Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 64.917628] ================================================================== [ 64.924535] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 64.931559] Read of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 64.939024] [ 64.940510] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 64.940571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.940590] Hardware name: WinLink E850-96 board (DT) [ 64.940612] Call trace: [ 64.940626] show_stack+0x20/0x38 (C) [ 64.940665] dump_stack_lvl+0x8c/0xd0 [ 64.940703] print_report+0x118/0x608 [ 64.940739] kasan_report+0xdc/0x128 [ 64.940775] kasan_check_range+0x100/0x1a8 [ 64.940813] __kasan_check_read+0x20/0x30 [ 64.940843] copy_user_test_oob+0x728/0xec8 [ 64.940877] kunit_try_run_case+0x170/0x3f0 [ 64.940913] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.940954] kthread+0x328/0x630 [ 64.940986] ret_from_fork+0x10/0x20 [ 64.941024] [ 65.006646] Allocated by task 332: [ 65.010031] kasan_save_stack+0x3c/0x68 [ 65.013849] kasan_save_track+0x20/0x40 [ 65.017668] kasan_save_alloc_info+0x40/0x58 [ 65.021922] __kasan_kmalloc+0xd4/0xd8 [ 65.025656] __kmalloc_noprof+0x198/0x4c8 [ 65.029648] kunit_kmalloc_array+0x34/0x88 [ 65.033727] copy_user_test_oob+0xac/0xec8 [ 65.037807] kunit_try_run_case+0x170/0x3f0 [ 65.041974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.047442] kthread+0x328/0x630 [ 65.050654] ret_from_fork+0x10/0x20 [ 65.054213] [ 65.055690] The buggy address belongs to the object at ffff000800db1a00 [ 65.055690] which belongs to the cache kmalloc-128 of size 128 [ 65.068190] The buggy address is located 0 bytes inside of [ 65.068190] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 65.080602] [ 65.082080] The buggy address belongs to the physical page: [ 65.087638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 65.095622] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.103260] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.110202] page_type: f5(slab) [ 65.113338] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.121061] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.128786] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.136597] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.144410] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 65.152222] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.160027] page dumped because: kasan: bad access detected [ 65.165583] [ 65.167058] Memory state around the buggy address: [ 65.171839] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.179042] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.186247] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.193447] ^ [ 65.200569] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.207774] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.214974] ================================================================== [ 65.527348] ================================================================== [ 65.534418] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 65.541445] Read of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 65.548911] [ 65.550396] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 65.550452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.550472] Hardware name: WinLink E850-96 board (DT) [ 65.550493] Call trace: [ 65.550508] show_stack+0x20/0x38 (C) [ 65.550542] dump_stack_lvl+0x8c/0xd0 [ 65.550581] print_report+0x118/0x608 [ 65.550616] kasan_report+0xdc/0x128 [ 65.550652] kasan_check_range+0x100/0x1a8 [ 65.550688] __kasan_check_read+0x20/0x30 [ 65.550717] copy_user_test_oob+0x3c8/0xec8 [ 65.550750] kunit_try_run_case+0x170/0x3f0 [ 65.550785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.550824] kthread+0x328/0x630 [ 65.550854] ret_from_fork+0x10/0x20 [ 65.550890] [ 65.616531] Allocated by task 332: [ 65.619916] kasan_save_stack+0x3c/0x68 [ 65.623736] kasan_save_track+0x20/0x40 [ 65.627555] kasan_save_alloc_info+0x40/0x58 [ 65.631809] __kasan_kmalloc+0xd4/0xd8 [ 65.635542] __kmalloc_noprof+0x198/0x4c8 [ 65.639536] kunit_kmalloc_array+0x34/0x88 [ 65.643614] copy_user_test_oob+0xac/0xec8 [ 65.647694] kunit_try_run_case+0x170/0x3f0 [ 65.651860] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.657329] kthread+0x328/0x630 [ 65.660541] ret_from_fork+0x10/0x20 [ 65.664100] [ 65.665577] The buggy address belongs to the object at ffff000800db1a00 [ 65.665577] which belongs to the cache kmalloc-128 of size 128 [ 65.678077] The buggy address is located 0 bytes inside of [ 65.678077] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 65.690488] [ 65.691965] The buggy address belongs to the physical page: [ 65.697523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 65.705507] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.713145] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.720090] page_type: f5(slab) [ 65.723226] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.730946] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.738673] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.746484] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.754297] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 65.762109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.769914] page dumped because: kasan: bad access detected [ 65.775469] [ 65.776946] Memory state around the buggy address: [ 65.781727] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.788928] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.796135] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.803334] ^ [ 65.810456] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.817660] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.824861] ================================================================== [ 65.832180] ================================================================== [ 65.839274] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 65.846302] Write of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 65.853854] [ 65.855339] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 65.855391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.855407] Hardware name: WinLink E850-96 board (DT) [ 65.855431] Call trace: [ 65.855447] show_stack+0x20/0x38 (C) [ 65.855483] dump_stack_lvl+0x8c/0xd0 [ 65.855517] print_report+0x118/0x608 [ 65.855554] kasan_report+0xdc/0x128 [ 65.855588] kasan_check_range+0x100/0x1a8 [ 65.855625] __kasan_check_write+0x20/0x30 [ 65.855654] copy_user_test_oob+0x434/0xec8 [ 65.855689] kunit_try_run_case+0x170/0x3f0 [ 65.855727] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.855764] kthread+0x328/0x630 [ 65.855791] ret_from_fork+0x10/0x20 [ 65.855828] [ 65.921561] Allocated by task 332: [ 65.924946] kasan_save_stack+0x3c/0x68 [ 65.928766] kasan_save_track+0x20/0x40 [ 65.932585] kasan_save_alloc_info+0x40/0x58 [ 65.936840] __kasan_kmalloc+0xd4/0xd8 [ 65.940573] __kmalloc_noprof+0x198/0x4c8 [ 65.944564] kunit_kmalloc_array+0x34/0x88 [ 65.948644] copy_user_test_oob+0xac/0xec8 [ 65.952724] kunit_try_run_case+0x170/0x3f0 [ 65.956891] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.962359] kthread+0x328/0x630 [ 65.965571] ret_from_fork+0x10/0x20 [ 65.969130] [ 65.970605] The buggy address belongs to the object at ffff000800db1a00 [ 65.970605] which belongs to the cache kmalloc-128 of size 128 [ 65.983107] The buggy address is located 0 bytes inside of [ 65.983107] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 65.995518] [ 65.996996] The buggy address belongs to the physical page: [ 66.002553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 66.010536] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.018175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.025119] page_type: f5(slab) [ 66.028256] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.035976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.043702] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.051514] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.059327] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 66.067139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.074944] page dumped because: kasan: bad access detected [ 66.080499] [ 66.081977] Memory state around the buggy address: [ 66.086758] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.093958] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.101164] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.108364] ^ [ 66.115486] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.122691] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.129891] ================================================================== [ 66.137286] ================================================================== [ 66.144306] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 66.151333] Read of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 66.158797] [ 66.160279] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 66.160333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 66.160353] Hardware name: WinLink E850-96 board (DT) [ 66.160374] Call trace: [ 66.160390] show_stack+0x20/0x38 (C) [ 66.160426] dump_stack_lvl+0x8c/0xd0 [ 66.160463] print_report+0x118/0x608 [ 66.160497] kasan_report+0xdc/0x128 [ 66.160532] kasan_check_range+0x100/0x1a8 [ 66.160567] __kasan_check_read+0x20/0x30 [ 66.160597] copy_user_test_oob+0x4a0/0xec8 [ 66.160632] kunit_try_run_case+0x170/0x3f0 [ 66.160666] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.160703] kthread+0x328/0x630 [ 66.160732] ret_from_fork+0x10/0x20 [ 66.160767] [ 66.226418] Allocated by task 332: [ 66.229804] kasan_save_stack+0x3c/0x68 [ 66.233622] kasan_save_track+0x20/0x40 [ 66.237442] kasan_save_alloc_info+0x40/0x58 [ 66.241695] __kasan_kmalloc+0xd4/0xd8 [ 66.245428] __kmalloc_noprof+0x198/0x4c8 [ 66.249421] kunit_kmalloc_array+0x34/0x88 [ 66.253501] copy_user_test_oob+0xac/0xec8 [ 66.257581] kunit_try_run_case+0x170/0x3f0 [ 66.261747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 66.267216] kthread+0x328/0x630 [ 66.270428] ret_from_fork+0x10/0x20 [ 66.273987] [ 66.275461] The buggy address belongs to the object at ffff000800db1a00 [ 66.275461] which belongs to the cache kmalloc-128 of size 128 [ 66.287962] The buggy address is located 0 bytes inside of [ 66.287962] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 66.300375] [ 66.301852] The buggy address belongs to the physical page: [ 66.307409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 66.315392] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.323033] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 66.329975] page_type: f5(slab) [ 66.333112] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.340833] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.348559] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 66.356370] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 66.364183] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 66.371995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 66.379801] page dumped because: kasan: bad access detected [ 66.385356] [ 66.386832] Memory state around the buggy address: [ 66.391612] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.398815] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.406020] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.413220] ^ [ 66.420342] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.427547] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.434748] ================================================================== [ 64.607043] ================================================================== [ 64.619503] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 64.626531] Write of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 64.634080] [ 64.635568] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 64.635622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 64.635641] Hardware name: WinLink E850-96 board (DT) [ 64.635662] Call trace: [ 64.635679] show_stack+0x20/0x38 (C) [ 64.635721] dump_stack_lvl+0x8c/0xd0 [ 64.635761] print_report+0x118/0x608 [ 64.635800] kasan_report+0xdc/0x128 [ 64.635836] kasan_check_range+0x100/0x1a8 [ 64.635874] __kasan_check_write+0x20/0x30 [ 64.635904] copy_user_test_oob+0x234/0xec8 [ 64.635939] kunit_try_run_case+0x170/0x3f0 [ 64.635979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.636017] kthread+0x328/0x630 [ 64.636047] ret_from_fork+0x10/0x20 [ 64.636083] [ 64.701790] Allocated by task 332: [ 64.705176] kasan_save_stack+0x3c/0x68 [ 64.708992] kasan_save_track+0x20/0x40 [ 64.712812] kasan_save_alloc_info+0x40/0x58 [ 64.717065] __kasan_kmalloc+0xd4/0xd8 [ 64.720799] __kmalloc_noprof+0x198/0x4c8 [ 64.724791] kunit_kmalloc_array+0x34/0x88 [ 64.728871] copy_user_test_oob+0xac/0xec8 [ 64.732952] kunit_try_run_case+0x170/0x3f0 [ 64.737117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 64.742586] kthread+0x328/0x630 [ 64.745798] ret_from_fork+0x10/0x20 [ 64.749356] [ 64.750833] The buggy address belongs to the object at ffff000800db1a00 [ 64.750833] which belongs to the cache kmalloc-128 of size 128 [ 64.763334] The buggy address is located 0 bytes inside of [ 64.763334] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 64.775745] [ 64.777225] The buggy address belongs to the physical page: [ 64.782781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 64.790764] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.798403] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 64.805348] page_type: f5(slab) [ 64.808484] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.816203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.823931] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 64.831741] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 64.839554] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 64.847365] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 64.855171] page dumped because: kasan: bad access detected [ 64.860726] [ 64.862202] Memory state around the buggy address: [ 64.866983] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.874185] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.881391] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.888590] ^ [ 64.895712] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.902917] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.910121] ================================================================== [ 65.222469] ================================================================== [ 65.229394] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 65.236416] Write of size 121 at addr ffff000800db1a00 by task kunit_try_catch/332 [ 65.243967] [ 65.245454] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 65.245518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 65.245538] Hardware name: WinLink E850-96 board (DT) [ 65.245562] Call trace: [ 65.245577] show_stack+0x20/0x38 (C) [ 65.245613] dump_stack_lvl+0x8c/0xd0 [ 65.245650] print_report+0x118/0x608 [ 65.245687] kasan_report+0xdc/0x128 [ 65.245725] kasan_check_range+0x100/0x1a8 [ 65.245764] __kasan_check_write+0x20/0x30 [ 65.245797] copy_user_test_oob+0x35c/0xec8 [ 65.245831] kunit_try_run_case+0x170/0x3f0 [ 65.245867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.245908] kthread+0x328/0x630 [ 65.245937] ret_from_fork+0x10/0x20 [ 65.245974] [ 65.311676] Allocated by task 332: [ 65.315061] kasan_save_stack+0x3c/0x68 [ 65.318879] kasan_save_track+0x20/0x40 [ 65.322698] kasan_save_alloc_info+0x40/0x58 [ 65.326952] __kasan_kmalloc+0xd4/0xd8 [ 65.330686] __kmalloc_noprof+0x198/0x4c8 [ 65.334678] kunit_kmalloc_array+0x34/0x88 [ 65.338757] copy_user_test_oob+0xac/0xec8 [ 65.342837] kunit_try_run_case+0x170/0x3f0 [ 65.347004] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 65.352472] kthread+0x328/0x630 [ 65.355684] ret_from_fork+0x10/0x20 [ 65.359243] [ 65.360720] The buggy address belongs to the object at ffff000800db1a00 [ 65.360720] which belongs to the cache kmalloc-128 of size 128 [ 65.373221] The buggy address is located 0 bytes inside of [ 65.373221] allocated 120-byte region [ffff000800db1a00, ffff000800db1a78) [ 65.385632] [ 65.387110] The buggy address belongs to the physical page: [ 65.392668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880db0 [ 65.400651] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.408288] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 65.415232] page_type: f5(slab) [ 65.418369] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.426090] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.433817] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 65.441627] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 65.449440] head: 0bfffe0000000001 fffffdffe0036c01 00000000ffffffff 00000000ffffffff [ 65.457252] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 65.465057] page dumped because: kasan: bad access detected [ 65.470613] [ 65.472088] Memory state around the buggy address: [ 65.476870] ffff000800db1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.484072] ffff000800db1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.491277] >ffff000800db1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 65.498477] ^ [ 65.505599] ffff000800db1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.512804] ffff000800db1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.520007] ==================================================================
[ 30.663568] ================================================================== [ 30.663805] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 30.664009] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.664154] [ 30.664266] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.664619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.664836] Hardware name: linux,dummy-virt (DT) [ 30.665067] Call trace: [ 30.665240] show_stack+0x20/0x38 (C) [ 30.665378] dump_stack_lvl+0x8c/0xd0 [ 30.665502] print_report+0x118/0x608 [ 30.665633] kasan_report+0xdc/0x128 [ 30.665960] kasan_check_range+0x100/0x1a8 [ 30.666116] __kasan_check_read+0x20/0x30 [ 30.666343] copy_user_test_oob+0x728/0xec8 [ 30.666488] kunit_try_run_case+0x170/0x3f0 [ 30.666784] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.667103] kthread+0x328/0x630 [ 30.667264] ret_from_fork+0x10/0x20 [ 30.667494] [ 30.667559] Allocated by task 285: [ 30.667642] kasan_save_stack+0x3c/0x68 [ 30.667762] kasan_save_track+0x20/0x40 [ 30.667874] kasan_save_alloc_info+0x40/0x58 [ 30.668092] __kasan_kmalloc+0xd4/0xd8 [ 30.668199] __kmalloc_noprof+0x198/0x4c8 [ 30.668330] kunit_kmalloc_array+0x34/0x88 [ 30.668523] copy_user_test_oob+0xac/0xec8 [ 30.668861] kunit_try_run_case+0x170/0x3f0 [ 30.669020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.669146] kthread+0x328/0x630 [ 30.669329] ret_from_fork+0x10/0x20 [ 30.669445] [ 30.669505] The buggy address belongs to the object at fff00000c6431d00 [ 30.669505] which belongs to the cache kmalloc-128 of size 128 [ 30.669841] The buggy address is located 0 bytes inside of [ 30.669841] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.670023] [ 30.670075] The buggy address belongs to the physical page: [ 