246] [ 19.829268] Allocated by task 285: [ 19.829298] kasan_save_stack+0x3c/0x68 [ 19.829345] kasan_save_track+0x20/0x40 [ 19.829384] kasan_save_alloc_info+0x40/0x58 [ 19.829427] __kasan_kmalloc+0xd4/0xd8 [ 19.829476] __kmalloc_noprof+0x198/0x4c8 [ 19.829517] kunit_kmalloc_array+0x34/0x88 [ 19.829557] copy_user_test_oob+0xac/0xec8 [ 19.829597] kunit_try_run_case+0x170/0x3f0 [ 19.829637] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.830340] kthread+0x328/0x630 [ 19.830519] ret_from_fork+0x10/0x20 [ 19.830654] [ 19.830700] The buggy address belongs to the object at fff00000c780aa00 [ 19.830700] which belongs to the cache kmalloc-128 of size 128 [ 19.830994] The buggy address is located 0 bytes inside of [ 19.830994] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.831328] [ 19.831402] The buggy address belongs to the physical page: [ 19.831506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.831586] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.831639] page_type: f5(slab) [ 19.831714] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.831770] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.831850] page dumped because: kasan: bad access detected [ 19.832307] [ 19.832345] Memory state around the buggy address: [ 19.832384] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.832548] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.832638] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.832680] ^ [ 19.832724] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.832769] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.832810] ================================================================== [ 19.845677] ================================================================== [ 19.845984] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.846071] Read of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.846126] [ 19.846340] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.846530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.846743] Hardware name: linux,dummy-virt (DT) [ 19.846807] Call trace: [ 19.846910] show_stack+0x20/0x38 (C) [ 19.846968] dump_stack_lvl+0x8c/0xd0 [ 19.847016] print_report+0x118/0x5d0 [ 19.847070] kasan_report+0xdc/0x128 [ 19.847167] kasan_check_range+0x100/0x1a8 [ 19.847426] __kasan_check_read+0x20/0x30 [ 19.847725] copy_user_test_oob+0x4a0/0xec8 [ 19.847923] kunit_try_run_case+0x170/0x3f0 [ 19.847973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.848028] kthread+0x328/0x630 [ 19.848073] ret_from_fork+0x10/0x20 [ 19.848120] [ 19.848140] Allocated by task 285: [ 19.848305] kasan_save_stack+0x3c/0x68 [ 19.848484] kasan_save_track+0x20/0x40 [ 19.848782] kasan_save_alloc_info+0x40/0x58 [ 19.848829] __kasan_kmalloc+0xd4/0xd8 [ 19.849036] __kmalloc_noprof+0x198/0x4c8 [ 19.849385] kunit_kmalloc_array+0x34/0x88 [ 19.849425] copy_user_test_oob+0xac/0xec8 [ 19.849466] kunit_try_run_case+0x170/0x3f0 [ 19.849622] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.849669] kthread+0x328/0x630 [ 19.849704] ret_from_fork+0x10/0x20 [ 19.849743] [ 19.849765] The buggy address belongs to the object at fff00000c780aa00 [ 19.849765] which belongs to the cache kmalloc-128 of size 128 [ 19.849826] The buggy address is located 0 bytes inside of [ 19.849826] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.850650] [ 19.850723] The buggy address belongs to the physical page: [ 19.850909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.850973] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.851099] page_type: f5(slab) [ 19.851173] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.851225] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.851270] page dumped because: kasan: bad access detected [ 19.851306] [ 19.851326] Memory state around the buggy address: [ 19.851362] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.851410] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.851455] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.851497] ^ [ 19.851542] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.851588] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.851841] ================================================================== [ 19.833380] ================================================================== [ 19.833698] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.833752] Read of size 121 at addr fff00000c780aa00 by task kunit_try_catch/285 [ 19.833812] [ 19.833846] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.833951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.833981] Hardware name: linux,dummy-virt (DT) [ 19.834015] Call trace: [ 19.834278] show_stack+0x20/0x38 (C) [ 19.834586] dump_stack_lvl+0x8c/0xd0 [ 19.834918] print_report+0x118/0x5d0 [ 19.835001] kasan_report+0xdc/0x128 [ 19.835054] kasan_check_range+0x100/0x1a8 [ 19.835103] __kasan_check_read+0x20/0x30 [ 19.835150] copy_user_test_oob+0x3c8/0xec8 [ 19.835334] kunit_try_run_case+0x170/0x3f0 [ 19.835397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.835453] kthread+0x328/0x630 [ 19.835502] ret_from_fork+0x10/0x20 [ 19.835552] [ 19.835572] Allocated by task 285: [ 19.835603] kasan_save_stack+0x3c/0x68 [ 19.835645] kasan_save_track+0x20/0x40 [ 19.835686] kasan_save_alloc_info+0x40/0x58 [ 19.835728] __kasan_kmalloc+0xd4/0xd8 [ 19.835829] __kmalloc_noprof+0x198/0x4c8 [ 19.836005] kunit_kmalloc_array+0x34/0x88 [ 19.836066] copy_user_test_oob+0xac/0xec8 [ 19.836107] kunit_try_run_case+0x170/0x3f0 [ 19.836147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.836221] kthread+0x328/0x630 [ 19.836258] ret_from_fork+0x10/0x20 [ 19.836324] [ 19.836414] The buggy address belongs to the object at fff00000c780aa00 [ 19.836414] which belongs to the cache kmalloc-128 of size 128 [ 19.836476] The buggy address is located 0 bytes inside of [ 19.836476] allocated 120-byte region [fff00000c780aa00, fff00000c780aa78) [ 19.836539] [ 19.836621] The buggy address belongs to the physical page: [ 19.836790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780a [ 19.836975] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.837053] page_type: f5(slab) [ 19.837151] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.837259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.837300] page dumped because: kasan: bad access detected [ 19.837386] [ 19.837454] Memory state around the buggy address: [ 19.837536] fff00000c780a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.837620] fff00000c780a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.837728] >fff00000c780aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.837768] ^ [ 19.837811] fff00000c780aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.837856] fff00000c780ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.838070] ==================================================================
