Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.441373] ================================================================== [ 20.441454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 20.441866] Read of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.441944] [ 20.442282] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.442398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.442623] Hardware name: linux,dummy-virt (DT) [ 20.442697] Call trace: [ 20.442874] show_stack+0x20/0x38 (C) [ 20.442956] dump_stack_lvl+0x8c/0xd0 [ 20.443322] print_report+0x118/0x5d0 [ 20.443567] kasan_report+0xdc/0x128 [ 20.443628] kasan_check_range+0x100/0x1a8 [ 20.443694] __kasan_check_read+0x20/0x30 [ 20.444111] copy_user_test_oob+0x4a0/0xec8 [ 20.444425] kunit_try_run_case+0x170/0x3f0 [ 20.444674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.444822] kthread+0x328/0x630 [ 20.444941] ret_from_fork+0x10/0x20 [ 20.445462] [ 20.445840] Allocated by task 285: [ 20.446056] kasan_save_stack+0x3c/0x68 [ 20.446237] kasan_save_track+0x20/0x40 [ 20.446336] kasan_save_alloc_info+0x40/0x58 [ 20.446490] __kasan_kmalloc+0xd4/0xd8 [ 20.446544] __kmalloc_noprof+0x198/0x4c8 [ 20.446877] kunit_kmalloc_array+0x34/0x88 [ 20.447212] copy_user_test_oob+0xac/0xec8 [ 20.447359] kunit_try_run_case+0x170/0x3f0 [ 20.447508] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.447624] kthread+0x328/0x630 [ 20.447768] ret_from_fork+0x10/0x20 [ 20.447822] [ 20.447859] The buggy address belongs to the object at fff00000c78e9d00 [ 20.447859] which belongs to the cache kmalloc-128 of size 128 [ 20.448057] The buggy address is located 0 bytes inside of [ 20.448057] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.448132] [ 20.448158] The buggy address belongs to the physical page: [ 20.448202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.448464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.448526] page_type: f5(slab) [ 20.448576] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.448628] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.448682] page dumped because: kasan: bad access detected [ 20.448719] [ 20.448757] Memory state around the buggy address: [ 20.448826] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.449158] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.449664] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.449802] ^ [ 20.449866] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.450359] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.450541] ================================================================== [ 20.410020] ================================================================== [ 20.410151] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 20.410340] Write of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.410416] [ 20.410462] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.410913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.410962] Hardware name: linux,dummy-virt (DT) [ 20.411010] Call trace: [ 20.411037] show_stack+0x20/0x38 (C) [ 20.411335] dump_stack_lvl+0x8c/0xd0 [ 20.412375] print_report+0x118/0x5d0 [ 20.412444] kasan_report+0xdc/0x128 [ 20.412492] kasan_check_range+0x100/0x1a8 [ 20.412925] __kasan_check_write+0x20/0x30 [ 20.414063] copy_user_test_oob+0x35c/0xec8 [ 20.414226] kunit_try_run_case+0x170/0x3f0 [ 20.414362] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.414620] kthread+0x328/0x630 [ 20.414823] ret_from_fork+0x10/0x20 [ 20.414971] [ 20.415030] Allocated by task 285: [ 20.415062] kasan_save_stack+0x3c/0x68 [ 20.415267] kasan_save_track+0x20/0x40 [ 20.415340] kasan_save_alloc_info+0x40/0x58 [ 20.415418] __kasan_kmalloc+0xd4/0xd8 [ 20.415460] __kmalloc_noprof+0x198/0x4c8 [ 20.415512] kunit_kmalloc_array+0x34/0x88 [ 20.415570] copy_user_test_oob+0xac/0xec8 [ 20.415610] kunit_try_run_case+0x170/0x3f0 [ 20.415999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.416194] kthread+0x328/0x630 [ 20.416414] ret_from_fork+0x10/0x20 [ 20.417121] [ 20.417157] The buggy address belongs to the object at fff00000c78e9d00 [ 20.417157] which belongs to the cache kmalloc-128 of size 128 [ 20.417390] The buggy address is located 0 bytes inside of [ 20.417390] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.417664] [ 20.417712] The buggy address belongs to the physical page: [ 20.417749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.417807] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.417874] page_type: f5(slab) [ 20.417918] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.417999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.418053] page dumped because: kasan: bad access detected [ 20.418087] [ 20.418109] Memory state around the buggy address: [ 20.418146] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.418195] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.418242] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.418285] ^ [ 20.418338] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.418385] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.418433] ================================================================== [ 20.430973] ================================================================== [ 20.431220] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 20.431449] Write of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.431520] [ 20.431563] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.431656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.432109] Hardware name: linux,dummy-virt (DT) [ 20.432433] Call trace: [ 20.432470] show_stack+0x20/0x38 (C) [ 20.432866] dump_stack_lvl+0x8c/0xd0 [ 20.433117] print_report+0x118/0x5d0 [ 20.433425] kasan_report+0xdc/0x128 [ 20.433599] kasan_check_range+0x100/0x1a8 [ 20.434004] __kasan_check_write+0x20/0x30 [ 20.434123] copy_user_test_oob+0x434/0xec8 [ 20.434275] kunit_try_run_case+0x170/0x3f0 [ 20.434667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.435071] kthread+0x328/0x630 [ 20.435322] ret_from_fork+0x10/0x20 [ 20.435523] [ 20.435655] Allocated by task 285: [ 20.435701] kasan_save_stack+0x3c/0x68 [ 20.435750] kasan_save_track+0x20/0x40 [ 20.435808] kasan_save_alloc_info+0x40/0x58 [ 20.435861] __kasan_kmalloc+0xd4/0xd8 [ 20.435902] __kmalloc_noprof+0x198/0x4c8 [ 20.436327] kunit_kmalloc_array+0x34/0x88 [ 20.436705] copy_user_test_oob+0xac/0xec8 [ 20.436922] kunit_try_run_case+0x170/0x3f0 [ 20.436971] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.437254] kthread+0x328/0x630 [ 20.437412] ret_from_fork+0x10/0x20 [ 20.437658] [ 20.437694] The buggy address belongs to the object at fff00000c78e9d00 [ 20.437694] which belongs to the cache kmalloc-128 of size 128 [ 20.437945] The buggy address is located 0 bytes inside of [ 20.437945] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.438111] [ 20.438140] The buggy address belongs to the physical page: [ 20.438177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.438235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.438291] page_type: f5(slab) [ 20.438336] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.438401] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.438444] page dumped because: kasan: bad access detected [ 20.438498] [ 20.438521] Memory state around the buggy address: [ 20.438569] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.438616] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.438663] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.438705] ^ [ 20.438750] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.438797] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.438853] ================================================================== [ 20.389930] ================================================================== [ 20.390216] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 20.390305] Read of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.390375] [ 20.390422] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.390512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.390541] Hardware name: linux,dummy-virt (DT) [ 20.390577] Call trace: [ 20.390604] show_stack+0x20/0x38 (C) [ 20.390959] dump_stack_lvl+0x8c/0xd0 [ 20.391042] print_report+0x118/0x5d0 [ 20.391096] kasan_report+0xdc/0x128 [ 20.391466] kasan_check_range+0x100/0x1a8 [ 20.391545] __kasan_check_read+0x20/0x30 [ 20.391602] copy_user_test_oob+0x728/0xec8 [ 20.392106] kunit_try_run_case+0x170/0x3f0 [ 20.392215] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.392518] kthread+0x328/0x630 [ 20.392750] ret_from_fork+0x10/0x20 [ 20.393281] [ 20.393393] Allocated by task 285: [ 20.393473] kasan_save_stack+0x3c/0x68 [ 20.393837] kasan_save_track+0x20/0x40 [ 20.393956] kasan_save_alloc_info+0x40/0x58 [ 20.394054] __kasan_kmalloc+0xd4/0xd8 [ 20.394119] __kmalloc_noprof+0x198/0x4c8 [ 20.394327] kunit_kmalloc_array+0x34/0x88 [ 20.394391] copy_user_test_oob+0xac/0xec8 [ 20.394488] kunit_try_run_case+0x170/0x3f0 [ 20.394661] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.394714] kthread+0x328/0x630 [ 20.394760] ret_from_fork+0x10/0x20 [ 20.394800] [ 20.394838] The buggy address belongs to the object at fff00000c78e9d00 [ 20.394838] which belongs to the cache kmalloc-128 of size 128 [ 20.394932] The buggy address is located 0 bytes inside of [ 20.394932] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.395007] [ 20.395035] The buggy address belongs to the physical page: [ 20.395072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.395137] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.395193] page_type: f5(slab) [ 20.395248] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.395883] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.395944] page dumped because: kasan: bad access detected [ 20.395979] [ 20.396000] Memory state around the buggy address: [ 20.396202] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.396333] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.396585] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.396774] ^ [ 20.396870] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.397110] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.397318] ================================================================== [ 20.366802] ================================================================== [ 20.367955] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 20.368175] Write of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.368397] [ 20.368525] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.368991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.369067] Hardware name: linux,dummy-virt (DT) [ 20.369156] Call trace: [ 20.369320] show_stack+0x20/0x38 (C) [ 20.369421] dump_stack_lvl+0x8c/0xd0 [ 20.369787] print_report+0x118/0x5d0 [ 20.369908] kasan_report+0xdc/0x128 [ 20.369967] kasan_check_range+0x100/0x1a8 [ 20.370019] __kasan_check_write+0x20/0x30 [ 20.370068] copy_user_test_oob+0x234/0xec8 [ 20.370116] kunit_try_run_case+0x170/0x3f0 [ 20.370174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.370247] kthread+0x328/0x630 [ 20.370297] ret_from_fork+0x10/0x20 [ 20.370361] [ 20.370398] Allocated by task 285: [ 20.370435] kasan_save_stack+0x3c/0x68 [ 20.370499] kasan_save_track+0x20/0x40 [ 20.370551] kasan_save_alloc_info+0x40/0x58 [ 20.370596] __kasan_kmalloc+0xd4/0xd8 [ 20.370644] __kmalloc_noprof+0x198/0x4c8 [ 20.370711] kunit_kmalloc_array+0x34/0x88 [ 20.370751] copy_user_test_oob+0xac/0xec8 [ 20.370792] kunit_try_run_case+0x170/0x3f0 [ 