30.670152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.671033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.671554] page_type: f5(slab) [ 30.671675] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.671795] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.671903] page dumped because: kasan: bad access detected [ 30.672790] [ 30.673086] Memory state around the buggy address: [ 30.673216] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.673663] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.674226] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.674333] ^ [ 30.674439] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675216] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.675583] ================================================================== [ 30.688039] ================================================================== [ 30.688164] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.688285] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.688410] [ 30.688489] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.688688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.688758] Hardware name: linux,dummy-virt (DT) [ 30.688837] Call trace: [ 30.688899] show_stack+0x20/0x38 (C) [ 30.689044] dump_stack_lvl+0x8c/0xd0 [ 30.689170] print_report+0x118/0x608 [ 30.689301] kasan_report+0xdc/0x128 [ 30.689627] kasan_check_range+0x100/0x1a8 [ 30.689862] __kasan_check_write+0x20/0x30 [ 30.690023] copy_user_test_oob+0x35c/0xec8 [ 30.690173] kunit_try_run_case+0x170/0x3f0 [ 30.690330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.690493] kthread+0x328/0x630 [ 30.690654] ret_from_fork+0x10/0x20 [ 30.690828] [ 30.690894] Allocated by task 285: [ 30.690995] kasan_save_stack+0x3c/0x68 [ 30.691181] kasan_save_track+0x20/0x40 [ 30.691388] kasan_save_alloc_info+0x40/0x58 [ 30.691566] __kasan_kmalloc+0xd4/0xd8 [ 30.691679] __kmalloc_noprof+0x198/0x4c8 [ 30.691780] kunit_kmalloc_array+0x34/0x88 [ 30.691879] copy_user_test_oob+0xac/0xec8 [ 30.692011] kunit_try_run_case+0x170/0x3f0 [ 30.692121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.692275] kthread+0x328/0x630 [ 30.692380] ret_from_fork+0x10/0x20 [ 30.692475] [ 30.692562] The buggy address belongs to the object at fff00000c6431d00 [ 30.692562] which belongs to the cache kmalloc-128 of size 128 [ 30.692704] The buggy address is located 0 bytes inside of [ 30.692704] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.692869] [ 30.692924] The buggy address belongs to the physical page: [ 30.693026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.693844] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.694093] page_type: f5(slab) [ 30.694686] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.695203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.695645] page dumped because: kasan: bad access detected [ 30.696063] [ 30.696127] Memory state around the buggy address: [ 30.696600] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.696857] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.697695] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.698176] ^ [ 30.698379] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698517] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.698687] ================================================================== [ 30.708082] ================================================================== [ 30.708187] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.708294] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.708413] [ 30.708481] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.708673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.708738] Hardware name: linux,dummy-virt (DT) [ 30.708816] Call trace: [ 30.708869] show_stack+0x20/0x38 (C) [ 30.709825] dump_stack_lvl+0x8c/0xd0 [ 30.709990] print_report+0x118/0x608 [ 30.710104] kasan_report+0xdc/0x128 [ 30.710217] kasan_check_range+0x100/0x1a8 [ 30.710336] __kasan_check_write+0x20/0x30 [ 30.710453] copy_user_test_oob+0x434/0xec8 [ 30.710574] kunit_try_run_case+0x170/0x3f0 [ 30.710694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.710822] kthread+0x328/0x630 [ 30.711031] ret_from_fork+0x10/0x20 [ 30.711214] [ 30.711271] Allocated by task 285: [ 30.711357] kasan_save_stack+0x3c/0x68 [ 30.713165] kasan_save_track+0x20/0x40 [ 30.713295] kasan_save_alloc_info+0x40/0x58 [ 30.713406] __kasan_kmalloc+0xd4/0xd8 [ 30.713503] __kmalloc_noprof+0x198/0x4c8 [ 30.713608] kunit_kmalloc_array+0x34/0x88 [ 30.713701] copy_user_test_oob+0xac/0xec8 [ 30.713806] kunit_try_run_case+0x170/0x3f0 [ 30.713908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.714061] kthread+0x328/0x630 [ 30.714170] ret_from_fork+0x10/0x20 [ 30.714271] [ 30.714323] The buggy address belongs to the object at fff00000c6431d00 [ 30.714323] which belongs to the cache kmalloc-128 of size 128 [ 30.714474] The buggy address is located 0 bytes inside of [ 30.714474] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.714636] [ 30.714685] The buggy address belongs to the physical page: [ 30.714763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.714907] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.717829] page_type: f5(slab) [ 30.717928] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.718073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.718178] page dumped because: kasan: bad access detected [ 30.718263] [ 30.718450] Memory state around the buggy address: [ 30.720752] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.720873] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.722254] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.722953] ^ [ 30.723279] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.724062] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.724711] ================================================================== [ 30.700455] ================================================================== [ 30.700565] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.700677] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.700796] [ 30.700863] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.701607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.701689] Hardware name: linux,dummy-virt (DT) [ 30.701775] Call trace: [ 30.701834] show_stack+0x20/0x38 (C) [ 30.701981] dump_stack_lvl+0x8c/0xd0 [ 30.702101] print_report+0x118/0x608 [ 30.702220] kasan_report+0xdc/0x128 [ 30.702347] kasan_check_range+0x100/0x1a8 [ 30.702475] __kasan_check_read+0x20/0x30 [ 30.702763] copy_user_test_oob+0x3c8/0xec8 [ 30.702925] kunit_try_run_case+0x170/0x3f0 [ 30.703318] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.703472] kthread+0x328/0x630 [ 30.703589] ret_from_fork+0x10/0x20 [ 30.703716] [ 30.703770] Allocated by task 285: [ 30.703854] kasan_save_stack+0x3c/0x68 [ 30.703987] kasan_save_track+0x20/0x40 [ 30.704104] kasan_save_alloc_info+0x40/0x58 [ 30.704221] __kasan_kmalloc+0xd4/0xd8 [ 30.704325] __kmalloc_noprof+0x198/0x4c8 [ 30.704437] kunit_kmalloc_array+0x34/0x88 [ 30.704537] copy_user_test_oob+0xac/0xec8 [ 30.704633] kunit_try_run_case+0x170/0x3f0 [ 30.704729] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.704839] kthread+0x328/0x630 [ 30.704929] ret_from_fork+0x10/0x20 [ 30.705054] [ 30.705138] The buggy address belongs to the object at fff00000c6431d00 [ 30.705138] which belongs to the cache kmalloc-128 of size 128 [ 30.705296] The buggy address is located 0 bytes inside of [ 30.705296] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.705497] [ 30.705559] The buggy address belongs to the physical page: [ 30.705637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.705769] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.705902] page_type: f5(slab) [ 30.706018] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.706149] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.706250] page dumped because: kasan: bad access detected [ 30.706336] [ 30.706388] Memory state around the buggy address: [ 30.706474] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.706590] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.706698] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.706801] ^ [ 30.707232] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707373] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.707486] ================================================================== [ 30.726419] ================================================================== [ 30.727717] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.727870] Read of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.728036] [ 30.728370] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.729753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.730002] Hardware name: linux,dummy-virt (DT) [ 30.730105] Call trace: [ 30.730254] show_stack+0x20/0x38 (C) [ 30.730404] dump_stack_lvl+0x8c/0xd0 [ 30.730589] print_report+0x118/0x608 [ 30.730709] kasan_report+0xdc/0x128 [ 30.730830] kasan_check_range+0x100/0x1a8 [ 30.730980] __kasan_check_read+0x20/0x30 [ 30.731263] copy_user_test_oob+0x4a0/0xec8 [ 30.731651] kunit_try_run_case+0x170/0x3f0 [ 30.731871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.732035] kthread+0x328/0x630 [ 30.732158] ret_from_fork+0x10/0x20 [ 30.732422] [ 30.732788] Allocated by task 285: [ 30.732887] kasan_save_stack+0x3c/0x68 [ 30.733530] kasan_save_track+0x20/0x40 [ 30.733846] kasan_save_alloc_info+0x40/0x58 [ 30.733999] __kasan_kmalloc+0xd4/0xd8 [ 30.734434] __kmalloc_noprof+0x198/0x4c8 [ 30.734553] kunit_kmalloc_array+0x34/0x88 [ 30.734652] copy_user_test_oob+0xac/0xec8 [ 30.734751] kunit_try_run_case+0x170/0x3f0 [ 