[ 20.124880] ================================================================== [ 20.125002] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.125181] Read of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.125247] [ 20.125281] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.125658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.125711] Hardware name: linux,dummy-virt (DT) [ 20.125885] Call trace: [ 20.125958] show_stack+0x20/0x38 (C) [ 20.126134] dump_stack_lvl+0x8c/0xd0 [ 20.126213] print_report+0x118/0x5d0 [ 20.126722] kasan_report+0xdc/0x128 [ 20.127111] kasan_check_range+0x100/0x1a8 [ 20.127291] __kasan_check_read+0x20/0x30 [ 20.127512] copy_user_test_oob+0x728/0xec8 [ 20.127704] kunit_try_run_case+0x170/0x3f0 [ 20.128044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.128205] kthread+0x328/0x630 [ 20.128263] ret_from_fork+0x10/0x20 [ 20.128471] [ 20.128835] Allocated by task 285: [ 20.128888] kasan_save_stack+0x3c/0x68 [ 20.128983] kasan_save_track+0x20/0x40 [ 20.129116] kasan_save_alloc_info+0x40/0x58 [ 20.129335] __kasan_kmalloc+0xd4/0xd8 [ 20.129500] __kmalloc_noprof+0x198/0x4c8 [ 20.129557] kunit_kmalloc_array+0x34/0x88 [ 20.129597] copy_user_test_oob+0xac/0xec8 [ 20.129649] kunit_try_run_case+0x170/0x3f0 [ 20.129763] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.130186] kthread+0x328/0x630 [ 20.130350] ret_from_fork+0x10/0x20 [ 20.130888] [ 20.131008] The buggy address belongs to the object at fff00000c5b3e200 [ 20.131008] which belongs to the cache kmalloc-128 of size 128 [ 20.131404] The buggy address is located 0 bytes inside of [ 20.131404] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.131545] [ 20.131768] The buggy address belongs to the physical page: [ 20.131831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.131897] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.131952] page_type: f5(slab) [ 20.131993] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.132048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.132093] page dumped because: kasan: bad access detected [ 20.132147] [ 20.132182] Memory state around the buggy address: [ 20.132227] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.132283] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.132330] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.132378] ^ [ 20.132428] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.132490] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.132545] ================================================================== [ 20.154056] ================================================================== [ 20.154114] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.154185] Read of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.154279] [ 20.154314] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.154875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.154911] Hardware name: linux,dummy-virt (DT) [ 20.154947] Call trace: [ 20.155251] show_stack+0x20/0x38 (C) [ 20.155424] dump_stack_lvl+0x8c/0xd0 [ 20.155483] print_report+0x118/0x5d0 [ 20.155704] kasan_report+0xdc/0x128 [ 20.155912] kasan_check_range+0x100/0x1a8 [ 20.155980] __kasan_check_read+0x20/0x30 [ 20.156167] copy_user_test_oob+0x3c8/0xec8 [ 20.156309] kunit_try_run_case+0x170/0x3f0 [ 20.156363] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.156670] kthread+0x328/0x630 [ 20.156739] ret_from_fork+0x10/0x20 [ 20.156792] [ 20.156876] Allocated by task 285: [ 20.156913] kasan_save_stack+0x3c/0x68 [ 20.157027] kasan_save_track+0x20/0x40 [ 20.157069] kasan_save_alloc_info+0x40/0x58 [ 20.157167] __kasan_kmalloc+0xd4/0xd8 [ 20.157207] __kmalloc_noprof+0x198/0x4c8 [ 20.157260] kunit_kmalloc_array+0x34/0x88 [ 20.157615] copy_user_test_oob+0xac/0xec8 [ 20.157775] kunit_try_run_case+0x170/0x3f0 [ 20.157821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.157867] kthread+0x328/0x630 [ 20.157910] ret_from_fork+0x10/0x20 [ 20.157987] [ 20.158010] The buggy address belongs to the object at fff00000c5b3e200 [ 20.158010] which belongs to the cache kmalloc-128 of size 128 [ 20.158071] The buggy address is located 0 bytes inside of [ 20.158071] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.158146] [ 20.158199] The buggy address belongs to the physical page: [ 20.158246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.158310] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.158360] page_type: f5(slab) [ 20.158400] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.158475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.158536] page dumped because: kasan: bad access detected [ 20.158575] [ 20.158597] Memory state around the buggy address: [ 20.159160] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.159730] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.160092] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.160197] ^ [ 20.160381] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.160590] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.160735] ================================================================== [ 20.172100] ================================================================== [ 20.172218] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.172300] Read of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.172440] [ 20.172478] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.172740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.172782] Hardware name: linux,dummy-virt (DT) [ 20.172815] Call trace: [ 20.172843] show_stack+0x20/0x38 (C) [ 20.173291] dump_stack_lvl+0x8c/0xd0 [ 20.173401] print_report+0x118/0x5d0 [ 20.173641] kasan_report+0xdc/0x128 [ 20.173810] kasan_check_range+0x100/0x1a8 [ 20.173870] __kasan_check_read+0x20/0x30 [ 20.174372] copy_user_test_oob+0x4a0/0xec8 [ 20.174459] kunit_try_run_case+0x170/0x3f0 [ 20.174744] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.175108] kthread+0x328/0x630 [ 20.175304] ret_from_fork+0x10/0x20 [ 20.175601] [ 20.175864] Allocated by task 285: [ 20.175949] kasan_save_stack+0x3c/0x68 [ 20.176107] kasan_save_track+0x20/0x40 [ 20.176236] kasan_save_alloc_info+0x40/0x58 [ 20.176287] __kasan_kmalloc+0xd4/0xd8 [ 20.176747] __kmalloc_noprof+0x198/0x4c8 [ 20.177001] kunit_kmalloc_array+0x34/0x88 [ 20.177251] copy_user_test_oob+0xac/0xec8 [ 20.177347] kunit_try_run_case+0x170/0x3f0 [ 