20.370833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.371438] kthread+0x328/0x630 [ 20.371995] ret_from_fork+0x10/0x20 [ 20.372056] [ 20.372185] The buggy address belongs to the object at fff00000c78e9d00 [ 20.372185] which belongs to the cache kmalloc-128 of size 128 [ 20.372831] The buggy address is located 0 bytes inside of [ 20.372831] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.373012] [ 20.373041] The buggy address belongs to the physical page: [ 20.373144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.373723] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.374207] page_type: f5(slab) [ 20.374366] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.374442] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.374588] page dumped because: kasan: bad access detected [ 20.374647] [ 20.374732] Memory state around the buggy address: [ 20.375476] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.375737] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.376177] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.376308] ^ [ 20.376527] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.376674] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.376942] ================================================================== [ 20.418972] ================================================================== [ 20.419028] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 20.419079] Read of size 121 at addr fff00000c78e9d00 by task kunit_try_catch/285 [ 20.419133] [ 20.419168] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 20.419254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.419284] Hardware name: linux,dummy-virt (DT) [ 20.420057] Call trace: [ 20.420102] show_stack+0x20/0x38 (C) [ 20.420156] dump_stack_lvl+0x8c/0xd0 [ 20.420209] print_report+0x118/0x5d0 [ 20.420258] kasan_report+0xdc/0x128 [ 20.420762] kasan_check_range+0x100/0x1a8 [ 20.420999] __kasan_check_read+0x20/0x30 [ 20.421267] copy_user_test_oob+0x3c8/0xec8 [ 20.421717] kunit_try_run_case+0x170/0x3f0 [ 20.422030] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.422151] kthread+0x328/0x630 [ 20.422239] ret_from_fork+0x10/0x20 [ 20.422296] [ 20.422662] Allocated by task 285: [ 20.422887] kasan_save_stack+0x3c/0x68 [ 20.423059] kasan_save_track+0x20/0x40 [ 20.423247] kasan_save_alloc_info+0x40/0x58 [ 20.423565] __kasan_kmalloc+0xd4/0xd8 [ 20.423965] __kmalloc_noprof+0x198/0x4c8 [ 20.424168] kunit_kmalloc_array+0x34/0x88 [ 20.424225] copy_user_test_oob+0xac/0xec8 [ 20.424298] kunit_try_run_case+0x170/0x3f0 [ 20.424340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.424659] kthread+0x328/0x630 [ 20.425005] ret_from_fork+0x10/0x20 [ 20.425279] [ 20.425325] The buggy address belongs to the object at fff00000c78e9d00 [ 20.425325] which belongs to the cache kmalloc-128 of size 128 [ 20.425460] The buggy address is located 0 bytes inside of [ 20.425460] allocated 120-byte region [fff00000c78e9d00, fff00000c78e9d78) [ 20.425605] [ 20.425630] The buggy address belongs to the physical page: [ 20.426073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e9 [ 20.426316] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.426558] page_type: f5(slab) [ 20.426676] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.426911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.426960] page dumped because: kasan: bad access detected [ 20.427246] [ 20.427373] Memory state around the buggy address: [ 20.427904] fff00000c78e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.427968] fff00000c78e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.428016] >fff00000c78e9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.428067] ^ [ 20.428114] fff00000c78e9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.428443] fff00000c78e9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.428940] ==================================================================
[ 19.894386] ================================================================== [ 19.894737] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.895093] Write of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.895176] [ 19.895424] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.895523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.895996] Hardware name: linux,dummy-virt (DT) [ 19.896048] Call trace: [ 19.896104] show_stack+0x20/0x38 (C) [ 19.896168] dump_stack_lvl+0x8c/0xd0 [ 19.896526] print_report+0x118/0x5d0 [ 19.896642] kasan_report+0xdc/0x128 [ 19.897128] kasan_check_range+0x100/0x1a8 [ 19.897218] __kasan_check_write+0x20/0x30 [ 19.897429] copy_user_test_oob+0x434/0xec8 [ 19.897531] kunit_try_run_case+0x170/0x3f0 [ 19.897764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.898062] kthread+0x328/0x630 [ 19.898444] ret_from_fork+0x10/0x20 [ 19.898800] [ 19.898847] Allocated by task 285: [ 19.899027] kasan_save_stack+0x3c/0x68 [ 19.899286] kasan_save_track+0x20/0x40 [ 19.899507] kasan_save_alloc_info+0x40/0x58 [ 19.899676] __kasan_kmalloc+0xd4/0xd8 [ 19.899742] __kmalloc_noprof+0x198/0x4c8 [ 19.899788] kunit_kmalloc_array+0x34/0x88 [ 19.900096] copy_user_test_oob+0xac/0xec8 [ 19.900335] kunit_try_run_case+0x170/0x3f0 [ 19.900502] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.900594] kthread+0x328/0x630 [ 19.900694] ret_from_fork+0x10/0x20 [ 19.900823] [ 19.900951] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.900951] which belongs to the cache kmalloc-128 of size 128 [ 19.901031] The buggy address is located 0 bytes inside of [ 19.901031] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.901484] [ 19.901582] The buggy address belongs to the physical page: [ 19.901845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.902051] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.902151] page_type: f5(slab) [ 19.902292] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.902429] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.902474] page dumped because: kasan: bad access detected [ 19.902545] [ 19.902819] Memory state around the buggy address: [ 19.902910] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.903120] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.903170] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.903555] ^ [ 19.903878] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.904008] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.904053] ================================================================== [ 19.878077] ================================================================== [ 19.878505] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.878573] Write of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.878945] [ 19.879040] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.879413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.879485] Hardware name: linux,dummy-virt (DT) [ 19.879631] Call trace: [ 19.879793] show_stack+0x20/0x38 (C) [ 19.879855] dump_stack_lvl+0x8c/0xd0 [ 19.879965] print_report+0x118/0x5d0 [ 19.880018] kasan_report+0xdc/0x128 [ 19.880104] kasan_check_range+0x100/0x1a8 [ 19.880206] __kasan_check_write+0x20/0x30 [ 19.880483] copy_user_test_oob+0x35c/0xec8 [ 19.880722] kunit_try_run_case+0x170/0x3f0 [ 19.880952] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.881286] kthread+0x328/0x630 [ 19.881419] ret_from_fork+0x10/0x20 [ 19.881594] [ 19.881757] Allocated by task 285: [ 19.881793] kasan_save_stack+0x3c/0x68 [ 19.881876] kasan_save_track+0x20/0x40 [ 19.882186] kasan_save_alloc_info+0x40/0x58 [ 19.882543] __kasan_kmalloc+0xd4/0xd8 [ 19.882624] __kmalloc_noprof+0x198/0x4c8 [ 19.882757] kunit_kmalloc_array+0x34/0x88 [ 19.882842] copy_user_test_oob+0xac/0xec8 [ 19.882974] kunit_try_run_case+0x170/0x3f0 [ 19.883080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.883458] kthread+0x328/0x630 [ 19.883522] ret_from_fork+0x10/0x20 [ 19.883879] [ 19.883939] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.883939] which belongs to the cache kmalloc-128 of size 128 [ 19.884053] The buggy address is located 0 bytes inside of [ 19.884053] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.884241] [ 19.884297] The buggy address belongs to the physical page: [ 19.884393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.884460] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.884552] page_type: f5(slab) [ 19.884908] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.884991] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.885387] page dumped because: kasan: bad access detected [ 19.885701] [ 19.885738] Memory state around the buggy address: [ 19.885778] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.885990] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.886423] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.886660] ^ [ 19.886797] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.886910] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.886954] ================================================================== [ 19.906224] ================================================================== [ 19.906352] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.906425] Read of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.906478] [ 19.906679] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.907096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.907172] Hardware name: linux,dummy-virt (DT) [ 19.907247] Call trace: [ 19.907277] show_stack+0x20/0x38 (C) [ 19.907522] dump_stack_lvl+0x8c/0xd0 [ 19.907675] print_report+0x118/0x5d0 [ 19.907967] kasan_report+0xdc/0x128 [ 19.908182] kasan_check_range+0x100/0x1a8 [ 19.908280] __kasan_check_read+0x20/0x30 [ 19.908530] copy_user_test_oob+0x4a0/0xec8 [ 19.908607] kunit_try_run_case+0x170/0x3f0 [ 19.908862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.909018] kthread+0x328/0x630 [ 19.909176] ret_from_fork+0x10/0x20 [ 19.909234] [ 19.909266] Allocated by task 285: [ 19.909303] kasan_save_stack+0x3c/0x68 [ 19.909657] kasan_save_track+0x20/0x40 [ 19.909853] kasan_save_alloc_info+0x40/0x58 [ 19.909926] __kasan_kmalloc+0xd4/0xd8 [ 19.910145] __kmalloc_noprof+0x198/0x4c8 [ 19.910312] kunit_kmalloc_array+0x34/0x88 [ 19.910786] copy_user_test_oob+0xac/0xec8 [ 19.910967] kunit_try_run_case+0x170/0x3f0 [ 19.911201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.911458] kthread+0x328/0x630 [ 19.911573] ret_from_fork+0x10/0x20 [ 19.911697] [ 19.911722] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.911722] which belongs to the cache kmalloc-128 of size 128 [ 19.911830] The buggy address is located 0 bytes inside of [ 19.911830] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.912205] [ 19.912262] The buggy address belongs to the physical page: [ 19.912607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.912785] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.912888] page_type: f5(slab) [ 19.913015] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.913083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.913133] page dumped because: kasan: bad access detected [ 19.913478] [ 19.913517] Memory state around the buggy address: [ 19.913572] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.913842] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.913899] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.913941] ^ [ 19.914111] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.914175] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.914217] ================================================================== [ 19.887975] ================================================================== [ 