30.734846] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.735970] kthread+0x328/0x630 [ 30.736085] ret_from_fork+0x10/0x20 [ 30.736199] [ 30.736251] The buggy address belongs to the object at fff00000c6431d00 [ 30.736251] which belongs to the cache kmalloc-128 of size 128 [ 30.736396] The buggy address is located 0 bytes inside of [ 30.736396] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.737270] [ 30.737343] The buggy address belongs to the physical page: [ 30.737438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.737591] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.737718] page_type: f5(slab) [ 30.737888] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.738049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.738252] page dumped because: kasan: bad access detected [ 30.739342] [ 30.739445] Memory state around the buggy address: [ 30.739537] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.740149] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740274] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.740375] ^ [ 30.740493] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740641] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.740742] ================================================================== [ 30.641727] ================================================================== [ 30.641928] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 30.642129] Write of size 121 at addr fff00000c6431d00 by task kunit_try_catch/285 [ 30.642257] [ 30.642351] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.642561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.642629] Hardware name: linux,dummy-virt (DT) [ 30.642715] Call trace: [ 30.642794] show_stack+0x20/0x38 (C) [ 30.642987] dump_stack_lvl+0x8c/0xd0 [ 30.643147] print_report+0x118/0x608 [ 30.643447] kasan_report+0xdc/0x128 [ 30.643606] kasan_check_range+0x100/0x1a8 [ 30.643753] __kasan_check_write+0x20/0x30 [ 30.643897] copy_user_test_oob+0x234/0xec8 [ 30.644098] kunit_try_run_case+0x170/0x3f0 [ 30.644281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.644437] kthread+0x328/0x630 [ 30.644567] ret_from_fork+0x10/0x20 [ 30.644697] [ 30.644769] Allocated by task 285: [ 30.644870] kasan_save_stack+0x3c/0x68 [ 30.645154] kasan_save_track+0x20/0x40 [ 30.645277] kasan_save_alloc_info+0x40/0x58 [ 30.645502] __kasan_kmalloc+0xd4/0xd8 [ 30.645689] __kmalloc_noprof+0x198/0x4c8 [ 30.646668] kunit_kmalloc_array+0x34/0x88 [ 30.647033] copy_user_test_oob+0xac/0xec8 [ 30.647149] kunit_try_run_case+0x170/0x3f0 [ 30.647272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.647402] kthread+0x328/0x630 [ 30.647496] ret_from_fork+0x10/0x20 [ 30.647600] [ 30.647970] The buggy address belongs to the object at fff00000c6431d00 [ 30.647970] which belongs to the cache kmalloc-128 of size 128 [ 30.648608] The buggy address is located 0 bytes inside of [ 30.648608] allocated 120-byte region [fff00000c6431d00, fff00000c6431d78) [ 30.648773] [ 30.648868] The buggy address belongs to the physical page: [ 30.648993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106431 [ 30.649281] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.649474] page_type: f5(slab) [ 30.649627] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.649970] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.650093] page dumped because: kasan: bad access detected [ 30.650191] [ 30.650503] Memory state around the buggy address: [ 30.650922] fff00000c6431c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.651068] fff00000c6431c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.651551] >fff00000c6431d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.651663] ^ [ 30.651793] fff00000c6431d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652129] fff00000c6431e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652422] ==================================================================
[ 30.757031] ================================================================== [ 30.757827] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 30.758052] Write of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.758408] [ 30.758534] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.758762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.758873] Hardware name: linux,dummy-virt (DT) [ 30.759060] Call trace: [ 30.759198] show_stack+0x20/0x38 (C) [ 30.759451] dump_stack_lvl+0x8c/0xd0 [ 30.759620] print_report+0x118/0x608 [ 30.759756] kasan_report+0xdc/0x128 [ 30.759909] kasan_check_range+0x100/0x1a8 [ 30.760033] __kasan_check_write+0x20/0x30 [ 30.760167] copy_user_test_oob+0x234/0xec8 [ 30.760386] kunit_try_run_case+0x170/0x3f0 [ 30.760607] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.760951] kthread+0x328/0x630 [ 30.761116] ret_from_fork+0x10/0x20 [ 30.761280] [ 30.761340] Allocated by task 285: [ 30.761522] kasan_save_stack+0x3c/0x68 [ 30.761647] kasan_save_track+0x20/0x40 [ 30.761761] kasan_save_alloc_info+0x40/0x58 [ 30.761898] __kasan_kmalloc+0xd4/0xd8 [ 30.762001] __kmalloc_noprof+0x198/0x4c8 [ 30.762111] kunit_kmalloc_array+0x34/0x88 [ 30.762207] copy_user_test_oob+0xac/0xec8 [ 30.762310] kunit_try_run_case+0x170/0x3f0 [ 30.762410] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.762527] kthread+0x328/0x630 [ 30.762657] ret_from_fork+0x10/0x20 [ 30.762753] [ 30.762806] The buggy address belongs to the object at fff00000c7772a00 [ 30.762806] which belongs to the cache kmalloc-128 of size 128 [ 30.762968] The buggy address is located 0 bytes inside of [ 30.762968] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.763125] [ 30.763235] The buggy address belongs to the physical page: [ 30.763334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.763565] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.763890] page_type: f5(slab) [ 30.764015] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.764162] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.764270] page dumped because: kasan: bad access detected [ 30.764595] [ 30.764685] Memory state around the buggy address: [ 30.764777] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.764911] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.765043] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.765681] ^ [ 30.767024] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.767151] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.767230] ================================================================== [ 30.820378] ================================================================== [ 30.820552] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 30.820781] Read of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.820962] [ 30.821092] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.821710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.821817] Hardware name: linux,dummy-virt (DT) [ 30.821922] Call trace: [ 30.821981] show_stack+0x20/0x38 (C) [ 30.822103] dump_stack_lvl+0x8c/0xd0 [ 30.822233] print_report+0x118/0x608 [ 30.822358] kasan_report+0xdc/0x128 [ 30.822530] kasan_check_range+0x100/0x1a8 [ 30.822663] __kasan_check_read+0x20/0x30 [ 30.822801] copy_user_test_oob+0x3c8/0xec8 [ 30.823223] kunit_try_run_case+0x170/0x3f0 [ 30.823350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.823525] kthread+0x328/0x630 [ 30.823628] ret_from_fork+0x10/0x20 [ 30.823755] [ 30.823813] Allocated by task 285: [ 30.823915] kasan_save_stack+0x3c/0x68 [ 30.824190] kasan_save_track+0x20/0x40 [ 30.824303] kasan_save_alloc_info+0x40/0x58 [ 30.824589] __kasan_kmalloc+0xd4/0xd8 [ 30.824694] __kmalloc_noprof+0x198/0x4c8 [ 30.824789] kunit_kmalloc_array+0x34/0x88 [ 30.824926] copy_user_test_oob+0xac/0xec8 [ 30.825054] kunit_try_run_case+0x170/0x3f0 [ 30.825168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.825483] kthread+0x328/0x630 [ 30.825767] ret_from_fork+0x10/0x20 [ 30.826102] [ 30.826191] The buggy address belongs to the object at fff00000c7772a00 [ 30.826191] which belongs to the cache kmalloc-128 of size 128 [ 30.826501] The buggy address is located 0 bytes inside of [ 30.826501] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.826754] [ 30.826809] The buggy address belongs to the physical page: [ 30.826908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.827071] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.827189] page_type: f5(slab) [ 30.827363] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.827526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.827720] page dumped because: kasan: bad access detected [ 30.827812] [ 30.827920] Memory state around the buggy address: [ 30.828008] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.828119] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.828234] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.828385] ^ [ 30.828508] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.828625] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.829100] ================================================================== [ 30.806373] ================================================================== [ 30.806511] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 30.806632] Write of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.806758] [ 30.806862] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.807068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.807140] Hardware name: linux,dummy-virt (DT) [ 30.807217] Call trace: [ 30.807274] show_stack+0x20/0x38 (C) [ 30.807401] dump_stack_lvl+0x8c/0xd0 [ 30.807532] print_report+0x118/0x608 [ 30.807882] kasan_report+0xdc/0x128 [ 30.808217] kasan_check_range+0x100/0x1a8 [ 