20.177437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.177756] kthread+0x328/0x630 [ 20.177843] ret_from_fork+0x10/0x20 [ 20.178031] [ 20.178485] The buggy address belongs to the object at fff00000c5b3e200 [ 20.178485] which belongs to the cache kmalloc-128 of size 128 [ 20.178582] The buggy address is located 0 bytes inside of [ 20.178582] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.178900] [ 20.179098] The buggy address belongs to the physical page: [ 20.179166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.179700] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.179833] page_type: f5(slab) [ 20.179902] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.180341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.180606] page dumped because: kasan: bad access detected [ 20.180763] [ 20.180813] Memory state around the buggy address: [ 20.181573] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.181670] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.181717] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.181982] ^ [ 20.182154] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.182212] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.182256] ================================================================== [ 20.162327] ================================================================== [ 20.162535] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.162945] Write of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.163262] [ 20.163476] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.163585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.163806] Hardware name: linux,dummy-virt (DT) [ 20.163882] Call trace: [ 20.163990] show_stack+0x20/0x38 (C) [ 20.164053] dump_stack_lvl+0x8c/0xd0 [ 20.164103] print_report+0x118/0x5d0 [ 20.164160] kasan_report+0xdc/0x128 [ 20.164628] kasan_check_range+0x100/0x1a8 [ 20.164914] __kasan_check_write+0x20/0x30 [ 20.165361] copy_user_test_oob+0x434/0xec8 [ 20.165612] kunit_try_run_case+0x170/0x3f0 [ 20.165967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.166210] kthread+0x328/0x630 [ 20.166276] ret_from_fork+0x10/0x20 [ 20.166465] [ 20.166781] Allocated by task 285: [ 20.166914] kasan_save_stack+0x3c/0x68 [ 20.167285] kasan_save_track+0x20/0x40 [ 20.167486] kasan_save_alloc_info+0x40/0x58 [ 20.167714] __kasan_kmalloc+0xd4/0xd8 [ 20.167835] __kmalloc_noprof+0x198/0x4c8 [ 20.167878] kunit_kmalloc_array+0x34/0x88 [ 20.167920] copy_user_test_oob+0xac/0xec8 [ 20.167968] kunit_try_run_case+0x170/0x3f0 [ 20.168009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.168075] kthread+0x328/0x630 [ 20.168125] ret_from_fork+0x10/0x20 [ 20.168163] [ 20.168197] The buggy address belongs to the object at fff00000c5b3e200 [ 20.168197] which belongs to the cache kmalloc-128 of size 128 [ 20.168268] The buggy address is located 0 bytes inside of [ 20.168268] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.168346] [ 20.168375] The buggy address belongs to the physical page: [ 20.168439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.168494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.168554] page_type: f5(slab) [ 20.168596] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.168676] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.168721] page dumped because: kasan: bad access detected [ 20.168758] [ 20.168787] Memory state around the buggy address: [ 20.168822] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.168870] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.168916] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.169731] ^ [ 20.169788] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.169838] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.169924] ================================================================== [ 20.144261] ================================================================== [ 20.144357] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.144416] Write of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.144729] [ 20.144844] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.145064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.145103] Hardware name: linux,dummy-virt (DT) [ 20.145433] Call trace: [ 20.145537] show_stack+0x20/0x38 (C) [ 20.145667] dump_stack_lvl+0x8c/0xd0 [ 20.145803] print_report+0x118/0x5d0 [ 20.145871] kasan_report+0xdc/0x128 [ 20.145957] kasan_check_range+0x100/0x1a8 [ 20.146052] __kasan_check_write+0x20/0x30 [ 20.146252] copy_user_test_oob+0x35c/0xec8 [ 20.146565] kunit_try_run_case+0x170/0x3f0 [ 20.146828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.147457] kthread+0x328/0x630 [ 20.147741] ret_from_fork+0x10/0x20 [ 20.147888] [ 20.147911] Allocated by task 285: [ 20.148107] kasan_save_stack+0x3c/0x68 [ 20.148312] kasan_save_track+0x20/0x40 [ 20.148412] kasan_save_alloc_info+0x40/0x58 [ 20.148458] __kasan_kmalloc+0xd4/0xd8 [ 20.148507] __kmalloc_noprof+0x198/0x4c8 [ 20.148548] kunit_kmalloc_array+0x34/0x88 [ 20.148589] copy_user_test_oob+0xac/0xec8 [ 20.148648] kunit_try_run_case+0x170/0x3f0 [ 20.148690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.148735] kthread+0x328/0x630 [ 20.148771] ret_from_fork+0x10/0x20 [ 20.148809] [ 20.148834] The buggy address belongs to the object at fff00000c5b3e200 [ 20.148834] which belongs to the cache kmalloc-128 of size 128 [ 20.148897] The buggy address is located 0 bytes inside of [ 20.148897] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.149548] [ 20.149639] The buggy address belongs to the physical page: [ 20.149768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.150115] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.150347] page_type: f5(slab) [ 20.150510] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.150719] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.150765] page dumped because: kasan: bad access detected [ 20.151348] [ 20.151446] Memory state around the buggy address: [ 20.151589] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.151671] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.152034] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.152240] ^ [ 20.152479] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.152701] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.152832] ================================================================== [ 20.107897] ================================================================== [ 20.108011] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.108101] Write of size 121 at addr fff00000c5b3e200 by task kunit_try_catch/285 [ 20.109185] [ 