19.888738] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.888821] Read of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.889090] [ 19.889266] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.889406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.889473] Hardware name: linux,dummy-virt (DT) [ 19.889508] Call trace: [ 19.889533] show_stack+0x20/0x38 (C) [ 19.889904] dump_stack_lvl+0x8c/0xd0 [ 19.890117] print_report+0x118/0x5d0 [ 19.890418] kasan_report+0xdc/0x128 [ 19.890526] kasan_check_range+0x100/0x1a8 [ 19.890593] __kasan_check_read+0x20/0x30 [ 19.890639] copy_user_test_oob+0x3c8/0xec8 [ 19.890716] kunit_try_run_case+0x170/0x3f0 [ 19.890769] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.890824] kthread+0x328/0x630 [ 19.890882] ret_from_fork+0x10/0x20 [ 19.890934] [ 19.890955] Allocated by task 285: [ 19.890992] kasan_save_stack+0x3c/0x68 [ 19.891047] kasan_save_track+0x20/0x40 [ 19.891087] kasan_save_alloc_info+0x40/0x58 [ 19.891131] __kasan_kmalloc+0xd4/0xd8 [ 19.891170] __kmalloc_noprof+0x198/0x4c8 [ 19.891211] kunit_kmalloc_array+0x34/0x88 [ 19.891262] copy_user_test_oob+0xac/0xec8 [ 19.891315] kunit_try_run_case+0x170/0x3f0 [ 19.891391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.891446] kthread+0x328/0x630 [ 19.891489] ret_from_fork+0x10/0x20 [ 19.891526] [ 19.891549] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.891549] which belongs to the cache kmalloc-128 of size 128 [ 19.891608] The buggy address is located 0 bytes inside of [ 19.891608] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.891682] [ 19.891718] The buggy address belongs to the physical page: [ 19.891755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.891816] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.891883] page_type: f5(slab) [ 19.891923] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.891975] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.892017] page dumped because: kasan: bad access detected [ 19.892059] [ 19.892095] Memory state around the buggy address: [ 19.892128] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.892180] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.892241] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.892281] ^ [ 19.892332] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.892896] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.893345] ================================================================== [ 19.861673] ================================================================== [ 19.861748] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.861809] Read of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.861863] [ 19.861904] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.861991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.862019] Hardware name: linux,dummy-virt (DT) [ 19.862055] Call trace: [ 19.862081] show_stack+0x20/0x38 (C) [ 19.862134] dump_stack_lvl+0x8c/0xd0 [ 19.862182] print_report+0x118/0x5d0 [ 19.862229] kasan_report+0xdc/0x128 [ 19.862277] kasan_check_range+0x100/0x1a8 [ 19.862342] __kasan_check_read+0x20/0x30 [ 19.862387] copy_user_test_oob+0x728/0xec8 [ 19.862436] kunit_try_run_case+0x170/0x3f0 [ 19.862495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.862549] kthread+0x328/0x630 [ 19.862597] ret_from_fork+0x10/0x20 [ 19.862648] [ 19.862680] Allocated by task 285: [ 19.862712] kasan_save_stack+0x3c/0x68 [ 19.862756] kasan_save_track+0x20/0x40 [ 19.862794] kasan_save_alloc_info+0x40/0x58 [ 19.862836] __kasan_kmalloc+0xd4/0xd8 [ 19.862873] __kmalloc_noprof+0x198/0x4c8 [ 19.862914] kunit_kmalloc_array+0x34/0x88 [ 19.862959] copy_user_test_oob+0xac/0xec8 [ 19.863000] kunit_try_run_case+0x170/0x3f0 [ 19.863039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.863083] kthread+0x328/0x630 [ 19.863118] ret_from_fork+0x10/0x20 [ 19.863154] [ 19.863176] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.863176] which belongs to the cache kmalloc-128 of size 128 [ 19.863245] The buggy address is located 0 bytes inside of [ 19.863245] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.863315] [ 19.864877] The buggy address belongs to the physical page: [ 19.864951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.865121] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.865285] page_type: f5(slab) [ 19.865699] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.865797] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.865877] page dumped because: kasan: bad access detected [ 19.865930] [ 19.866726] Memory state around the buggy address: [ 19.866772] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.866857] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.866913] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.866976] ^ [ 19.867046] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.867380] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.867643] ================================================================== [ 19.846697] ================================================================== [ 19.846808] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.846890] Write of size 121 at addr fff00000c7a4ee00 by task kunit_try_catch/285 [ 19.846944] [ 19.847029] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.847214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.847272] Hardware name: linux,dummy-virt (DT) [ 19.847339] Call trace: [ 19.847449] show_stack+0x20/0x38 (C) [ 19.847511] dump_stack_lvl+0x8c/0xd0 [ 19.847566] print_report+0x118/0x5d0 [ 19.847615] kasan_report+0xdc/0x128 [ 19.847901] kasan_check_range+0x100/0x1a8 [ 19.847972] __kasan_check_write+0x20/0x30 [ 19.848082] copy_user_test_oob+0x234/0xec8 [ 19.848143] kunit_try_run_case+0x170/0x3f0 [ 19.848205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.848266] kthread+0x328/0x630 [ 19.848312] ret_from_fork+0x10/0x20 [ 19.848377] [ 19.848478] Allocated by task 285: [ 19.848529] kasan_save_stack+0x3c/0x68 [ 19.848760] kasan_save_track+0x20/0x40 [ 19.848977] kasan_save_alloc_info+0x40/0x58 [ 19.849210] __kasan_kmalloc+0xd4/0xd8 [ 19.849256] __kmalloc_noprof+0x198/0x4c8 [ 19.849595] kunit_kmalloc_array+0x34/0x88 [ 19.849706] copy_user_test_oob+0xac/0xec8 [ 19.850019] kunit_try_run_case+0x170/0x3f0 [ 19.850104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.850285] kthread+0x328/0x630 [ 19.850338] ret_from_fork+0x10/0x20 [ 19.850720] [ 19.850761] The buggy address belongs to the object at fff00000c7a4ee00 [ 19.850761] which belongs to the cache kmalloc-128 of size 128 [ 19.851137] The buggy address is located 0 bytes inside of [ 19.851137] allocated 120-byte region [fff00000c7a4ee00, fff00000c7a4ee78) [ 19.851333] [ 19.851401] The buggy address belongs to the physical page: [ 19.851456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a4e [ 19.851593] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.851765] page_type: f5(slab) [ 19.852157] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.852226] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.852272] page dumped because: kasan: bad access detected [ 19.852364] [ 19.852512] Memory state around the buggy address: [ 19.852608] fff00000c7a4ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.852691] fff00000c7a4ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.852736] >fff00000c7a4ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.853105] ^ [ 19.853180] fff00000c7a4ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.853238] fff00000c7a4ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.853620] ==================================================================
[ 19.490329] ================================================================== [ 19.490412] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.490467] Read of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.490880] [ 19.490922] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.491038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.491085] Hardware name: linux,dummy-virt (DT) [ 19.491119] Call trace: [ 19.491146] show_stack+0x20/0x38 (C) [ 19.491198] dump_stack_lvl+0x8c/0xd0 [ 19.491248] print_report+0x118/0x5d0 [ 19.491297] kasan_report+0xdc/0x128 [ 19.491528] kasan_check_range+0x100/0x1a8 [ 19.491600] __kasan_check_read+0x20/0x30 [ 19.491645] copy_user_test_oob+0x728/0xec8 [ 19.491692] kunit_try_run_case+0x170/0x3f0 [ 19.491754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.491818] kthread+0x328/0x630 [ 19.491861] ret_from_fork+0x10/0x20 [ 19.491909] [ 19.492165] Allocated by task 285: [ 19.492272] kasan_save_stack+0x3c/0x68 [ 19.492321] kasan_save_track+0x20/0x40 [ 19.492362] kasan_save_alloc_info+0x40/0x58 [ 19.492404] __kasan_kmalloc+0xd4/0xd8 [ 19.492447] __kmalloc_noprof+0x198/0x4c8 [ 19.492488] kunit_kmalloc_array+0x34/0x88 [ 19.492528] copy_user_test_oob+0xac/0xec8 [ 19.492568] kunit_try_run_case+0x170/0x3f0 [ 19.492610] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.492655] kthread+0x328/0x630 [ 19.492700] ret_from_fork+0x10/0x20 [ 19.492749] [ 19.492770] The buggy address belongs to the object at fff00000c7716c00 [ 19.492770] which belongs to the cache kmalloc-128 of size 128 [ 19.492926] The buggy address is located 0 bytes inside of [ 19.492926] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.493327] [ 19.493411] The buggy address belongs to the physical page: [ 19.493449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.493513] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.493632] page_type: f5(slab) [ 19.493674] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.493737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.493779] page dumped because: kasan: bad access detected [ 19.494024] [ 19.494076] Memory state around the buggy address: [ 19.494124] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.494310] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.494401] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.494504] ^ [ 19.494546] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.494591] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.494678] ================================================================== [ 19.505162] ================================================================== [ 19.505244] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.505305] Write of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.505365] [ 19.505402] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.505489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.505854] Hardware name: linux,dummy-virt (DT) [ 19.505922] Call trace: [ 19.505950] show_stack+0x20/0x38 (C) [ 19.506094] dump_stack_lvl+0x8c/0xd0 [ 19.506179] print_report+0x118/0x5d0 [ 19.506252] kasan_report+0xdc/0x128 [ 19.506299] kasan_check_range+0x100/0x1a8 [ 19.506521] __kasan_check_write+0x20/0x30 [ 19.506668] copy_user_test_oob+0x35c/0xec8 [ 19.506742] kunit_try_run_case+0x170/0x3f0 [ 19.506858] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.506962] kthread+0x328/0x630 [ 19.507045] ret_from_fork+0x10/0x20 [ 19.507216] [ 19.507278] Allocated by task 285: [ 19.507410] kasan_save_stack+0x3c/0x68 [ 19.507460] kasan_save_track+0x20/0x40 [ 19.507511] kasan_save_alloc_info+0x40/0x58 [ 19.507560] __kasan_kmalloc+0xd4/0xd8 [ 19.507862] __kmalloc_noprof+0x198/0x4c8 [ 19.508023] kunit_kmalloc_array+0x34/0x88 [ 19.508103] copy_user_test_oob+0xac/0xec8 [ 19.508177] kunit_try_run_case+0x170/0x3f0 [ 19.508491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.508641] kthread+0x328/0x630 [ 19.508766] ret_from_fork+0x10/0x20 [ 19.508809] [ 19.508831] The buggy address belongs to the object at fff00000c7716c00 [ 19.508831] which belongs to the cache kmalloc-128 of size 128 [ 19.509052] The buggy address is located 0 bytes inside of [ 19.509052] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.509191] [ 19.509252] The buggy address belongs to the physical page: [ 19.509538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.509623] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.509775] page_type: f5(slab) [ 19.509855] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.509940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.510110] page dumped because: kasan: bad access detected [ 19.510177] [ 19.510484] Memory state around the buggy address: [ 19.510540] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.510660] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.510749] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.511052] ^ [ 19.511182] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.511241] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.511282] ================================================================== [ 19.512231] ================================================================== [ 19.512307] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.512360] Read of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.512679] [ 19.512760] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.512853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.512882] Hardware name: linux,dummy-virt (DT) [ 19.512917] Call trace: [ 19.513014] show_stack+0x20/0x38 (C) [ 19.513071] dump_stack_lvl+0x8c/0xd0 [ 19.513118] print_report+0x118/0x5d0 [ 19.513166] kasan_report+0xdc/0x128 [ 19.513213] kasan_check_range+0x100/0x1a8 [ 19.513261] __kasan_check_read+0x20/0x30 [ 19.513320] copy_user_test_oob+0x3c8/0xec8 [ 19.513372] kunit_try_run_case+0x170/0x3f0 [ 19.513423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.513478] kthread+0x328/0x630 [ 19.513531] ret_from_fork+0x10/0x20 [ 19.513581] [ 19.513609] Allocated by task 285: [ 19.513641] kasan_save_stack+0x3c/0x68 [ 19.513682] kasan_save_track+0x20/0x40 [ 19.514113] kasan_save_alloc_info+0x40/0x58 [ 19.514173] __kasan_kmalloc+0xd4/0xd8 [ 19.514460] __kmalloc_noprof+0x198/0x4c8 [ 19.514590] kunit_kmalloc_array+0x34/0x88 [ 19.514686] copy_user_test_oob+0xac/0xec8 [ 19.514761] kunit_try_run_case+0x170/0x3f0 [ 19.515092] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.515298] kthread+0x328/0x630 [ 19.515378] ret_from_fork+0x10/0x20 [ 19.515522] [ 19.515545] The buggy address belongs to the object at fff00000c7716c00 [ 19.515545] which belongs to the cache kmalloc-128 of size 128 [ 19.515607] The buggy address is located 0 bytes inside of [ 19.515607] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.516011] [ 19.516110] The buggy address belongs to the physical page: [ 19.516179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.516242] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.516596] page_type: f5(slab) [ 19.516752] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.516834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.516916] page dumped because: kasan: bad access detected [ 19.517013] [ 19.517074] Memory state around the buggy address: [ 19.517110] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.517156] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.517490] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.517782] ^ [ 19.518008] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.518081] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.518123] ================================================================== [ 19.519167] ================================================================== [ 19.519222] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.519275] Write of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.519329] [ 19.519363] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.519496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.519593] Hardware name: linux,dummy-virt (DT) [ 19.519740] Call trace: [ 19.519817] show_stack+0x20/0x38 (C) [ 19.519895] dump_stack_lvl+0x8c/0xd0 [ 19.520223] print_report+0x118/0x5d0 [ 19.520386] kasan_report+0xdc/0x128 [ 19.520439] kasan_check_range+0x100/0x1a8 [ 19.520735] __kasan_check_write+0x20/0x30 [ 19.521064] copy_user_test_oob+0x434/0xec8 [ 19.521186] kunit_try_run_case+0x170/0x3f0 [ 19.521485] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.521631] kthread+0x328/0x630 [ 19.521698] ret_from_fork+0x10/0x20 [ 19.521769] [ 19.521808] Allocated by task 285: [ 19.521862] kasan_save_stack+0x3c/0x68 [ 19.521917] kasan_save_track+0x20/0x40 [ 19.521957] kasan_save_alloc_info+0x40/0x58 [ 19.521999] __kasan_kmalloc+0xd4/0xd8 [ 19.522041] __kmalloc_noprof+0x198/0x4c8 [ 19.522083] kunit_kmalloc_array+0x34/0x88 [ 19.522132] copy_user_test_oob+0xac/0xec8 [ 19.522172] kunit_try_run_case+0x170/0x3f0 [ 19.522212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.522259] kthread+0x328/0x630 [ 19.522304] ret_from_fork+0x10/0x20 [ 19.522342] [ 19.522379] The buggy address belongs to the object at fff00000c7716c00 [ 19.522379] which belongs to the cache kmalloc-128 of size 128 [ 19.522447] The buggy address is located 0 bytes inside of [ 19.522447] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.522518] [ 19.522550] The buggy address belongs to the physical page: [ 19.522600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.522653] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.522848] page_type: f5(slab) [ 19.522903] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.523049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.523232] page dumped because: kasan: bad access detected [ 19.523283] [ 19.523705] Memory state around the buggy address: [ 19.523860] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.523933] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.524035] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.524329] ^ [ 19.524384] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.524693] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.525056] ================================================================== [ 19.526260] ================================================================== [ 19.526337] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.526389] Read of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.526450] [ 19.526756] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.526862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.526958] Hardware name: linux,dummy-virt (DT) [ 19.527028] Call trace: [ 19.527075] show_stack+0x20/0x38 (C) [ 19.527406] dump_stack_lvl+0x8c/0xd0 [ 19.527618] print_report+0x118/0x5d0 [ 19.527678] kasan_report+0xdc/0x128 [ 19.527766] kasan_check_range+0x100/0x1a8 [ 19.527819] __kasan_check_read+0x20/0x30 [ 19.527971] copy_user_test_oob+0x4a0/0xec8 [ 19.528046] kunit_try_run_case+0x170/0x3f0 [ 19.528361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.528436] kthread+0x328/0x630 [ 19.528769] ret_from_fork+0x10/0x20 [ 19.529151] [ 19.529240] Allocated by task 285: [ 19.529311] kasan_save_stack+0x3c/0x68 [ 19.529369] kasan_save_track+0x20/0x40 [ 19.529516] kasan_save_alloc_info+0x40/0x58 [ 19.529614] __kasan_kmalloc+0xd4/0xd8 [ 19.529683] __kmalloc_noprof+0x198/0x4c8 [ 19.529835] kunit_kmalloc_array+0x34/0x88 [ 19.529879] copy_user_test_oob+0xac/0xec8 [ 19.529919] kunit_try_run_case+0x170/0x3f0 [ 19.529982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.530229] kthread+0x328/0x630 [ 19.530274] ret_from_fork+0x10/0x20 [ 19.530577] [ 19.530642] The buggy address belongs to the object at fff00000c7716c00 [ 19.530642] which belongs to the cache kmalloc-128 of size 128 [ 19.530858] The buggy address is located 0 bytes inside of [ 19.530858] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.530960] [ 19.531010] The buggy address belongs to the physical page: [ 19.531118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.531221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.531323] page_type: f5(slab) [ 19.531660] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.531835] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.531910] page dumped because: kasan: bad access detected [ 19.531975] [ 19.532147] Memory state around the buggy address: [ 19.532346] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.532433] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.532506] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.532547] ^ [ 19.532598] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.532858] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.533044] ================================================================== [ 19.477622] ================================================================== [ 19.477749] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.477840] Write of size 121 at addr fff00000c7716c00 by task kunit_try_catch/285 [ 19.477896] [ 19.477945] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 19.478037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.478068] Hardware name: linux,dummy-virt (DT) [ 19.478105] Call trace: [ 19.478131] show_stack+0x20/0x38 (C) [ 19.478187] dump_stack_lvl+0x8c/0xd0 [ 19.478265] print_report+0x118/0x5d0 [ 19.478409] kasan_report+0xdc/0x128 [ 19.478591] kasan_check_range+0x100/0x1a8 [ 19.478759] __kasan_check_write+0x20/0x30 [ 19.478874] copy_user_test_oob+0x234/0xec8 [ 19.478923] kunit_try_run_case+0x170/0x3f0 [ 19.478979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.479035] kthread+0x328/0x630 [ 19.479080] ret_from_fork+0x10/0x20 [ 19.479133] [ 19.479231] Allocated by task 285: [ 19.479267] kasan_save_stack+0x3c/0x68 [ 19.479628] kasan_save_track+0x20/0x40 [ 19.479677] kasan_save_alloc_info+0x40/0x58 [ 19.479909] __kasan_kmalloc+0xd4/0xd8 [ 19.480176] __kmalloc_noprof+0x198/0x4c8 [ 19.480283] kunit_kmalloc_array+0x34/0x88 [ 19.480322] copy_user_test_oob+0xac/0xec8 [ 19.480364] kunit_try_run_case+0x170/0x3f0 [ 19.480406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.480451] kthread+0x328/0x630 [ 19.480486] ret_from_fork+0x10/0x20 [ 19.480524] [ 19.480550] The buggy address belongs to the object at fff00000c7716c00 [ 19.480550] which belongs to the cache kmalloc-128 of size 128 [ 19.480612] The buggy address is located 0 bytes inside of [ 19.480612] allocated 120-byte region [fff00000c7716c00, fff00000c7716c78) [ 19.480675] [ 19.480699] The buggy address belongs to the physical page: [ 19.480745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107716 [ 19.480809] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.480862] page_type: f5(slab) [ 19.480906] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.480959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.481001] page dumped because: kasan: bad access detected [ 19.481035] [ 19.481055] Memory state around the buggy address: [ 19.481090] fff00000c7716b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.481135] fff00000c7716b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.481180] >fff00000c7716c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.481221] ^ [ 19.481264] fff00000c7716c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.481973] fff00000c7716d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.482102] ==================================================================