30.809482] __kasan_check_write+0x20/0x30 [ 30.809624] copy_user_test_oob+0x35c/0xec8 [ 30.810238] kunit_try_run_case+0x170/0x3f0 [ 30.810419] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.810693] kthread+0x328/0x630 [ 30.810856] ret_from_fork+0x10/0x20 [ 30.811097] [ 30.811153] Allocated by task 285: [ 30.811230] kasan_save_stack+0x3c/0x68 [ 30.811333] kasan_save_track+0x20/0x40 [ 30.811436] kasan_save_alloc_info+0x40/0x58 [ 30.811550] __kasan_kmalloc+0xd4/0xd8 [ 30.811652] __kmalloc_noprof+0x198/0x4c8 [ 30.811752] kunit_kmalloc_array+0x34/0x88 [ 30.811890] copy_user_test_oob+0xac/0xec8 [ 30.811997] kunit_try_run_case+0x170/0x3f0 [ 30.812094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.812204] kthread+0x328/0x630 [ 30.812321] ret_from_fork+0x10/0x20 [ 30.812422] [ 30.812473] The buggy address belongs to the object at fff00000c7772a00 [ 30.812473] which belongs to the cache kmalloc-128 of size 128 [ 30.812629] The buggy address is located 0 bytes inside of [ 30.812629] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.812827] [ 30.812904] The buggy address belongs to the physical page: [ 30.812991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.813336] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.813476] page_type: f5(slab) [ 30.813990] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.814159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.814282] page dumped because: kasan: bad access detected [ 30.814573] [ 30.814688] Memory state around the buggy address: [ 30.814783] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.815225] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.815341] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.815597] ^ [ 30.815892] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816606] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816764] ================================================================== [ 30.850548] ================================================================== [ 30.850659] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 30.850877] Read of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.851117] [ 30.851695] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.852829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.853189] Hardware name: linux,dummy-virt (DT) [ 30.853300] Call trace: [ 30.853376] show_stack+0x20/0x38 (C) [ 30.853518] dump_stack_lvl+0x8c/0xd0 [ 30.854110] print_report+0x118/0x608 [ 30.854239] kasan_report+0xdc/0x128 [ 30.854678] kasan_check_range+0x100/0x1a8 [ 30.855333] __kasan_check_read+0x20/0x30 [ 30.855770] copy_user_test_oob+0x4a0/0xec8 [ 30.856145] kunit_try_run_case+0x170/0x3f0 [ 30.856468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.856933] kthread+0x328/0x630 [ 30.857686] ret_from_fork+0x10/0x20 [ 30.857818] [ 30.858085] Allocated by task 285: [ 30.858226] kasan_save_stack+0x3c/0x68 [ 30.858932] kasan_save_track+0x20/0x40 [ 30.859059] kasan_save_alloc_info+0x40/0x58 [ 30.859186] __kasan_kmalloc+0xd4/0xd8 [ 30.859298] __kmalloc_noprof+0x198/0x4c8 [ 30.860196] kunit_kmalloc_array+0x34/0x88 [ 30.860302] copy_user_test_oob+0xac/0xec8 [ 30.860405] kunit_try_run_case+0x170/0x3f0 [ 30.861249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.861404] kthread+0x328/0x630 [ 30.861498] ret_from_fork+0x10/0x20 [ 30.861551] [ 30.861582] The buggy address belongs to the object at fff00000c7772a00 [ 30.861582] which belongs to the cache kmalloc-128 of size 128 [ 30.861656] The buggy address is located 0 bytes inside of [ 30.861656] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.861734] [ 30.861762] The buggy address belongs to the physical page: [ 30.861808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.862707] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.863206] page_type: f5(slab) [ 30.863325] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.863669] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.864197] page dumped because: kasan: bad access detected [ 30.864295] [ 30.864344] Memory state around the buggy address: [ 30.865165] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.865654] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.865769] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.866016] ^ [ 30.866162] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.866277] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.866379] ================================================================== [ 30.831356] ================================================================== [ 30.831607] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 30.831727] Write of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.831895] [ 30.831972] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.832174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.832492] Hardware name: linux,dummy-virt (DT) [ 30.832736] Call trace: [ 30.832802] show_stack+0x20/0x38 (C) [ 30.832950] dump_stack_lvl+0x8c/0xd0 [ 30.833073] print_report+0x118/0x608 [ 30.833196] kasan_report+0xdc/0x128 [ 30.833909] kasan_check_range+0x100/0x1a8 [ 30.834488] __kasan_check_write+0x20/0x30 [ 30.834831] copy_user_test_oob+0x434/0xec8 [ 30.835299] kunit_try_run_case+0x170/0x3f0 [ 30.835488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.836139] kthread+0x328/0x630 [ 30.836274] ret_from_fork+0x10/0x20 [ 30.836740] [ 30.836877] Allocated by task 285: [ 30.837313] kasan_save_stack+0x3c/0x68 [ 30.837426] kasan_save_track+0x20/0x40 [ 30.837882] kasan_save_alloc_info+0x40/0x58 [ 30.838146] __kasan_kmalloc+0xd4/0xd8 [ 30.838307] __kmalloc_noprof+0x198/0x4c8 [ 30.838799] kunit_kmalloc_array+0x34/0x88 [ 30.839260] copy_user_test_oob+0xac/0xec8 [ 30.839398] kunit_try_run_case+0x170/0x3f0 [ 30.839912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.840425] kthread+0x328/0x630 [ 30.840574] ret_from_fork+0x10/0x20 [ 30.840830] [ 30.840955] The buggy address belongs to the object at fff00000c7772a00 [ 30.840955] which belongs to the cache kmalloc-128 of size 128 [ 30.841103] The buggy address is located 0 bytes inside of [ 30.841103] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.841492] [ 30.842067] The buggy address belongs to the physical page: [ 30.842389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.842698] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.843004] page_type: f5(slab) [ 30.843166] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.843323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.843758] page dumped because: kasan: bad access detected [ 30.844184] [ 30.844289] Memory state around the buggy address: [ 30.844378] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.844502] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.844613] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.844734] ^ [ 30.844886] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.845251] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.845820] ================================================================== [ 30.776794] ================================================================== [ 30.776946] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 30.777062] Read of size 121 at addr fff00000c7772a00 by task kunit_try_catch/285 [ 30.777223] [ 30.777306] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 30.777596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.777678] Hardware name: linux,dummy-virt (DT) [ 30.777772] Call trace: [ 30.777881] show_stack+0x20/0x38 (C) [ 30.778017] dump_stack_lvl+0x8c/0xd0 [ 30.778219] print_report+0x118/0x608 [ 30.778318] kasan_report+0xdc/0x128 [ 30.778711] kasan_check_range+0x100/0x1a8 [ 30.779339] __kasan_check_read+0x20/0x30 [ 30.779516] copy_user_test_oob+0x728/0xec8 [ 30.779879] kunit_try_run_case+0x170/0x3f0 [ 30.780831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.781099] kthread+0x328/0x630 [ 30.781801] ret_from_fork+0x10/0x20 [ 30.781971] [ 30.782122] Allocated by task 285: [ 30.782229] kasan_save_stack+0x3c/0x68 [ 30.782510] kasan_save_track+0x20/0x40 [ 30.782634] kasan_save_alloc_info+0x40/0x58 [ 30.782779] __kasan_kmalloc+0xd4/0xd8 [ 30.782923] __kmalloc_noprof+0x198/0x4c8 [ 30.783028] kunit_kmalloc_array+0x34/0x88 [ 30.783129] copy_user_test_oob+0xac/0xec8 [ 30.783223] kunit_try_run_case+0x170/0x3f0 [ 30.783377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.783535] kthread+0x328/0x630 [ 30.783719] ret_from_fork+0x10/0x20 [ 30.783866] [ 30.783924] The buggy address belongs to the object at fff00000c7772a00 [ 30.783924] which belongs to the cache kmalloc-128 of size 128 [ 30.784067] The buggy address is located 0 bytes inside of [ 30.784067] allocated 120-byte region [fff00000c7772a00, fff00000c7772a78) [ 30.784218] [ 30.784269] The buggy address belongs to the physical page: [ 30.784347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107772 [ 30.784484] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.784825] page_type: f5(slab) [ 30.784957] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.785294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.785445] page dumped because: kasan: bad access detected [ 30.785559] [ 30.785627] Memory state around the buggy address: [ 30.785857] fff00000c7772900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.785979] fff00000c7772980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.786108] >fff00000c7772a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.786224] ^ [ 30.786868] fff00000c7772a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.787155] fff00000c7772b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.787517] ==================================================================