20.109286] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 20.110209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.110292] Hardware name: linux,dummy-virt (DT) [ 20.110736] Call trace: [ 20.111098] show_stack+0x20/0x38 (C) [ 20.111184] dump_stack_lvl+0x8c/0xd0 [ 20.111467] print_report+0x118/0x5d0 [ 20.111679] kasan_report+0xdc/0x128 [ 20.112011] kasan_check_range+0x100/0x1a8 [ 20.112168] __kasan_check_write+0x20/0x30 [ 20.112220] copy_user_test_oob+0x234/0xec8 [ 20.112581] kunit_try_run_case+0x170/0x3f0 [ 20.112970] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.113240] kthread+0x328/0x630 [ 20.113410] ret_from_fork+0x10/0x20 [ 20.113642] [ 20.113707] Allocated by task 285: [ 20.113837] kasan_save_stack+0x3c/0x68 [ 20.113954] kasan_save_track+0x20/0x40 [ 20.114367] kasan_save_alloc_info+0x40/0x58 [ 20.114510] __kasan_kmalloc+0xd4/0xd8 [ 20.114564] __kmalloc_noprof+0x198/0x4c8 [ 20.114607] kunit_kmalloc_array+0x34/0x88 [ 20.114661] copy_user_test_oob+0xac/0xec8 [ 20.114741] kunit_try_run_case+0x170/0x3f0 [ 20.114799] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.114856] kthread+0x328/0x630 [ 20.114892] ret_from_fork+0x10/0x20 [ 20.114947] [ 20.114971] The buggy address belongs to the object at fff00000c5b3e200 [ 20.114971] which belongs to the cache kmalloc-128 of size 128 [ 20.115037] The buggy address is located 0 bytes inside of [ 20.115037] allocated 120-byte region [fff00000c5b3e200, fff00000c5b3e278) [ 20.115111] [ 20.115146] The buggy address belongs to the physical page: [ 20.115191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b3e [ 20.115255] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.115309] page_type: f5(slab) [ 20.115366] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.115422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.115475] page dumped because: kasan: bad access detected [ 20.115517] [ 20.115547] Memory state around the buggy address: [ 20.115594] fff00000c5b3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.115653] fff00000c5b3e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.115713] >fff00000c5b3e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.115768] ^ [ 20.115811] fff00000c5b3e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.115871] fff00000c5b3e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.115914] ==================================================================
[ 16.765360] ================================================================== [ 16.765689] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.766165] Read of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.766510] [ 16.766640] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.766687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.766701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.766726] Call Trace: [ 16.766740] <TASK> [ 16.766756] dump_stack_lvl+0x73/0xb0 [ 16.766785] print_report+0xd1/0x610 [ 16.766808] ? __virt_addr_valid+0x1db/0x2d0 [ 16.766832] ? copy_user_test_oob+0x604/0x10f0 [ 16.766856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.766880] ? copy_user_test_oob+0x604/0x10f0 [ 16.766904] kasan_report+0x141/0x180 [ 16.766927] ? copy_user_test_oob+0x604/0x10f0 [ 16.766957] kasan_check_range+0x10c/0x1c0 [ 16.767004] __kasan_check_read+0x15/0x20 [ 16.767026] copy_user_test_oob+0x604/0x10f0 [ 16.767052] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.767078] ? finish_task_switch.isra.0+0x153/0x700 [ 16.767123] ? __switch_to+0x47/0xf50 [ 16.767155] ? __schedule+0x10c6/0x2b60 [ 16.767185] ? __pfx_read_tsc+0x10/0x10 [ 16.767211] ? ktime_get_ts64+0x86/0x230 [ 16.767237] kunit_try_run_case+0x1a5/0x480 [ 16.767263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.767286] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.767313] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.767339] ? __kthread_parkme+0x82/0x180 [ 16.767361] ? preempt_count_sub+0x50/0x80 [ 16.767386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.767422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.767449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.767492] kthread+0x337/0x6f0 [ 16.767514] ? trace_preempt_on+0x20/0xc0 [ 16.767538] ? __pfx_kthread+0x10/0x10 [ 16.767562] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.767599] ? calculate_sigpending+0x7b/0xa0 [ 16.767624] ? __pfx_kthread+0x10/0x10 [ 16.767647] ret_from_fork+0x116/0x1d0 [ 16.767683] ? __pfx_kthread+0x10/0x10 [ 16.767705] ret_from_fork_asm+0x1a/0x30 [ 16.767740] </TASK> [ 16.767751] [ 16.776048] Allocated by task 303: [ 16.776264] kasan_save_stack+0x45/0x70 [ 16.776501] kasan_save_track+0x18/0x40 [ 16.776746] kasan_save_alloc_info+0x3b/0x50 [ 16.776979] __kasan_kmalloc+0xb7/0xc0 [ 16.777158] __kmalloc_noprof+0x1c9/0x500 [ 16.777379] kunit_kmalloc_array+0x25/0x60 [ 16.777585] copy_user_test_oob+0xab/0x10f0 [ 16.777811] kunit_try_run_case+0x1a5/0x480 [ 16.778053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.778305] kthread+0x337/0x6f0 [ 16.778525] ret_from_fork+0x116/0x1d0 [ 16.778758] ret_from_fork_asm+0x1a/0x30 [ 16.778956] [ 16.779035] The buggy address belongs to the object at ffff88810315a200 [ 16.779035] which belongs to the cache kmalloc-128 of size 128 [ 16.779505] The buggy address is located 0 bytes inside of [ 16.779505] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.779928] [ 16.780026] The buggy address belongs to the physical page: [ 16.780279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.780844] flags: 0x200000000000000(node=0|zone=2) [ 16.781018] page_type: f5(slab) [ 16.781142] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.781377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.781915] page dumped because: kasan: bad access detected [ 16.782208] [ 16.782306] Memory state around the buggy address: [ 16.782579] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.782943] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.783269] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.783615] ^ [ 16.783927] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.784249] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.784578] ================================================================== [ 16.742561] ================================================================== [ 16.742881] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.743249] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.743597] [ 16.743695] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.743759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.743773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.743796] Call