[ 16.002553] ================================================================== [ 16.002903] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.003238] Write of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 16.003565] [ 16.003683] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.003741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.003754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.003777] Call Trace: [ 16.003792] <TASK> [ 16.003822] dump_stack_lvl+0x73/0xb0 [ 16.003854] print_report+0xd1/0x610 [ 16.003878] ? __virt_addr_valid+0x1db/0x2d0 [ 16.003903] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.003937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.003962] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.003987] kasan_report+0x141/0x180 [ 16.004020] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.004050] kasan_check_range+0x10c/0x1c0 [ 16.004077] __kasan_check_write+0x18/0x20 [ 16.004101] copy_user_test_oob+0x3fd/0x10f0 [ 16.004130] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.004153] ? finish_task_switch.isra.0+0x153/0x700 [ 16.004178] ? __switch_to+0x47/0xf50 [ 16.004206] ? __schedule+0x10cc/0x2b60 [ 16.004231] ? __pfx_read_tsc+0x10/0x10 [ 16.004252] ? ktime_get_ts64+0x86/0x230 [ 16.004278] kunit_try_run_case+0x1a5/0x480 [ 16.004314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.004375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.004401] ? __kthread_parkme+0x82/0x180 [ 16.004430] ? preempt_count_sub+0x50/0x80 [ 16.004472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.004523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.004548] kthread+0x337/0x6f0 [ 16.004579] ? trace_preempt_on+0x20/0xc0 [ 16.004605] ? __pfx_kthread+0x10/0x10 [ 16.004627] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.004650] ? calculate_sigpending+0x7b/0xa0 [ 16.004678] ? __pfx_kthread+0x10/0x10 [ 16.004703] ret_from_fork+0x116/0x1d0 [ 16.004724] ? __pfx_kthread+0x10/0x10 [ 16.004747] ret_from_fork_asm+0x1a/0x30 [ 16.004781] </TASK> [ 16.004796] [ 16.012382] Allocated by task 303: [ 16.012567] kasan_save_stack+0x45/0x70 [ 16.012785] kasan_save_track+0x18/0x40 [ 16.012976] kasan_save_alloc_info+0x3b/0x50 [ 16.013189] __kasan_kmalloc+0xb7/0xc0 [ 16.013378] __kmalloc_noprof+0x1c9/0x500 [ 16.013584] kunit_kmalloc_array+0x25/0x60 [ 16.013783] copy_user_test_oob+0xab/0x10f0 [ 16.013931] kunit_try_run_case+0x1a5/0x480 [ 16.014139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.014398] kthread+0x337/0x6f0 [ 16.014635] ret_from_fork+0x116/0x1d0 [ 16.014802] ret_from_fork_asm+0x1a/0x30 [ 16.015005] [ 16.015103] The buggy address belongs to the object at ffff888102ae1400 [ 16.015103] which belongs to the cache kmalloc-128 of size 128 [ 16.015613] The buggy address is located 0 bytes inside of [ 16.015613] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.016120] [ 16.016224] The buggy address belongs to the physical page: [ 16.016458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.016813] flags: 0x200000000000000(node=0|zone=2) [ 16.016988] page_type: f5(slab) [ 16.017116] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.017356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.017749] page dumped because: kasan: bad access detected [ 16.018000] [ 16.018093] Memory state around the buggy address: [ 16.018315] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.018787] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.019016] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.019233] ^ [ 16.019518] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.019858] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.020192] ================================================================== [ 16.067109] ================================================================== [ 16.067574] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.067897] Read of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 16.068252] [ 16.068390] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.068452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.068465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.068487] Call Trace: [ 16.068503] <TASK> [ 16.068537] dump_stack_lvl+0x73/0xb0 [ 16.068576] print_report+0xd1/0x610 [ 16.068599] ? __virt_addr_valid+0x1db/0x2d0 [ 16.068623] ? copy_user_test_oob+0x604/0x10f0 [ 16.068660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.068685] ? copy_user_test_oob+0x604/0x10f0 [ 16.068736] kasan_report+0x141/0x180 [ 16.068761] ? copy_user_test_oob+0x604/0x10f0 [ 16.068791] kasan_check_range+0x10c/0x1c0 [ 16.068827] __kasan_check_read+0x15/0x20 [ 16.068847] copy_user_test_oob+0x604/0x10f0 [ 16.068899] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.068922] ? finish_task_switch.isra.0+0x153/0x700 [ 16.068957] ? __switch_to+0x47/0xf50 [ 16.068984] ? __schedule+0x10cc/0x2b60 [ 16.069033] ? __pfx_read_tsc+0x10/0x10 [ 16.069055] ? ktime_get_ts64+0x86/0x230 [ 16.069080] kunit_try_run_case+0x1a5/0x480 [ 16.069117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.069145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.069196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.069221] ? __kthread_parkme+0x82/0x180 [ 16.069270] ? preempt_count_sub+0x50/0x80 [ 16.069309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.069348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.069386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.069425] kthread+0x337/0x6f0 [ 16.069455] ? trace_preempt_on+0x20/0xc0 [ 16.069479] ? __pfx_kthread+0x10/0x10 [ 16.069500] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.069531] ? calculate_sigpending+0x7b/0xa0 [ 16.069565] ? __pfx_kthread+0x10/0x10 [ 16.069587] ret_from_fork+0x116/0x1d0 [ 16.069617] ? __pfx_kthread+0x10/0x10 [ 16.069638] ret_from_fork_asm+0x1a/0x30 [ 16.069671] </TASK> [ 16.069683] [ 16.078006] Allocated by task 303: [ 16.078158] kasan_save_stack+0x45/0x70 [ 16.078361] kasan_save_track+0x18/0x40 [ 16.078583] kasan_save_alloc_info+0x3b/0x50 [ 16.078814] __kasan_kmalloc+0xb7/0xc0 [ 16.079011] __kmalloc_noprof+0x1c9/0x500 [ 16.079235] kunit_kmalloc_array+0x25/0x60 [ 16.079458] copy_user_test_oob+0xab/0x10f0 [ 16.079709] kunit_try_run_case+0x1a5/0x480 [ 16.079929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.080195] kthread+0x337/0x6f0 [ 16.080367] ret_from_fork+0x116/0x1d0 [ 16.080543] ret_from_fork_asm+0x1a/0x30 [ 16.080792] [ 16.080902] The buggy address belongs to the object at ffff888102ae1400 [ 16.080902] which belongs to the cache kmalloc-128 of size 128 [ 16.081373] The buggy address is located 0 bytes inside of [ 16.081373] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.081910] [ 16.082028] The buggy address belongs to the physical page: [ 16.082284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.082635] flags: 0x200000000000000(node=0|zone=2) [ 16.082890] page_type: f5(slab) [ 16.083056] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.083321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.083700] page dumped because: kasan: bad access detected [ 16.083965] [ 16.084103] Memory state around the buggy address: [ 16.084276] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.084713] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.084930] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.085141] ^ [ 16.085347] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.085690] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.086011] ================================================================== [ 16.045856] ================================================================== [ 16.046703] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.047299] Write of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 16.047775] [ 16.048167] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.048329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.048346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.048367] Call Trace: [ 16.048398] <TASK> [ 16.048415] dump_stack_lvl+0x73/0xb0 [ 16.048458] print_report+0xd1/0x610 [ 16.048483] ? __virt_addr_valid+0x1db/0x2d0 [ 16.048506] ? copy_user_test_oob+0x557/0x10f0 [ 16.048531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.048593] ? copy_user_test_oob+0x557/0x10f0 [ 16.048619] kasan_report+0x141/0x180 [ 16.048642] ? copy_user_test_oob+0x557/0x10f0 [ 16.048673] kasan_check_range+0x10c/0x1c0 [ 16.048697] __kasan_check_write+0x18/0x20 [ 16.048717] copy_user_test_oob+0x557/0x10f0 [ 16.048744] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.048767] ? finish_task_switch.isra.0+0x153/0x700 [ 16.048792] ? __switch_to+0x47/0xf50 [ 16.048818] ? __schedule+0x10cc/0x2b60 [ 16.048842] ? __pfx_read_tsc+0x10/0x10 [ 16.048864] ? ktime_get_ts64+0x86/0x230 [ 16.048889] kunit_try_run_case+0x1a5/0x480 [ 16.048914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.048937] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.048962] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.048987] ? __kthread_parkme+0x82/0x180 [ 16.049009] ? preempt_count_sub+0x50/0x80 [ 16.049033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.049058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.049083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.049108] kthread+0x337/0x6f0 [ 16.049133] ? trace_preempt_on+0x20/0xc0 [ 16.049157] ? __pfx_kthread+0x10/0x10 [ 16.049178] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.049201] ? calculate_sigpending+0x7b/0xa0 [ 16.049226] ? __pfx_kthread+0x10/0x10 [ 16.049248] ret_from_fork+0x116/0x1d0 [ 16.049268] ? __pfx_kthread+0x10/0x10 [ 16.049289] ret_from_fork_asm+0x1a/0x30 [ 16.049323] </TASK> [ 16.049333] [ 16.057686] Allocated by task 303: [ 16.057913] kasan_save_stack+0x45/0x70 [ 16.058146] kasan_save_track+0x18/0x40 [ 16.058362] kasan_save_alloc_info+0x3b/0x50 [ 16.058607] __kasan_kmalloc+0xb7/0xc0 [ 16.058808] __kmalloc_noprof+0x1c9/0x500 [ 16.059032] kunit_kmalloc_array+0x25/0x60 [ 16.059251] copy_user_test_oob+0xab/0x10f0 [ 16.059512] kunit_try_run_case+0x1a5/0x480 [ 16.059767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.060167] kthread+0x337/0x6f0 [ 16.060372] ret_from_fork+0x116/0x1d0 [ 16.060571] ret_from_fork_asm+0x1a/0x30 [ 16.060867] [ 16.060980] The buggy address belongs to the object at ffff888102ae1400 [ 16.060980] which belongs to the cache kmalloc-128 of size 128 [ 16.061525] The buggy address is located 0 bytes inside of [ 16.061525] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.062004] [ 16.062097] The buggy address belongs to the physical page: [ 16.062289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.062573] flags: 0x200000000000000(node=0|zone=2) [ 16.062837] page_type: f5(slab) [ 16.063008] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.063388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.063666] page dumped because: kasan: bad access detected [ 16.063840] [ 16.063911] Memory state around the buggy address: [ 16.064091] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.064455] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.064934] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.065366] ^ [ 16.065706] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.065926] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.066263] ================================================================== [ 16.020755] ================================================================== [ 16.021120] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.021742] Read of size 121 at addr ffff888102ae1400 by task