[ 26.886032] ================================================================== [ 26.886789] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 26.887411] Read of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.888079] [ 26.888398] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.888551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.888596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.888664] Call Trace: [ 26.888721] <TASK> [ 26.888777] dump_stack_lvl+0x73/0xb0 [ 26.888878] print_report+0xd1/0x650 [ 26.888963] ? __virt_addr_valid+0x1db/0x2d0 [ 26.889043] ? copy_user_test_oob+0x604/0x10f0 [ 26.889118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.889199] ? copy_user_test_oob+0x604/0x10f0 [ 26.889330] kasan_report+0x141/0x180 [ 26.889407] ? copy_user_test_oob+0x604/0x10f0 [ 26.889519] kasan_check_range+0x10c/0x1c0 [ 26.889609] __kasan_check_read+0x15/0x20 [ 26.889698] copy_user_test_oob+0x604/0x10f0 [ 26.889786] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.889866] ? finish_task_switch.isra.0+0x153/0x700 [ 26.889947] ? __switch_to+0x47/0xf50 [ 26.890035] ? __schedule+0x10cc/0x2b60 [ 26.890113] ? __pfx_read_tsc+0x10/0x10 [ 26.890192] ? ktime_get_ts64+0x86/0x230 [ 26.890327] kunit_try_run_case+0x1a5/0x480 [ 26.890413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.890464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.890528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.890570] ? __kthread_parkme+0x82/0x180 [ 26.890601] ? preempt_count_sub+0x50/0x80 [ 26.890634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.890673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.890708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.890745] kthread+0x337/0x6f0 [ 26.890774] ? trace_preempt_on+0x20/0xc0 [ 26.890810] ? __pfx_kthread+0x10/0x10 [ 26.890842] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.890874] ? calculate_sigpending+0x7b/0xa0 [ 26.890910] ? __pfx_kthread+0x10/0x10 [ 26.890942] ret_from_fork+0x116/0x1d0 [ 26.890970] ? __pfx_kthread+0x10/0x10 [ 26.891001] ret_from_fork_asm+0x1a/0x30 [ 26.891044] </TASK> [ 26.891062] [ 26.909880] Allocated by task 303: [ 26.910359] kasan_save_stack+0x45/0x70 [ 26.910900] kasan_save_track+0x18/0x40 [ 26.911421] kasan_save_alloc_info+0x3b/0x50 [ 26.911980] __kasan_kmalloc+0xb7/0xc0 [ 26.912511] __kmalloc_noprof+0x1c9/0x500 [ 26.913013] kunit_kmalloc_array+0x25/0x60 [ 26.913413] copy_user_test_oob+0xab/0x10f0 [ 26.913945] kunit_try_run_case+0x1a5/0x480 [ 26.914618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.915194] kthread+0x337/0x6f0 [ 26.915718] ret_from_fork+0x116/0x1d0 [ 26.916141] ret_from_fork_asm+0x1a/0x30 [ 26.916642] [ 26.916843] The buggy address belongs to the object at ffff8881039c8700 [ 26.916843] which belongs to the cache kmalloc-128 of size 128 [ 26.918529] The buggy address is located 0 bytes inside of [ 26.918529] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.919947] [ 26.920182] The buggy address belongs to the physical page: [ 26.920637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.921226] flags: 0x200000000000000(node=0|zone=2) [ 26.922367] page_type: f5(slab) [ 26.922649] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.923676] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.924225] page dumped because: kasan: bad access detected [ 26.924679] [ 26.924851] Memory state around the buggy address: [ 26.925247] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.926887] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.927759] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.928629] ^ [ 26.929745] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.930311] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.930922] ================================================================== [ 26.793377] ================================================================== [ 26.794050] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 26.794871] Read of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.795565] [ 26.795862] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.796041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.796086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.796158] Call Trace: [ 26.796262] <TASK> [ 26.796350] dump_stack_lvl+0x73/0xb0 [ 26.796452] print_report+0xd1/0x650 [ 26.796555] ? __virt_addr_valid+0x1db/0x2d0 [ 26.796641] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.796722] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.796806] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.796940] kasan_report+0x141/0x180 [ 26.797024] ? copy_user_test_oob+0x4aa/0x10f0 [ 26.797109] kasan_check_range+0x10c/0x1c0 [ 26.797151] __kasan_check_read+0x15/0x20 [ 26.797182] copy_user_test_oob+0x4aa/0x10f0 [ 26.797243] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.797316] ? finish_task_switch.isra.0+0x153/0x700 [ 26.797355] ? __switch_to+0x47/0xf50 [ 26.797394] ? __schedule+0x10cc/0x2b60 [ 26.797428] ? __pfx_read_tsc+0x10/0x10 [ 26.797458] ? ktime_get_ts64+0x86/0x230 [ 26.797511] kunit_try_run_case+0x1a5/0x480 [ 26.797561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.797600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.797655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.797692] ? __kthread_parkme+0x82/0x180 [ 26.797721] ? preempt_count_sub+0x50/0x80 [ 26.797754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.797791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.797827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.797863] kthread+0x337/0x6f0 [ 26.797892] ? trace_preempt_on+0x20/0xc0 [ 26.797927] ? __pfx_kthread+0x10/0x10 [ 26.797957] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.797989] ? calculate_sigpending+0x7b/0xa0 [ 26.798024] ? __pfx_kthread+0x10/0x10 [ 26.798056] ret_from_fork+0x116/0x1d0 [ 26.798083] ? __pfx_kthread+0x10/0x10 [ 26.798113] ret_from_fork_asm+0x1a/0x30 [ 26.798156] </TASK> [ 26.798172] [ 26.819014] Allocated by task 303: [ 26.819436] kasan_save_stack+0x45/0x70 [ 26.820082] kasan_save_track+0x18/0x40 [ 26.820803] kasan_save_alloc_info+0x3b/0x50 [ 26.821382] __kasan_kmalloc+0xb7/0xc0 [ 26.821875] __kmalloc_noprof+0x1c9/0x500 [ 26.822116] kunit_kmalloc_array+0x25/0x60 [ 26.822469] copy_user_test_oob+0xab/0x10f0 [ 26.823287] kunit_try_run_case+0x1a5/0x480 [ 26.824178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.824690] kthread+0x337/0x6f0 [ 26.825102] ret_from_fork+0x116/0x1d0 [ 26.825566] ret_from_fork_asm+0x1a/0x30 [ 26.826089] [ 26.826674] The buggy address belongs to the object at ffff8881039c8700 [ 26.826674] which belongs to the cache kmalloc-128 of size 128 [ 26.827988] The buggy address is located 0 bytes inside of [ 26.827988] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.829271] [ 26.829546] The buggy address belongs to the physical page: [ 26.830040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.830766] flags: 0x200000000000000(node=0|zone=2) [ 26.831309] page_type: f5(slab) [ 26.831716] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.832463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.833100] page dumped because: kasan: bad access detected [ 26.833688] [ 26.834002] Memory state around the buggy address: [ 26.834487] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.835112] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835784] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.836472] ^ [ 26.837101] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.837788] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.838478] ================================================================== [ 26.839840] ================================================================== [ 26.841304] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 26.841787] Write of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.842053] [ 26.842171] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.842264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.842307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.842374] Call Trace: [ 26.842487] <TASK> [ 26.842569] dump_stack_lvl+0x73/0xb0 [ 26.842662] print_report+0xd1/0x650 [ 26.842746] ? __virt_addr_valid+0x1db/0x2d0 [ 26.842831] ? copy_user_test_oob+0x557/0x10f0 [ 26.842963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.843288] ? copy_user_test_oob+0x557/0x10f0 [ 26.843375] kasan_report+0x141/0x180 [ 26.843493] ? copy_user_test_oob+0x557/0x10f0 [ 26.843610] kasan_check_range+0x10c/0x1c0 [ 26.843691] __kasan_check_write+0x18/0x20 [ 26.843761] copy_user_test_oob+0x557/0x10f0 [ 26.843807] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.843846] ? finish_task_switch.isra.0+0x153/0x700 [ 26.843884] ? __switch_to+0x47/0xf50 [ 26.843925] ? __schedule+0x10cc/0x2b60 [ 26.843960] ? __pfx_read_tsc+0x10/0x10 [ 26.843994] ? ktime_get_ts64+0x86/0x230 [ 26.844030] kunit_try_run_case+0x1a5/0x480 [ 26.844073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.844111] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.844147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.844184] ? __kthread_parkme+0x82/0x180 [ 26.844216] ? preempt_count_sub+0x50/0x80 [ 26.844300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.844344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.844384] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.844422] kthread+0x337/0x6f0 [ 26.844452] ? trace_preempt_on+0x20/0xc0 [ 26.844489] ? __pfx_kthread+0x10/0x10 [ 26.844551] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.844587] ? calculate_sigpending+0x7b/0xa0 [ 