Trace: [ 16.743813] <TASK> [ 16.743829] dump_stack_lvl+0x73/0xb0 [ 16.743859] print_report+0xd1/0x610 [ 16.743883] ? __virt_addr_valid+0x1db/0x2d0 [ 16.743907] ? copy_user_test_oob+0x557/0x10f0 [ 16.743931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.743955] ? copy_user_test_oob+0x557/0x10f0 [ 16.743980] kasan_report+0x141/0x180 [ 16.744003] ? copy_user_test_oob+0x557/0x10f0 [ 16.744033] kasan_check_range+0x10c/0x1c0 [ 16.744058] __kasan_check_write+0x18/0x20 [ 16.744078] copy_user_test_oob+0x557/0x10f0 [ 16.744104] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.744128] ? finish_task_switch.isra.0+0x153/0x700 [ 16.744153] ? __switch_to+0x47/0xf50 [ 16.744181] ? __schedule+0x10c6/0x2b60 [ 16.744205] ? __pfx_read_tsc+0x10/0x10 [ 16.744227] ? ktime_get_ts64+0x86/0x230 [ 16.744252] kunit_try_run_case+0x1a5/0x480 [ 16.744278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.744302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.744327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.744352] ? __kthread_parkme+0x82/0x180 [ 16.744373] ? preempt_count_sub+0x50/0x80 [ 16.744409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.744435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.744460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.744485] kthread+0x337/0x6f0 [ 16.744506] ? trace_preempt_on+0x20/0xc0 [ 16.744530] ? __pfx_kthread+0x10/0x10 [ 16.744552] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.744575] ? calculate_sigpending+0x7b/0xa0 [ 16.744614] ? __pfx_kthread+0x10/0x10 [ 16.744638] ret_from_fork+0x116/0x1d0 [ 16.744657] ? __pfx_kthread+0x10/0x10 [ 16.744682] ret_from_fork_asm+0x1a/0x30 [ 16.744715] </TASK> [ 16.744727] [ 16.753773] Allocated by task 303: [ 16.753982] kasan_save_stack+0x45/0x70 [ 16.754451] kasan_save_track+0x18/0x40 [ 16.754720] kasan_save_alloc_info+0x3b/0x50 [ 16.755067] __kasan_kmalloc+0xb7/0xc0 [ 16.755285] __kmalloc_noprof+0x1c9/0x500 [ 16.755615] kunit_kmalloc_array+0x25/0x60 [ 16.755932] copy_user_test_oob+0xab/0x10f0 [ 16.756218] kunit_try_run_case+0x1a5/0x480 [ 16.756447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.756902] kthread+0x337/0x6f0 [ 16.757078] ret_from_fork+0x116/0x1d0 [ 16.757231] ret_from_fork_asm+0x1a/0x30 [ 16.757614] [ 16.757743] The buggy address belongs to the object at ffff88810315a200 [ 16.757743] which belongs to the cache kmalloc-128 of size 128 [ 16.758475] The buggy address is located 0 bytes inside of [ 16.758475] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.759129] [ 16.759238] The buggy address belongs to the physical page: [ 16.759683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.760071] flags: 0x200000000000000(node=0|zone=2) [ 16.760432] page_type: f5(slab) [ 16.760659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.761122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.761472] page dumped because: kasan: bad access detected [ 16.761860] [ 16.761984] Memory state around the buggy address: [ 16.762294] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.762618] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.763137] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.763527] ^ [ 16.763964] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764359] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764836] ================================================================== [ 16.704499] ================================================================== [ 16.705061] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.705383] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.705774] [ 16.705885] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.705932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.705946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.705970] Call Trace: [ 16.705984] <TASK> [ 16.706001] dump_stack_lvl+0x73/0xb0 [ 16.706032] print_report+0xd1/0x610 [ 16.706056] ? __virt_addr_valid+0x1db/0x2d0 [ 16.706080] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.706128] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706154] kasan_report+0x141/0x180 [ 16.706177] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706208] kasan_check_range+0x10c/0x1c0 [ 16.706233] __kasan_check_write+0x18/0x20 [ 16.706253] copy_user_test_oob+0x3fd/0x10f0 [ 16.706280] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.706304] ? finish_task_switch.isra.0+0x153/0x700 [ 16.706328] ? __switch_to+0x47/0xf50 [ 16.706356] ? __schedule+0x10c6/0x2b60 [ 16.706381] ? __pfx_read_tsc+0x10/0x10 [ 16.706415] ? ktime_get_ts64+0x86/0x230 [ 16.706442] kunit_try_run_case+0x1a5/0x480 [ 16.706468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.706493] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.706518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.706543] ? __kthread_parkme+0x82/0x180 [ 16.706566] ? preempt_count_sub+0x50/0x80 [ 16.706591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.706617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.706642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.706668] kthread+0x337/0x6f0 [ 16.706689] ? trace_preempt_on+0x20/0xc0 [ 16.706713] ? __pfx_kthread+0x10/0x10 [ 16.706735] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.706758] ? calculate_sigpending+0x7b/0xa0 [ 16.706784] ? __pfx_kthread+0x10/0x10 [ 16.706808] ret_from_fork+0x116/0x1d0 [ 16.706828] ? __pfx_kthread+0x10/0x10 [ 16.706850] ret_from_fork_asm+0x1a/0x30 [ 16.706883] </TASK> [ 16.706894] [ 16.714027] Allocated by task 303: [ 16.714202] kasan_save_stack+0x45/0x70 [ 16.714376] kasan_save_track+0x18/0x40 [ 16.714549] kasan_save_alloc_info+0x3b/0x50 [ 16.714777] __kasan_kmalloc+0xb7/0xc0 [ 16.714960] __kmalloc_noprof+0x1c9/0x500 [ 16.715137] kunit_kmalloc_array+0x25/0x60 [ 16.715285] copy_user_test_oob+0xab/0x10f0 [ 16.715466] kunit_try_run_case+0x1a5/0x480 [ 16.715672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.715960] kthread+0x337/0x6f0 [ 16.716112] ret_from_fork+0x116/0x1d0 [ 16.716249] ret_from_fork_asm+0x1a/0x30 [ 16.716445] [ 16.716546] The buggy address belongs to the object at ffff88810315a200 [ 16.716546] which belongs to the cache kmalloc-128 of size 128 [ 16.717074] The buggy address is located 0 bytes inside of [ 16.717074] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.717542] [ 16.717683] The buggy address belongs to the physical page: [ 16.717889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.718216] flags: 0x200000000000000(node=0|zone=2) [ 16.718460] page_type: f5(slab) [ 16.718610] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.718914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.719170] page