kunit_try_catch/303 [ 16.022054] [ 16.022162] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.022205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.022217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.022239] Call Trace: [ 16.022254] <TASK> [ 16.022271] dump_stack_lvl+0x73/0xb0 [ 16.022298] print_report+0xd1/0x610 [ 16.022322] ? __virt_addr_valid+0x1db/0x2d0 [ 16.022345] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.022370] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.022394] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.022419] kasan_report+0x141/0x180 [ 16.022456] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.022489] kasan_check_range+0x10c/0x1c0 [ 16.022514] __kasan_check_read+0x15/0x20 [ 16.022534] copy_user_test_oob+0x4aa/0x10f0 [ 16.022561] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.022595] ? finish_task_switch.isra.0+0x153/0x700 [ 16.022619] ? __switch_to+0x47/0xf50 [ 16.022647] ? __schedule+0x10cc/0x2b60 [ 16.022683] ? __pfx_read_tsc+0x10/0x10 [ 16.022715] ? ktime_get_ts64+0x86/0x230 [ 16.022741] kunit_try_run_case+0x1a5/0x480 [ 16.022775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.022799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.022824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.022849] ? __kthread_parkme+0x82/0x180 [ 16.022879] ? preempt_count_sub+0x50/0x80 [ 16.022904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.022929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.022965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.022990] kthread+0x337/0x6f0 [ 16.023010] ? trace_preempt_on+0x20/0xc0 [ 16.023042] ? __pfx_kthread+0x10/0x10 [ 16.023063] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.023086] ? calculate_sigpending+0x7b/0xa0 [ 16.023121] ? __pfx_kthread+0x10/0x10 [ 16.023144] ret_from_fork+0x116/0x1d0 [ 16.023163] ? __pfx_kthread+0x10/0x10 [ 16.023185] ret_from_fork_asm+0x1a/0x30 [ 16.023218] </TASK> [ 16.023228] [ 16.032395] Allocated by task 303: [ 16.032986] kasan_save_stack+0x45/0x70 [ 16.033204] kasan_save_track+0x18/0x40 [ 16.033380] kasan_save_alloc_info+0x3b/0x50 [ 16.033927] __kasan_kmalloc+0xb7/0xc0 [ 16.034138] __kmalloc_noprof+0x1c9/0x500 [ 16.034329] kunit_kmalloc_array+0x25/0x60 [ 16.034529] copy_user_test_oob+0xab/0x10f0 [ 16.035045] kunit_try_run_case+0x1a5/0x480 [ 16.035445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.035859] kthread+0x337/0x6f0 [ 16.036027] ret_from_fork+0x116/0x1d0 [ 16.036204] ret_from_fork_asm+0x1a/0x30 [ 16.036387] [ 16.036488] The buggy address belongs to the object at ffff888102ae1400 [ 16.036488] which belongs to the cache kmalloc-128 of size 128 [ 16.037577] The buggy address is located 0 bytes inside of [ 16.037577] allocated 120-byte region [ffff888102ae1400, ffff888102ae1478) [ 16.038097] [ 16.038192] The buggy address belongs to the physical page: [ 16.038422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 16.039143] flags: 0x200000000000000(node=0|zone=2) [ 16.039616] page_type: f5(slab) [ 16.039994] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.040474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.041347] page dumped because: kasan: bad access detected [ 16.042016] [ 16.042271] Memory state around the buggy address: [ 16.042522] ffff888102ae1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.042819] ffff888102ae1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.043108] >ffff888102ae1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.043392] ^ [ 16.044086] ffff888102ae1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.044559] ffff888102ae1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.045152] ==================================================================
[ 16.523968] ================================================================== [ 16.524484] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.524955] Write of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.525268] [ 16.525381] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.525429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.525444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.525469] Call Trace: [ 16.525490] <TASK> [ 16.525509] dump_stack_lvl+0x73/0xb0 [ 16.525540] print_report+0xd1/0x610 [ 16.525564] ? __virt_addr_valid+0x1db/0x2d0 [ 16.525589] ? copy_user_test_oob+0x557/0x10f0 [ 16.525613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.525637] ? copy_user_test_oob+0x557/0x10f0 [ 16.525662] kasan_report+0x141/0x180 [ 16.525684] ? copy_user_test_oob+0x557/0x10f0 [ 16.525713] kasan_check_range+0x10c/0x1c0 [ 16.525738] __kasan_check_write+0x18/0x20 [ 16.525757] copy_user_test_oob+0x557/0x10f0 [ 16.525783] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.525806] ? finish_task_switch.isra.0+0x153/0x700 [ 16.525831] ? __switch_to+0x47/0xf50 [ 16.525857] ? __schedule+0x10cc/0x2b60 [ 16.525880] ? __pfx_read_tsc+0x10/0x10 [ 16.525902] ? ktime_get_ts64+0x86/0x230 [ 16.525927] kunit_try_run_case+0x1a5/0x480 [ 16.525952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.525977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.526002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.526038] ? __kthread_parkme+0x82/0x180 [ 16.526060] ? preempt_count_sub+0x50/0x80 [ 16.526084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.526109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.526135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.526161] kthread+0x337/0x6f0 [ 16.526182] ? trace_preempt_on+0x20/0xc0 [ 16.526207] ? __pfx_kthread+0x10/0x10 [ 16.526228] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.526251] ? calculate_sigpending+0x7b/0xa0 [ 16.526277] ? __pfx_kthread+0x10/0x10 [ 16.526300] ret_from_fork+0x116/0x1d0 [ 16.526318] ? __pfx_kthread+0x10/0x10 [ 16.526339] ret_from_fork_asm+0x1a/0x30 [ 16.526371] </TASK> [ 16.526383] [ 16.533557] Allocated by task 302: [ 16.533728] kasan_save_stack+0x45/0x70 [ 16.533949] kasan_save_track+0x18/0x40 [ 16.534141] kasan_save_alloc_info+0x3b/0x50 [ 16.534360] __kasan_kmalloc+0xb7/0xc0 [ 16.534592] __kmalloc_noprof+0x1c9/0x500 [ 16.534799] kunit_kmalloc_array+0x25/0x60 [ 16.534990] copy_user_test_oob+0xab/0x10f0 [ 16.535191] kunit_try_run_case+0x1a5/0x480 [ 16.535382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.535699] kthread+0x337/0x6f0 [ 16.535836] ret_from_fork+0x116/0x1d0 [ 16.536049] ret_from_fork_asm+0x1a/0x30 [ 16.536206] [ 16.536321] The buggy address belongs to the object at ffff8881029c5700 [ 16.536321] which belongs to the cache kmalloc-128 of size 128 [ 16.536787] The buggy address is located 0 bytes inside of [ 16.536787] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.537213] [ 16.537313] The buggy address belongs to the physical page: [ 16.537667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.538006] flags: 0x200000000000000(node=0|zone=2) [ 16.538243] page_type: f5(slab) [ 16.538410] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.538714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.538965] page dumped because: kasan: bad access detected [ 16.539249] [ 16.539349] Memory state around the buggy address: [ 16.539575] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.539905] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.540223] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.540571] ^ [ 16.540776] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.541095] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.541383] ================================================================== [ 16.506182] ================================================================== [ 16.506624] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.506872] Read of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.507392] [ 16.507513] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.507562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.507576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.507600] Call Trace: [ 16.507622] <TASK> [ 16.507644] dump_stack_lvl+0x73/0xb0 [ 16.507684] print_report+0xd1/0x610 [ 16.507709] ? __virt_addr_valid+0x1db/0x2d0 [ 16.507740] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.507765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.507789] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.507814] kasan_report+0x141/0x180 [ 16.507836] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.507865] kasan_check_range+0x10c/0x1c0 [ 16.507890] __kasan_check_read+0x15/0x20 [ 16.507910] copy_user_test_oob+0x4aa/0x10f0 [ 16.507936] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.507960] ? finish_task_switch.isra.0+0x153/0x700 [ 16.507984] ? __switch_to+0x47/0xf50 [ 16.508023] ? __schedule+0x10cc/0x2b60 [ 16.508046] ? __pfx_read_tsc+0x10/0x10 [ 16.508068] ? ktime_get_ts64+0x86/0x230 [ 16.508094] kunit_try_run_case+0x1a5/0x480 [ 16.508120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.508144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.508169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.508194] ? __kthread_parkme+0x82/0x180 [ 16.508218] ? preempt_count_sub+0x50/0x80 [ 16.508242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.508266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.508292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.508317] kthread+0x337/0x6f0 [ 16.508337] ? trace_preempt_on+0x20/0xc0 [ 16.508362] ? __pfx_kthread+0x10/0x10 [ 16.508383] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.508406] ? calculate_sigpending+0x7b/0xa0 [ 16.508443] ? __pfx_kthread+0x10/0x10 [ 16.508465] ret_from_fork+0x116/0x1d0 [ 16.508485] ? __pfx_kthread+0x10/0x10 [ 16.508505] ret_from_fork_asm+0x1a/0x30 [ 16.508537] </TASK> [ 16.508548] [ 16.515793] Allocated by task 302: [ 16.516075] kasan_save_stack+0x45/0x70 [ 16.516274] kasan_save_track+0x18/0x40 [ 16.516450] kasan_save_alloc_info+0x3b/0x50 [ 16.516615] __kasan_kmalloc+0xb7/0xc0 [ 16.516873] __kmalloc_noprof+0x1c9/0x500 [ 16.517086] kunit_kmalloc_array+0x25/0x60 [ 16.517300] copy_user_test_oob+0xab/0x10f0 [ 16.517507] kunit_try_run_case+0x1a5/0x480 [ 16.517710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.517890] kthread+0x337/0x6f0 [ 16.518021] ret_from_fork+0x116/0x1d0 [ 16.518210] ret_from_fork_asm+0x1a/0x30 [ 16.518415] [ 16.518577] The buggy address belongs to the object at ffff8881029c5700 [ 16.518577] which belongs to the cache kmalloc-128 of size 128 [ 16.519061] The buggy address is located 0 bytes inside of [ 16.519061] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.519558] [ 16.519657] The buggy address belongs to the physical page: [ 16.519874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.520158] flags: 0x200000000000000(node=0|zone=2) [ 16.520325] page_type: f5(slab) [ 16.520472] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.520807] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.521129] page dumped because: kasan: bad access detected [ 16.521308] [ 16.521401] Memory state around the buggy address: [ 16.521636] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.521957] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.522249] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.522588] ^ [ 16.522871] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.523164] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.523455] ================================================================== [ 16.487863] ================================================================== [ 16.488716] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.489060] Write