26.844626] ? __pfx_kthread+0x10/0x10 [ 26.844659] ret_from_fork+0x116/0x1d0 [ 26.844689] ? __pfx_kthread+0x10/0x10 [ 26.844720] ret_from_fork_asm+0x1a/0x30 [ 26.844765] </TASK> [ 26.844783] [ 26.865209] Allocated by task 303: [ 26.866023] kasan_save_stack+0x45/0x70 [ 26.866620] kasan_save_track+0x18/0x40 [ 26.867478] kasan_save_alloc_info+0x3b/0x50 [ 26.867783] __kasan_kmalloc+0xb7/0xc0 [ 26.868043] __kmalloc_noprof+0x1c9/0x500 [ 26.868514] kunit_kmalloc_array+0x25/0x60 [ 26.868870] copy_user_test_oob+0xab/0x10f0 [ 26.870175] kunit_try_run_case+0x1a5/0x480 [ 26.870990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.871649] kthread+0x337/0x6f0 [ 26.872102] ret_from_fork+0x116/0x1d0 [ 26.872614] ret_from_fork_asm+0x1a/0x30 [ 26.873442] [ 26.873692] The buggy address belongs to the object at ffff8881039c8700 [ 26.873692] which belongs to the cache kmalloc-128 of size 128 [ 26.874546] The buggy address is located 0 bytes inside of [ 26.874546] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.875700] [ 26.875897] The buggy address belongs to the physical page: [ 26.876628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.877321] flags: 0x200000000000000(node=0|zone=2) [ 26.877887] page_type: f5(slab) [ 26.878183] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.878908] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.879684] page dumped because: kasan: bad access detected [ 26.880196] [ 26.880525] Memory state around the buggy address: [ 26.881082] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.881753] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.882205] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.882912] ^ [ 26.883576] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.884164] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.884703] ================================================================== [ 26.747308] ================================================================== [ 26.747947] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.748614] Write of size 121 at addr ffff8881039c8700 by task kunit_try_catch/303 [ 26.749973] [ 26.750273] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 26.750420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.750464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.750554] Call Trace: [ 26.750611] <TASK> [ 26.750672] dump_stack_lvl+0x73/0xb0 [ 26.750775] print_report+0xd1/0x650 [ 26.750827] ? __virt_addr_valid+0x1db/0x2d0 [ 26.750864] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.750900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.750933] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.750968] kasan_report+0x141/0x180 [ 26.751001] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.751042] kasan_check_range+0x10c/0x1c0 [ 26.751079] __kasan_check_write+0x18/0x20 [ 26.751109] copy_user_test_oob+0x3fd/0x10f0 [ 26.751146] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.751183] ? finish_task_switch.isra.0+0x153/0x700 [ 26.751220] ? __switch_to+0x47/0xf50 [ 26.751309] ? __schedule+0x10cc/0x2b60 [ 26.751345] ? __pfx_read_tsc+0x10/0x10 [ 26.751377] ? ktime_get_ts64+0x86/0x230 [ 26.751412] kunit_try_run_case+0x1a5/0x480 [ 26.751452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.751488] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.751555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.751591] ? __kthread_parkme+0x82/0x180 [ 26.751621] ? preempt_count_sub+0x50/0x80 [ 26.751654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.751691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.751728] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.751764] kthread+0x337/0x6f0 [ 26.751793] ? trace_preempt_on+0x20/0xc0 [ 26.751830] ? __pfx_kthread+0x10/0x10 [ 26.751860] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.751892] ? calculate_sigpending+0x7b/0xa0 [ 26.751928] ? __pfx_kthread+0x10/0x10 [ 26.751961] ret_from_fork+0x116/0x1d0 [ 26.751988] ? __pfx_kthread+0x10/0x10 [ 26.752019] ret_from_fork_asm+0x1a/0x30 [ 26.752062] </TASK> [ 26.752080] [ 26.770027] Allocated by task 303: [ 26.770704] kasan_save_stack+0x45/0x70 [ 26.772306] kasan_save_track+0x18/0x40 [ 26.773399] kasan_save_alloc_info+0x3b/0x50 [ 26.774439] __kasan_kmalloc+0xb7/0xc0 [ 26.775109] __kmalloc_noprof+0x1c9/0x500 [ 26.775404] kunit_kmalloc_array+0x25/0x60 [ 26.775758] copy_user_test_oob+0xab/0x10f0 [ 26.776424] kunit_try_run_case+0x1a5/0x480 [ 26.777660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.778448] kthread+0x337/0x6f0 [ 26.778996] ret_from_fork+0x116/0x1d0 [ 26.779378] ret_from_fork_asm+0x1a/0x30 [ 26.780153] [ 26.780456] The buggy address belongs to the object at ffff8881039c8700 [ 26.780456] which belongs to the cache kmalloc-128 of size 128 [ 26.781369] The buggy address is located 0 bytes inside of [ 26.781369] allocated 120-byte region [ffff8881039c8700, ffff8881039c8778) [ 26.782331] [ 26.782644] The buggy address belongs to the physical page: [ 26.783532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8 [ 26.784044] flags: 0x200000000000000(node=0|zone=2) [ 26.784572] page_type: f5(slab) [ 26.784937] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.785707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.786305] page dumped because: kasan: bad access detected [ 26.786744] [ 26.787000] Memory state around the buggy address: [ 26.787599] ffff8881039c8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.788297] ffff8881039c8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.788945] >ffff8881039c8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.789690] ^ [ 26.790375] ffff8881039c8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.790966] ffff8881039c8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.791660] ==================================================================
[ 25.180331] ================================================================== [ 25.181417] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 25.182071] Read of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.183435] [ 25.183894] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.184037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.184058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.184107] Call Trace: [ 25.184271] <TASK> [ 25.184294] dump_stack_lvl+0x73/0xb0 [ 25.184340] print_report+0xd1/0x650 [ 25.184376] ? __virt_addr_valid+0x1db/0x2d0 [ 25.184409] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.184445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.184479] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.184514] kasan_report+0x141/0x180 [ 25.184547] ? copy_user_test_oob+0x4aa/0x10f0 [ 25.184587] kasan_check_range+0x10c/0x1c0 [ 25.184622] __kasan_check_read+0x15/0x20 [ 25.184650] copy_user_test_oob+0x4aa/0x10f0 [ 25.184688] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.184721] ? finish_task_switch.isra.0+0x153/0x700 [ 25.184754] ? __switch_to+0x47/0xf50 [ 25.184790] ? __schedule+0x10cc/0x2b60 [ 25.184822] ? __pfx_read_tsc+0x10/0x10 [ 25.184852] ? ktime_get_ts64+0x86/0x230 [ 25.184917] kunit_try_run_case+0x1a5/0x480 [ 25.184957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.185030] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.185065] ? __kthread_parkme+0x82/0x180 [ 25.185099] ? preempt_count_sub+0x50/0x80 [ 25.185172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.185212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.185247] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.185285] kthread+0x337/0x6f0 [ 25.185314] ? trace_preempt_on+0x20/0xc0 [ 25.185347] ? __pfx_kthread+0x10/0x10 [ 25.185378] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.185410] ? calculate_sigpending+0x7b/0xa0 [ 25.185445] ? __pfx_kthread+0x10/0x10 [ 25.185476] ret_from_fork+0x116/0x1d0 [ 25.185503] ? __pfx_kthread+0x10/0x10 [ 25.185533] ret_from_fork_asm+0x1a/0x30 [ 25.185575] </TASK> [ 25.185590] [ 25.205868] Allocated by task 303: [ 25.206946] kasan_save_stack+0x45/0x70 [ 25.207254] kasan_save_track+0x18/0x40 [ 25.208075] kasan_save_alloc_info+0x3b/0x50 [ 25.208507] __kasan_kmalloc+0xb7/0xc0 [ 25.209145] __kmalloc_noprof+0x1c9/0x500 [ 25.209710] kunit_kmalloc_array+0x25/0x60 [ 25.210368] copy_user_test_oob+0xab/0x10f0 [ 25.210792] kunit_try_run_case+0x1a5/0x480 [ 25.211467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.211999] kthread+0x337/0x6f0 [ 25.212732] ret_from_fork+0x116/0x1d0 [ 25.213066] ret_from_fork_asm+0x1a/0x30 [ 25.213859] [ 25.214157] The buggy address belongs to the object at ffff8881038d5f00 [ 25.214157] which belongs to the cache kmalloc-128 of size 128 [ 25.215474] The buggy address is located 0 bytes inside of [ 25.215474] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.216619] [ 25.217149] The buggy address belongs to the physical page: [ 25.217525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.218465] flags: 0x200000000000000(node=0|zone=2) [ 25.218917] page_type: f5(slab) [ 25.219693] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.220296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.221124] page dumped because: kasan: bad access detected [ 25.221811] [ 25.222277] Memory state around the buggy address: [ 25.222770] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.223594] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.224195] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.224724] ^ [ 25.225671] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.226509] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.227282] ================================================================== [ 