dumped because: kasan: bad access detected [ 16.719347] [ 16.719429] Memory state around the buggy address: [ 16.719588] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.719809] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720029] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.720313] ^ [ 16.720958] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.721277] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.721607] ================================================================== [ 16.722160] ================================================================== [ 16.722524] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.722899] Read of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.723429] [ 16.723537] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.723580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.723593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.723617] Call Trace: [ 16.723633] <TASK> [ 16.723651] dump_stack_lvl+0x73/0xb0 [ 16.723679] print_report+0xd1/0x610 [ 16.723703] ? __virt_addr_valid+0x1db/0x2d0 [ 16.723728] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.723777] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723802] kasan_report+0x141/0x180 [ 16.723825] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723855] kasan_check_range+0x10c/0x1c0 [ 16.723880] __kasan_check_read+0x15/0x20 [ 16.723900] copy_user_test_oob+0x4aa/0x10f0 [ 16.723927] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.723951] ? finish_task_switch.isra.0+0x153/0x700 [ 16.723976] ? __switch_to+0x47/0xf50 [ 16.724004] ? __schedule+0x10c6/0x2b60 [ 16.724028] ? __pfx_read_tsc+0x10/0x10 [ 16.724050] ? ktime_get_ts64+0x86/0x230 [ 16.724076] kunit_try_run_case+0x1a5/0x480 [ 16.724102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.724125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.724150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.724176] ? __kthread_parkme+0x82/0x180 [ 16.724198] ? preempt_count_sub+0x50/0x80 [ 16.724223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.724249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.724274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.724299] kthread+0x337/0x6f0 [ 16.724320] ? trace_preempt_on+0x20/0xc0 [ 16.724345] ? __pfx_kthread+0x10/0x10 [ 16.724367] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.724390] ? calculate_sigpending+0x7b/0xa0 [ 16.724426] ? __pfx_kthread+0x10/0x10 [ 16.724450] ret_from_fork+0x116/0x1d0 [ 16.724470] ? __pfx_kthread+0x10/0x10 [ 16.724491] ret_from_fork_asm+0x1a/0x30 [ 16.724524] </TASK> [ 16.724536] [ 16.731691] Allocated by task 303: [ 16.731822] kasan_save_stack+0x45/0x70 [ 16.731966] kasan_save_track+0x18/0x40 [ 16.732106] kasan_save_alloc_info+0x3b/0x50 [ 16.732318] __kasan_kmalloc+0xb7/0xc0 [ 16.732520] __kmalloc_noprof+0x1c9/0x500 [ 16.732735] kunit_kmalloc_array+0x25/0x60 [ 16.732938] copy_user_test_oob+0xab/0x10f0 [ 16.733118] kunit_try_run_case+0x1a5/0x480 [ 16.733306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.733559] kthread+0x337/0x6f0 [ 16.733754] ret_from_fork+0x116/0x1d0 [ 16.733927] ret_from_fork_asm+0x1a/0x30 [ 16.734104] [ 16.734198] The buggy address belongs to the object at ffff88810315a200 [ 16.734198] which belongs to the cache kmalloc-128 of size 128 [ 16.734694] The buggy address is located 0 bytes inside of [ 16.734694] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.735165] [ 16.735242] The buggy address belongs to the physical page: [ 16.735498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.735809] flags: 0x200000000000000(node=0|zone=2) [ 16.735974] page_type: f5(slab) [ 16.736098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.736336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.736662] page dumped because: kasan: bad access detected [ 16.736926] [ 16.737021] Memory state around the buggy address: [ 16.737245] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.737583] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.737899] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.738167] ^ [ 16.738384] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739294] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739529] ==================================================================
[ 16.845170] ================================================================== [ 16.845677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.846058] Write of size 121 at addr ffff8881027bcb00 by task kunit_try_catch/303 [ 16.846392] [ 16.846493] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.846536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.846550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.846572] Call Trace: [ 16.846589] <TASK> [ 16.846604] dump_stack_lvl+0x73/0xb0 [ 16.846633] print_report+0xd1/0x610 [ 16.846656] ? __virt_addr_valid+0x1db/0x2d0 [ 16.847117] ? copy_user_test_oob+0x557/0x10f0 [ 16.847233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.847257] ? copy_user_test_oob+0x557/0x10f0 [ 16.847281] kasan_report+0x141/0x180 [ 16.847305] ? copy_user_test_oob+0x557/0x10f0 [ 16.847511] kasan_check_range+0x10c/0x1c0 [ 16.847538] __kasan_check_write+0x18/0x20 [ 16.847558] copy_user_test_oob+0x557/0x10f0 [ 16.847584] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.847607] ? finish_task_switch.isra.0+0x153/0x700 [ 16.847632] ? __switch_to+0x47/0xf50 [ 16.847658] ? __schedule+0x10c6/0x2b60 [ 16.847682] ? __pfx_read_tsc+0x10/0x10 [ 16.847704] ? ktime_get_ts64+0x86/0x230 [ 16.847728] kunit_try_run_case+0x1a5/0x480 [ 16.847753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.847777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.847802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.847826] ? __kthread_parkme+0x82/0x180 [ 16.847847] ? preempt_count_sub+0x50/0x80 [ 16.847871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.847896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.847920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.847945] kthread+0x337/0x6f0 [ 16.847964] ? trace_preempt_on+0x20/0xc0 [ 16.847988] ? __pfx_kthread+0x10/0x10 [ 16.848010] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.848032] ? calculate_sigpending+0x7b/0xa0 [ 16.848057] ? __pfx_kthread+0x10/0x10 [ 16.848079] ret_from_fork+0x116/0x1d0 [ 16.848097] ? __pfx_kthread+0x10/0x10 [ 16.848118] ret_from_fork_asm+0x1a/0x30 [ 16.848162] </TASK> [ 16.848173] [ 16.858382] Allocated by task 303: [ 16.858790] kasan_save_stack+0x45/0x70 [ 16.858989] kasan_save_track+0x18/0x40 [ 