of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.489362] [ 16.489482] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.489534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.489547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.489570] Call Trace: [ 16.489591] <TASK> [ 16.489613] dump_stack_lvl+0x73/0xb0 [ 16.489647] print_report+0xd1/0x610 [ 16.489671] ? __virt_addr_valid+0x1db/0x2d0 [ 16.489698] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.489723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.489747] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.489771] kasan_report+0x141/0x180 [ 16.489794] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.489822] kasan_check_range+0x10c/0x1c0 [ 16.489847] __kasan_check_write+0x18/0x20 [ 16.489867] copy_user_test_oob+0x3fd/0x10f0 [ 16.489894] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.489918] ? finish_task_switch.isra.0+0x153/0x700 [ 16.489941] ? __switch_to+0x47/0xf50 [ 16.489969] ? __schedule+0x10cc/0x2b60 [ 16.489992] ? __pfx_read_tsc+0x10/0x10 [ 16.490026] ? ktime_get_ts64+0x86/0x230 [ 16.490052] kunit_try_run_case+0x1a5/0x480 [ 16.490078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.490102] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.490128] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.490152] ? __kthread_parkme+0x82/0x180 [ 16.490175] ? preempt_count_sub+0x50/0x80 [ 16.490199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.490224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.490249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.490274] kthread+0x337/0x6f0 [ 16.490296] ? trace_preempt_on+0x20/0xc0 [ 16.490321] ? __pfx_kthread+0x10/0x10 [ 16.490344] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.490366] ? calculate_sigpending+0x7b/0xa0 [ 16.490392] ? __pfx_kthread+0x10/0x10 [ 16.490414] ret_from_fork+0x116/0x1d0 [ 16.490446] ? __pfx_kthread+0x10/0x10 [ 16.490469] ret_from_fork_asm+0x1a/0x30 [ 16.490501] </TASK> [ 16.490512] [ 16.497589] Allocated by task 302: [ 16.497779] kasan_save_stack+0x45/0x70 [ 16.497973] kasan_save_track+0x18/0x40 [ 16.498172] kasan_save_alloc_info+0x3b/0x50 [ 16.498331] __kasan_kmalloc+0xb7/0xc0 [ 16.498546] __kmalloc_noprof+0x1c9/0x500 [ 16.498748] kunit_kmalloc_array+0x25/0x60 [ 16.498927] copy_user_test_oob+0xab/0x10f0 [ 16.499087] kunit_try_run_case+0x1a5/0x480 [ 16.499299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.499632] kthread+0x337/0x6f0 [ 16.499797] ret_from_fork+0x116/0x1d0 [ 16.499975] ret_from_fork_asm+0x1a/0x30 [ 16.500156] [ 16.500256] The buggy address belongs to the object at ffff8881029c5700 [ 16.500256] which belongs to the cache kmalloc-128 of size 128 [ 16.500687] The buggy address is located 0 bytes inside of [ 16.500687] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.501171] [ 16.501269] The buggy address belongs to the physical page: [ 16.501544] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.501795] flags: 0x200000000000000(node=0|zone=2) [ 16.501963] page_type: f5(slab) [ 16.502098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.502329] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.502627] page dumped because: kasan: bad access detected [ 16.502873] [ 16.502965] Memory state around the buggy address: [ 16.503195] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.503518] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.503902] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.504126] ^ [ 16.504342] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.504558] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.505262] ================================================================== [ 16.542119] ================================================================== [ 16.542475] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.542966] Read of size 121 at addr ffff8881029c5700 by task kunit_try_catch/302 [ 16.543368] [ 16.543487] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.543538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.543551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.543574] Call Trace: [ 16.543595] <TASK> [ 16.543616] dump_stack_lvl+0x73/0xb0 [ 16.543647] print_report+0xd1/0x610 [ 16.543672] ? __virt_addr_valid+0x1db/0x2d0 [ 16.543696] ? copy_user_test_oob+0x604/0x10f0 [ 16.543720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.543744] ? copy_user_test_oob+0x604/0x10f0 [ 16.543790] kasan_report+0x141/0x180 [ 16.543813] ? copy_user_test_oob+0x604/0x10f0 [ 16.543841] kasan_check_range+0x10c/0x1c0 [ 16.543866] __kasan_check_read+0x15/0x20 [ 16.543907] copy_user_test_oob+0x604/0x10f0 [ 16.543936] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.543961] ? finish_task_switch.isra.0+0x153/0x700 [ 16.543985] ? __switch_to+0x47/0xf50 [ 16.544022] ? __schedule+0x10cc/0x2b60 [ 16.544046] ? __pfx_read_tsc+0x10/0x10 [ 16.544084] ? ktime_get_ts64+0x86/0x230 [ 16.544110] kunit_try_run_case+0x1a5/0x480 [ 16.544150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.544186] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.544225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.544264] ? __kthread_parkme+0x82/0x180 [ 16.544300] ? preempt_count_sub+0x50/0x80 [ 16.544325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.544376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.544414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.544440] kthread+0x337/0x6f0 [ 16.544472] ? trace_preempt_on+0x20/0xc0 [ 16.544510] ? __pfx_kthread+0x10/0x10 [ 16.544544] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.544580] ? calculate_sigpending+0x7b/0xa0 [ 16.544619] ? __pfx_kthread+0x10/0x10 [ 16.544655] ret_from_fork+0x116/0x1d0 [ 16.544688] ? __pfx_kthread+0x10/0x10 [ 16.544721] ret_from_fork_asm+0x1a/0x30 [ 16.544767] </TASK> [ 16.544790] [ 16.552734] Allocated by task 302: [ 16.552928] kasan_save_stack+0x45/0x70 [ 16.553104] kasan_save_track+0x18/0x40 [ 16.553240] kasan_save_alloc_info+0x3b/0x50 [ 16.553386] __kasan_kmalloc+0xb7/0xc0 [ 16.553571] __kmalloc_noprof+0x1c9/0x500 [ 16.553788] kunit_kmalloc_array+0x25/0x60 [ 16.554001] copy_user_test_oob+0xab/0x10f0 [ 16.554224] kunit_try_run_case+0x1a5/0x480 [ 16.554424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.554670] kthread+0x337/0x6f0 [ 16.554834] ret_from_fork+0x116/0x1d0 [ 16.555024] ret_from_fork_asm+0x1a/0x30 [ 16.555216] [ 16.555384] The buggy address belongs to the object at ffff8881029c5700 [ 16.555384] which belongs to the cache kmalloc-128 of size 128 [ 16.555835] The buggy address is located 0 bytes inside of [ 16.555835] allocated 120-byte region [ffff8881029c5700, ffff8881029c5778) [ 16.556190] [ 16.556264] The buggy address belongs to the physical page: [ 16.556549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c5 [ 16.556930] flags: 0x200000000000000(node=0|zone=2) [ 16.557183] page_type: f5(slab) [ 16.557357] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.557733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.558109] page dumped because: kasan: bad access detected [ 16.558319] [ 16.558432] Memory state around the buggy address: [ 16.558667] ffff8881029c5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.559005] ffff8881029c5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.559337] >ffff8881029c5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.559979] ^ [ 16.560294] ffff8881029c5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.560852] ffff8881029c5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.561112] ==================================================================
[ 16.199456] ================================================================== [ 16.199820] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.200126] Write of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.200435] [ 16.200548] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.200594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.200606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.200629] Call Trace: [ 16.200643] <TASK> [ 16.200659] dump_stack_lvl+0x73/0xb0 [ 16.200689] print_report+0xd1/0x610 [ 16.200712] ? __virt_addr_valid+0x1db/0x2d0 [ 16.200736] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.200760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.200785] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.200809] kasan_report+0x141/0x180 [ 16.200832] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.200862] kasan_check_range+0x10c/0x1c0 [ 16.200886] __kasan_check_write+0x18/0x20 [ 16.200920] copy_user_test_oob+0x3fd/0x10f0 [ 16.200946] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.200970] ? finish_task_switch.isra.0+0x153/0x700 [ 16.201004] ? __switch_to+0x47/0xf50 [ 16.201032] ? __schedule+0x10cc/0x2b60 [ 16.201056] ? __pfx_read_tsc+0x10/0x10 [ 16.201077] ? ktime_get_ts64+0x86/0x230 [ 16.201102] kunit_try_run_case+0x1a5/0x480 [ 16.201128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.201151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.201176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.201202] ? __kthread_parkme+0x82/0x180 [ 16.201224] ? preempt_count_sub+0x50/0x80 [ 16.201248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.201273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.201300] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.201325] kthread+0x337/0x6f0 [ 16.201345] ? trace_preempt_on+0x20/0xc0 [ 16.201369] ? __pfx_kthread+0x10/0x10 [ 16.201390] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.201412] ? calculate_sigpending+0x7b/0xa0 [ 16.201438] ? __pfx_kthread+0x10/0x10 [ 16.201459] ret_from_fork+0x116/0x1d0 [ 16.201479] ? __pfx_kthread+0x10/0x10 [ 16.201499] ret_from_fork_asm+0x1a/0x30 [ 16.201533] </TASK> [ 16.201544] [ 16.208516] Allocated by task 302: [ 16.208676] kasan_save_stack+0x45/0x70 [ 16.208852] kasan_save_track+0x18/0x40 [ 16.209073] kasan_save_alloc_info+0x3b/0x50 [ 16.209226] __kasan_kmalloc+0xb7/0xc0 [ 16.209359] __kmalloc_noprof+0x1c9/0x500 [ 16.209561] kunit_kmalloc_array+0x25/0x60 [ 16.209778] copy_user_test_oob+0xab/0x10f0 [ 16.210011] kunit_try_run_case+0x1a5/0x480 [ 16.210222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.210451] kthread+0x337/0x6f0 [ 16.210613] ret_from_fork+0x116/0x1d0 [ 16.210804] ret_from_fork_asm+0x1a/0x30 [ 16.210986] [ 16.211081] The buggy address belongs to the object at ffff8881029b2200 [ 16.211081] which belongs to the cache kmalloc-128 of size 128 [ 16.211553] The buggy address is located 0 bytes inside of [ 16.211553] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.212049] [ 16.212126] The buggy address belongs to the physical page: [ 16.212373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.212656] flags: 0x200000000000000(node=0|zone=2) [ 16.212824] page_type: f5(slab) [ 16.212959] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.213321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.213659] page dumped because: kasan: bad access detected [ 16.213878] [ 16.213959] Memory state around the buggy address: [ 16.214353] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.214642] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.214931] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.215238] ^ [ 16.215470] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.215740] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.216112] ================================================================== [ 