16.859155] kasan_save_alloc_info+0x3b/0x50 [ 16.859580] __kasan_kmalloc+0xb7/0xc0 [ 16.859791] __kmalloc_noprof+0x1c9/0x500 [ 16.860069] kunit_kmalloc_array+0x25/0x60 [ 16.860257] copy_user_test_oob+0xab/0x10f0 [ 16.860669] kunit_try_run_case+0x1a5/0x480 [ 16.860962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.861288] kthread+0x337/0x6f0 [ 16.861462] ret_from_fork+0x116/0x1d0 [ 16.861805] ret_from_fork_asm+0x1a/0x30 [ 16.862070] [ 16.862247] The buggy address belongs to the object at ffff8881027bcb00 [ 16.862247] which belongs to the cache kmalloc-128 of size 128 [ 16.862937] The buggy address is located 0 bytes inside of [ 16.862937] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.863653] [ 16.863743] The buggy address belongs to the physical page: [ 16.864160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.864544] flags: 0x200000000000000(node=0|zone=2) [ 16.864855] page_type: f5(slab) [ 16.864990] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.865587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.866044] page dumped because: kasan: bad access detected [ 16.866259] [ 16.866477] Memory state around the buggy address: [ 16.866681] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.866994] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.867306] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.867915] ^ [ 16.868385] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.868805] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.869231] ================================================================== [ 16.799238] ================================================================== [ 16.799646] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.800026] Write of size 121 at addr ffff8881027bcb00 by task kunit_try_catch/303 [ 16.800402] [ 16.800556] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.800604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.800618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.800674] Call Trace: [ 16.800687] <TASK> [ 16.800704] dump_stack_lvl+0x73/0xb0 [ 16.800745] print_report+0xd1/0x610 [ 16.800768] ? __virt_addr_valid+0x1db/0x2d0 [ 16.800792] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.800815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.800838] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.800862] kasan_report+0x141/0x180 [ 16.800885] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.800913] kasan_check_range+0x10c/0x1c0 [ 16.800939] __kasan_check_write+0x18/0x20 [ 16.800959] copy_user_test_oob+0x3fd/0x10f0 [ 16.800985] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.801010] ? finish_task_switch.isra.0+0x153/0x700 [ 16.801035] ? __switch_to+0x47/0xf50 [ 16.801062] ? __schedule+0x10c6/0x2b60 [ 16.801085] ? __pfx_read_tsc+0x10/0x10 [ 16.801109] ? ktime_get_ts64+0x86/0x230 [ 16.801134] kunit_try_run_case+0x1a5/0x480 [ 16.801169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.801202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.801229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.801269] ? __kthread_parkme+0x82/0x180 [ 16.801290] ? preempt_count_sub+0x50/0x80 [ 16.801314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.801340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.801364] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.801389] kthread+0x337/0x6f0 [ 16.801408] ? trace_preempt_on+0x20/0xc0 [ 16.801432] ? __pfx_kthread+0x10/0x10 [ 16.801454] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.801476] ? calculate_sigpending+0x7b/0xa0 [ 16.801502] ? __pfx_kthread+0x10/0x10 [ 16.801525] ret_from_fork+0x116/0x1d0 [ 16.801545] ? __pfx_kthread+0x10/0x10 [ 16.801565] ret_from_fork_asm+0x1a/0x30 [ 16.801596] </TASK> [ 16.801607] [ 16.809043] Allocated by task 303: [ 16.809233] kasan_save_stack+0x45/0x70 [ 16.809460] kasan_save_track+0x18/0x40 [ 16.809664] kasan_save_alloc_info+0x3b/0x50 [ 16.809870] __kasan_kmalloc+0xb7/0xc0 [ 16.810053] __kmalloc_noprof+0x1c9/0x500 [ 16.810246] kunit_kmalloc_array+0x25/0x60 [ 16.810482] copy_user_test_oob+0xab/0x10f0 [ 16.810681] kunit_try_run_case+0x1a5/0x480 [ 16.810901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.811124] kthread+0x337/0x6f0 [ 16.811305] ret_from_fork+0x116/0x1d0 [ 16.811472] ret_from_fork_asm+0x1a/0x30 [ 16.811697] [ 16.811791] The buggy address belongs to the object at ffff8881027bcb00 [ 16.811791] which belongs to the cache kmalloc-128 of size 128 [ 16.812264] The buggy address is located 0 bytes inside of [ 16.812264] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.812706] [ 16.812789] The buggy address belongs to the physical page: [ 16.812959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.813211] flags: 0x200000000000000(node=0|zone=2) [ 16.813432] page_type: f5(slab) [ 16.813641] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.813978] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.814315] page dumped because: kasan: bad access detected [ 16.814569] [ 16.814730] Memory state around the buggy address: [ 16.814954] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.815283] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.816337] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.816660] ^ [ 16.816906] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.817199] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.818058] ================================================================== [ 16.819368] ================================================================== [ 16.819753] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.820369] Read of size 121 at addr ffff8881027bcb00 by task kunit_try_catch/303 [ 16.821011] [ 16.821270] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.821437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.821456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.821480] Call Trace: [ 16.821508] <TASK> [ 16.821525] dump_stack_lvl+0x73/0xb0 [ 16.821556] print_report+0xd1/0x610 [ 16.821586] ? __virt_addr_valid+0x1db/0x2d0 [ 16.821609] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.821633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.821658] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.821684] kasan_report+0x141/0x180 [ 16.821708] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.821737] kasan_check_range+0x10c/0x1c0 [ 16.821762] __kasan_check_read+0x15/0x20 [ 16.821782] copy_user_test_oob+0x4aa/0x10f0 [ 16.821809] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.821832] ? finish_task_switch.isra.0+0x153/0x700 [ 16.821857] ? __switch_to+0x47/0xf50 [ 16.821884] ? __schedule+0x10c6/0x2b60 [ 16.821908] ? __pfx_read_tsc+0x10/0x10 [ 16.821930] ? ktime_get_ts64+0x86/0x230 [ 16.821954] kunit_try_run_case+0x1a5/0x480 [ 16.821979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.822004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.822028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.822052] ? __kthread_parkme+0x82/0x180 [ 16.822073] ? preempt_count_sub+0x50/0x80 [ 16.822098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.822122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.822156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.822180] kthread+0x337/0x6f0 [ 16.822200] ? trace_preempt_on+0x20/0xc0 [ 16.822225] ? __pfx_kthread+0x10/0x10 [ 16.822247] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.822269] ? calculate_sigpending+0x7b/0xa0 [ 16.822293] ? __pfx_kthread+0x10/0x10 [ 16.822346] ret_from_fork+0x116/0x1d0 [ 16.822366] ? __pfx_kthread+0x10/0x10 [ 16.822387] ret_from_fork_asm+0x1a/0x30 [ 16.822419] </TASK> [ 16.822430] [ 16.834006] Allocated by task 303: [ 16.834192] kasan_save_stack+0x45/0x70 [ 16.834761] kasan_save_track+0x18/0x40 [ 16.835227] kasan_save_alloc_info+0x3b/0x50 [ 16.835493] __kasan_kmalloc+0xb7/0xc0 [ 16.835670] __kmalloc_noprof+0x1c9/0x500 [ 16.835856] kunit_kmalloc_array+0x25/0x60 [ 16.836030] copy_user_test_oob+0xab/0x10f0 [ 16.836231] kunit_try_run_case+0x1a5/0x480 [ 16.836739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.837197] kthread+0x337/0x6f0 [ 16.837523] ret_from_fork+0x116/0x1d0 [ 16.837703] ret_from_fork_asm+0x1a/0x30 [ 16.837890] [ 16.837977] The buggy address belongs to the object at ffff8881027bcb00 [ 16.837977] which belongs to the cache kmalloc-128 of size 128 [ 16.838979] The buggy address is located 0 bytes inside of [ 16.838979] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.839832] [ 16.839934] The buggy address belongs to the physical page: [ 16.840166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.840755] flags: 0x200000000000000(node=0|zone=2) [ 16.840986] page_type: f5(slab) [ 16.841150] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.841393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.841836] page dumped because: kasan: bad access detected [ 16.842060] [ 16.842171] Memory state around the buggy address: [ 16.842475] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.842835] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.843116] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.843515] ^ [ 16.843833] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.844177] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.844528] ================================================================== [ 16.870001] ================================================================== [ 16.870688] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.871127] Read of size 121 at addr ffff8881027bcb00 by task kunit_try_catch/303 [ 16.871798] [ 16.871915] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.871963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.871977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.871999] Call Trace: [ 16.872017] <TASK> [ 16.872032] dump_stack_lvl+0x73/0xb0 [ 16.872061] print_report+0xd1/0x610 [ 16.872084] ? __virt_addr_valid+0x1db/0x2d0 [ 16.872247] ? copy_user_test_oob+0x604/0x10f0 [ 16.872272] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.872295] ? copy_user_test_oob+0x604/0x10f0 [ 16.872334] kasan_report+0x141/0x180 [ 16.872357] ? copy_user_test_oob+0x604/0x10f0 [ 16.872385] kasan_check_range+0x10c/0x1c0 [ 16.872409] __kasan_check_read+0x15/0x20 [ 16.872429] copy_user_test_oob+0x604/0x10f0 [ 16.872454] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.872478] ? finish_task_switch.isra.0+0x153/0x700 [ 16.872503] ? __switch_to+0x47/0xf50 [ 16.872529] ? __schedule+0x10c6/0x2b60 [ 16.872552] ? __pfx_read_tsc+0x10/0x10 [ 16.872573] ? ktime_get_ts64+0x86/0x230 [ 16.872597] kunit_try_run_case+0x1a5/0x480 [ 16.872622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.872645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.872669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.872694] ? __kthread_parkme+0x82/0x180 [ 16.872715] ? preempt_count_sub+0x50/0x80 [ 16.872738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.872763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.872787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.872811] kthread+0x337/0x6f0 [ 16.872832] ? trace_preempt_on+0x20/0xc0 [ 16.872857] ? __pfx_kthread+0x10/0x10 [ 16.872878] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.872900] ? calculate_sigpending+0x7b/0xa0 [ 16.872925] ? __pfx_kthread+0x10/0x10 [ 16.872947] ret_from_fork+0x116/0x1d0 [ 16.872965] ? __pfx_kthread+0x10/0x10 [ 16.872986] ret_from_fork_asm+0x1a/0x30 [ 16.873016] </TASK> [ 16.873027] [ 16.883405] Allocated by task 303: [ 16.883921] kasan_save_stack+0x45/0x70 [ 16.884248] kasan_save_track+0x18/0x40 [ 16.884507] kasan_save_alloc_info+0x3b/0x50 [ 16.884792] __kasan_kmalloc+0xb7/0xc0 [ 16.884961] __kmalloc_noprof+0x1c9/0x500 [ 16.885229] kunit_kmalloc_array+0x25/0x60 [ 16.885563] copy_user_test_oob+0xab/0x10f0 [ 16.885844] kunit_try_run_case+0x1a5/0x480 [ 16.886099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.886532] kthread+0x337/0x6f0 [ 16.886850] ret_from_fork+0x116/0x1d0 [ 16.887028] ret_from_fork_asm+0x1a/0x30 [ 16.887323] [ 16.887409] The buggy address belongs to the object at ffff8881027bcb00 [ 16.887409] which belongs to the cache kmalloc-128 of size 128 [ 16.887986] The buggy address is located 0 bytes inside of [ 16.887986] allocated 120-byte region [ffff8881027bcb00, ffff8881027bcb78) [ 16.888826] [ 16.888929] The buggy address belongs to the physical page: [ 16.889140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc [ 16.889795] flags: 0x200000000000000(node=0|zone=2) [ 16.890102] page_type: f5(slab) [ 16.890425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.890848] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.891249] page dumped because: kasan: bad access detected [ 16.891665] [ 16.891840] Memory state around the buggy address: [ 16.892049] ffff8881027bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.892647] ffff8881027bca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.892957] >ffff8881027bcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.893267] ^ [ 16.893770] ffff8881027bcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.894136] ffff8881027bcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.894565] ==================================================================