16.257689] ================================================================== [ 16.257965] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.258254] Read of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.258544] [ 16.258681] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.258727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.258739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.258766] Call Trace: [ 16.258782] <TASK> [ 16.258800] dump_stack_lvl+0x73/0xb0 [ 16.258829] print_report+0xd1/0x610 [ 16.258852] ? __virt_addr_valid+0x1db/0x2d0 [ 16.258876] ? copy_user_test_oob+0x604/0x10f0 [ 16.258911] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.258935] ? copy_user_test_oob+0x604/0x10f0 [ 16.258960] kasan_report+0x141/0x180 [ 16.258983] ? copy_user_test_oob+0x604/0x10f0 [ 16.259012] kasan_check_range+0x10c/0x1c0 [ 16.259037] __kasan_check_read+0x15/0x20 [ 16.259057] copy_user_test_oob+0x604/0x10f0 [ 16.259084] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.259107] ? finish_task_switch.isra.0+0x153/0x700 [ 16.259131] ? __switch_to+0x47/0xf50 [ 16.259171] ? __schedule+0x10cc/0x2b60 [ 16.259194] ? __pfx_read_tsc+0x10/0x10 [ 16.259216] ? ktime_get_ts64+0x86/0x230 [ 16.259241] kunit_try_run_case+0x1a5/0x480 [ 16.259266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.259289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.259314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.259338] ? __kthread_parkme+0x82/0x180 [ 16.259361] ? preempt_count_sub+0x50/0x80 [ 16.259385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.259410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.259435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.259460] kthread+0x337/0x6f0 [ 16.259479] ? trace_preempt_on+0x20/0xc0 [ 16.259504] ? __pfx_kthread+0x10/0x10 [ 16.259525] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.259547] ? calculate_sigpending+0x7b/0xa0 [ 16.259573] ? __pfx_kthread+0x10/0x10 [ 16.259594] ret_from_fork+0x116/0x1d0 [ 16.259614] ? __pfx_kthread+0x10/0x10 [ 16.259635] ret_from_fork_asm+0x1a/0x30 [ 16.259667] </TASK> [ 16.259679] [ 16.266678] Allocated by task 302: [ 16.266874] kasan_save_stack+0x45/0x70 [ 16.267110] kasan_save_track+0x18/0x40 [ 16.267314] kasan_save_alloc_info+0x3b/0x50 [ 16.267494] __kasan_kmalloc+0xb7/0xc0 [ 16.267628] __kmalloc_noprof+0x1c9/0x500 [ 16.267827] kunit_kmalloc_array+0x25/0x60 [ 16.268112] copy_user_test_oob+0xab/0x10f0 [ 16.268326] kunit_try_run_case+0x1a5/0x480 [ 16.268533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.268788] kthread+0x337/0x6f0 [ 16.268953] ret_from_fork+0x116/0x1d0 [ 16.269157] ret_from_fork_asm+0x1a/0x30 [ 16.269313] [ 16.269385] The buggy address belongs to the object at ffff8881029b2200 [ 16.269385] which belongs to the cache kmalloc-128 of size 128 [ 16.269883] The buggy address is located 0 bytes inside of [ 16.269883] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.270386] [ 16.270460] The buggy address belongs to the physical page: [ 16.270635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.270883] flags: 0x200000000000000(node=0|zone=2) [ 16.271125] page_type: f5(slab) [ 16.271293] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.271632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.272069] page dumped because: kasan: bad access detected [ 16.272320] [ 16.272413] Memory state around the buggy address: [ 16.272600] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.272820] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.273049] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.273527] ^ [ 16.274052] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.274354] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.274569] ================================================================== [ 16.216631] ================================================================== [ 16.216959] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.217231] Read of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.217550] [ 16.217660] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.217703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.217715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.217738] Call Trace: [ 16.217752] <TASK> [ 16.217769] dump_stack_lvl+0x73/0xb0 [ 16.217797] print_report+0xd1/0x610 [ 16.217820] ? __virt_addr_valid+0x1db/0x2d0 [ 16.217844] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.217868] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.217901] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.217927] kasan_report+0x141/0x180 [ 16.217949] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.217979] kasan_check_range+0x10c/0x1c0 [ 16.218004] __kasan_check_read+0x15/0x20 [ 16.218033] copy_user_test_oob+0x4aa/0x10f0 [ 16.218060] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.218084] ? finish_task_switch.isra.0+0x153/0x700 [ 16.218107] ? __switch_to+0x47/0xf50 [ 16.218134] ? __schedule+0x10cc/0x2b60 [ 16.218158] ? __pfx_read_tsc+0x10/0x10 [ 16.218180] ? ktime_get_ts64+0x86/0x230 [ 16.218205] kunit_try_run_case+0x1a5/0x480 [ 16.218230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.218254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.218278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.218303] ? __kthread_parkme+0x82/0x180 [ 16.218325] ? preempt_count_sub+0x50/0x80 [ 16.218349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.218374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.218399] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.218424] kthread+0x337/0x6f0 [ 16.218444] ? trace_preempt_on+0x20/0xc0 [ 16.218469] ? __pfx_kthread+0x10/0x10 [ 16.218490] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.218512] ? calculate_sigpending+0x7b/0xa0 [ 16.218538] ? __pfx_kthread+0x10/0x10 [ 16.218560] ret_from_fork+0x116/0x1d0 [ 16.218579] ? __pfx_kthread+0x10/0x10 [ 16.218600] ret_from_fork_asm+0x1a/0x30 [ 16.218633] </TASK> [ 16.218643] [ 16.225615] Allocated by task 302: [ 16.225751] kasan_save_stack+0x45/0x70 [ 16.225906] kasan_save_track+0x18/0x40 [ 16.226104] kasan_save_alloc_info+0x3b/0x50 [ 16.226318] __kasan_kmalloc+0xb7/0xc0 [ 16.226505] __kmalloc_noprof+0x1c9/0x500 [ 16.226703] kunit_kmalloc_array+0x25/0x60 [ 16.226919] copy_user_test_oob+0xab/0x10f0 [ 16.227295] kunit_try_run_case+0x1a5/0x480 [ 16.227506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.227720] kthread+0x337/0x6f0 [ 16.227846] ret_from_fork+0x116/0x1d0 [ 16.227992] ret_from_fork_asm+0x1a/0x30 [ 16.228134] [ 16.228207] The buggy address belongs to the object at ffff8881029b2200 [ 16.228207] which belongs to the cache kmalloc-128 of size 128 [ 16.228864] The buggy address is located 0 bytes inside of [ 16.228864] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.229991] [ 16.230076] The buggy address belongs to the physical page: [ 16.230307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.230549] flags: 0x200000000000000(node=0|zone=2) [ 16.230714] page_type: f5(slab) [ 16.230841] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.231086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.231314] page dumped because: kasan: bad access detected [ 16.231488] [ 16.231558] Memory state around the buggy address: [ 16.231718] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.231981] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.232312] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.232626] ^ [ 16.232952] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.233277] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.233596] ================================================================== [ 16.234126] ================================================================== [ 16.234473] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.235137] Write of size 121 at addr ffff8881029b2200 by task kunit_try_catch/302 [ 16.235485] [ 16.235599] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 16.235644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.235656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.235677] Call Trace: [ 16.235694] <TASK> [ 16.235712] dump_stack_lvl+0x73/0xb0 [ 16.235740] print_report+0xd1/0x610 [ 16.235764] ? __virt_addr_valid+0x1db/0x2d0 [ 16.235788] ? copy_user_test_oob+0x557/0x10f0 [ 16.235812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.235836] ? copy_user_test_oob+0x557/0x10f0 [ 16.235861] kasan_report+0x141/0x180 [ 16.235884] ? copy_user_test_oob+0x557/0x10f0 [ 16.235926] kasan_check_range+0x10c/0x1c0 [ 16.235951] __kasan_check_write+0x18/0x20 [ 16.235971] copy_user_test_oob+0x557/0x10f0 [ 16.236009] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.236033] ? finish_task_switch.isra.0+0x153/0x700 [ 16.236056] ? __switch_to+0x47/0xf50 [ 16.236084] ? __schedule+0x10cc/0x2b60 [ 16.236107] ? __pfx_read_tsc+0x10/0x10 [ 16.236129] ? ktime_get_ts64+0x86/0x230 [ 16.236154] kunit_try_run_case+0x1a5/0x480 [ 16.236179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.236203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.236228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.236253] ? __kthread_parkme+0x82/0x180 [ 16.236274] ? preempt_count_sub+0x50/0x80 [ 16.236298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.236323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.236348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.236373] kthread+0x337/0x6f0 [ 16.236392] ? trace_preempt_on+0x20/0xc0 [ 16.236417] ? __pfx_kthread+0x10/0x10 [ 16.236438] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.236460] ? calculate_sigpending+0x7b/0xa0 [ 16.236486] ? __pfx_kthread+0x10/0x10 [ 16.236507] ret_from_fork+0x116/0x1d0 [ 16.236527] ? __pfx_kthread+0x10/0x10 [ 16.236548] ret_from_fork_asm+0x1a/0x30 [ 16.236581] </TASK> [ 16.236592] [ 16.243915] Allocated by task 302: [ 16.244193] kasan_save_stack+0x45/0x70 [ 16.244338] kasan_save_track+0x18/0x40 [ 16.244476] kasan_save_alloc_info+0x3b/0x50 [ 16.244627] __kasan_kmalloc+0xb7/0xc0 [ 16.244760] __kmalloc_noprof+0x1c9/0x500 [ 16.244913] kunit_kmalloc_array+0x25/0x60 [ 16.245238] copy_user_test_oob+0xab/0x10f0 [ 16.245447] kunit_try_run_case+0x1a5/0x480 [ 16.245655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.245921] kthread+0x337/0x6f0 [ 16.246239] ret_from_fork+0x116/0x1d0 [ 16.246427] ret_from_fork_asm+0x1a/0x30 [ 16.246628] [ 16.246723] The buggy address belongs to the object at ffff8881029b2200 [ 16.246723] which belongs to the cache kmalloc-128 of size 128 [ 16.247238] The buggy address is located 0 bytes inside of [ 16.247238] allocated 120-byte region [ffff8881029b2200, ffff8881029b2278) [ 16.247626] [ 16.247698] The buggy address belongs to the physical page: [ 16.247872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b2 [ 16.250293] flags: 0x200000000000000(node=0|zone=2) [ 16.250723] page_type: f5(slab) [ 16.251065] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.251717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.252486] page dumped because: kasan: bad access detected [ 16.252665] [ 16.252737] Memory state around the buggy address: [ 16.252906] ffff8881029b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.253480] ffff8881029b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.254122] >ffff8881029b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.254726] ^ [ 16.255466] ffff8881029b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.256140] ffff8881029b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.256772] ==================================================================