25.276647] ================================================================== [ 25.277291] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 25.278895] Read of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.280257] [ 25.280472] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.280929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.280955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.280988] Call Trace: [ 25.281008] <TASK> [ 25.281027] dump_stack_lvl+0x73/0xb0 [ 25.281072] print_report+0xd1/0x650 [ 25.281125] ? __virt_addr_valid+0x1db/0x2d0 [ 25.281174] ? copy_user_test_oob+0x604/0x10f0 [ 25.281212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.281245] ? copy_user_test_oob+0x604/0x10f0 [ 25.281281] kasan_report+0x141/0x180 [ 25.281313] ? copy_user_test_oob+0x604/0x10f0 [ 25.281355] kasan_check_range+0x10c/0x1c0 [ 25.281390] __kasan_check_read+0x15/0x20 [ 25.281418] copy_user_test_oob+0x604/0x10f0 [ 25.281457] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.281492] ? finish_task_switch.isra.0+0x153/0x700 [ 25.281523] ? __switch_to+0x47/0xf50 [ 25.281560] ? __schedule+0x10cc/0x2b60 [ 25.281593] ? __pfx_read_tsc+0x10/0x10 [ 25.281623] ? ktime_get_ts64+0x86/0x230 [ 25.281656] kunit_try_run_case+0x1a5/0x480 [ 25.281694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.281730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.281765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.281800] ? __kthread_parkme+0x82/0x180 [ 25.281829] ? preempt_count_sub+0x50/0x80 [ 25.281862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.281924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.281961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.281999] kthread+0x337/0x6f0 [ 25.282027] ? trace_preempt_on+0x20/0xc0 [ 25.282062] ? __pfx_kthread+0x10/0x10 [ 25.282098] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.282171] ? calculate_sigpending+0x7b/0xa0 [ 25.282209] ? __pfx_kthread+0x10/0x10 [ 25.282241] ret_from_fork+0x116/0x1d0 [ 25.282284] ? __pfx_kthread+0x10/0x10 [ 25.282316] ret_from_fork_asm+0x1a/0x30 [ 25.282358] </TASK> [ 25.282374] [ 25.302148] Allocated by task 303: [ 25.302553] kasan_save_stack+0x45/0x70 [ 25.303105] kasan_save_track+0x18/0x40 [ 25.303483] kasan_save_alloc_info+0x3b/0x50 [ 25.303994] __kasan_kmalloc+0xb7/0xc0 [ 25.304696] __kmalloc_noprof+0x1c9/0x500 [ 25.305182] kunit_kmalloc_array+0x25/0x60 [ 25.305712] copy_user_test_oob+0xab/0x10f0 [ 25.306143] kunit_try_run_case+0x1a5/0x480 [ 25.306699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.307209] kthread+0x337/0x6f0 [ 25.307666] ret_from_fork+0x116/0x1d0 [ 25.308205] ret_from_fork_asm+0x1a/0x30 [ 25.308722] [ 25.308994] The buggy address belongs to the object at ffff8881038d5f00 [ 25.308994] which belongs to the cache kmalloc-128 of size 128 [ 25.309699] The buggy address is located 0 bytes inside of [ 25.309699] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.310744] [ 25.311004] The buggy address belongs to the physical page: [ 25.311819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.312658] flags: 0x200000000000000(node=0|zone=2) [ 25.313096] page_type: f5(slab) [ 25.313483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.314415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.315021] page dumped because: kasan: bad access detected [ 25.315395] [ 25.315683] Memory state around the buggy address: [ 25.316190] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.316969] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.317666] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.318237] ^ [ 25.320907] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.321470] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.321899] ================================================================== [ 25.134640] ================================================================== [ 25.135188] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 25.135819] Write of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.136505] [ 25.136771] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.136912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.136958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.137019] Call Trace: [ 25.137060] <TASK> [ 25.137102] dump_stack_lvl+0x73/0xb0 [ 25.137230] print_report+0xd1/0x650 [ 25.137319] ? __virt_addr_valid+0x1db/0x2d0 [ 25.137398] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.137477] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.137600] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.137690] kasan_report+0x141/0x180 [ 25.137806] ? copy_user_test_oob+0x3fd/0x10f0 [ 25.137926] kasan_check_range+0x10c/0x1c0 [ 25.138013] __kasan_check_write+0x18/0x20 [ 25.138089] copy_user_test_oob+0x3fd/0x10f0 [ 25.138194] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.138236] ? finish_task_switch.isra.0+0x153/0x700 [ 25.138283] ? __switch_to+0x47/0xf50 [ 25.138321] ? __schedule+0x10cc/0x2b60 [ 25.138355] ? __pfx_read_tsc+0x10/0x10 [ 25.138386] ? ktime_get_ts64+0x86/0x230 [ 25.138423] kunit_try_run_case+0x1a5/0x480 [ 25.138461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.138533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.138568] ? __kthread_parkme+0x82/0x180 [ 25.138597] ? preempt_count_sub+0x50/0x80 [ 25.138630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.138703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.138738] kthread+0x337/0x6f0 [ 25.138768] ? trace_preempt_on+0x20/0xc0 [ 25.138802] ? __pfx_kthread+0x10/0x10 [ 25.138833] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.138867] ? calculate_sigpending+0x7b/0xa0 [ 25.138933] ? __pfx_kthread+0x10/0x10 [ 25.138968] ret_from_fork+0x116/0x1d0 [ 25.138994] ? __pfx_kthread+0x10/0x10 [ 25.139025] ret_from_fork_asm+0x1a/0x30 [ 25.139068] </TASK> [ 25.139086] [ 25.157214] Allocated by task 303: [ 25.157851] kasan_save_stack+0x45/0x70 [ 25.158249] kasan_save_track+0x18/0x40 [ 25.158903] kasan_save_alloc_info+0x3b/0x50 [ 25.159554] __kasan_kmalloc+0xb7/0xc0 [ 25.160018] __kmalloc_noprof+0x1c9/0x500 [ 25.160672] kunit_kmalloc_array+0x25/0x60 [ 25.161147] copy_user_test_oob+0xab/0x10f0 [ 25.161813] kunit_try_run_case+0x1a5/0x480 [ 25.162418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.162943] kthread+0x337/0x6f0 [ 25.163567] ret_from_fork+0x116/0x1d0 [ 25.163974] ret_from_fork_asm+0x1a/0x30 [ 25.164743] [ 25.165001] The buggy address belongs to the object at ffff8881038d5f00 [ 25.165001] which belongs to the cache kmalloc-128 of size 128 [ 25.166476] The buggy address is located 0 bytes inside of [ 25.166476] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.167762] [ 25.168051] The buggy address belongs to the physical page: [ 25.168770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.169748] flags: 0x200000000000000(node=0|zone=2) [ 25.170533] page_type: f5(slab) [ 25.170864] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.171666] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.172437] page dumped because: kasan: bad access detected [ 25.172981] [ 25.173509] Memory state around the buggy address: [ 25.174221] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.174745] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.175560] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.176348] ^ [ 25.177176] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.177962] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.178679] ================================================================== [ 25.228359] ================================================================== [ 25.229216] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 25.229924] Write of size 121 at addr ffff8881038d5f00 by task kunit_try_catch/303 [ 25.231586] [ 25.231754] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 25.231816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.231838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.231914] Call Trace: [ 25.231959] <TASK> [ 25.232000] dump_stack_lvl+0x73/0xb0 [ 25.232336] print_report+0xd1/0x650 [ 25.232373] ? __virt_addr_valid+0x1db/0x2d0 [ 25.232409] ? copy_user_test_oob+0x557/0x10f0 [ 25.232444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.232476] ? copy_user_test_oob+0x557/0x10f0 [ 25.232511] kasan_report+0x141/0x180 [ 25.232543] ? copy_user_test_oob+0x557/0x10f0 [ 25.232586] kasan_check_range+0x10c/0x1c0 [ 25.232622] __kasan_check_write+0x18/0x20 [ 25.232650] copy_user_test_oob+0x557/0x10f0 [ 25.232689] ? __pfx_copy_user_test_oob+0x10/0x10 [ 25.232722] ? finish_task_switch.isra.0+0x153/0x700 [ 25.232755] ? __switch_to+0x47/0xf50 [ 25.232790] ? __schedule+0x10cc/0x2b60 [ 25.232823] ? __pfx_read_tsc+0x10/0x10 [ 25.232852] ? ktime_get_ts64+0x86/0x230 [ 25.232913] kunit_try_run_case+0x1a5/0x480 [ 25.232954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.232991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.233025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.233061] ? __kthread_parkme+0x82/0x180 [ 25.233090] ? preempt_count_sub+0x50/0x80 [ 25.233153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.233193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.233229] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.233265] kthread+0x337/0x6f0 [ 25.233294] ? trace_preempt_on+0x20/0xc0 [ 25.233326] ? __pfx_kthread+0x10/0x10 [ 25.233357] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.233388] ? calculate_sigpending+0x7b/0xa0 [ 25.233423] ? __pfx_kthread+0x10/0x10 [ 25.233456] ret_from_fork+0x116/0x1d0 [ 25.233482] ? __pfx_kthread+0x10/0x10 [ 25.233513] ret_from_fork_asm+0x1a/0x30 [ 25.233556] </TASK> [ 25.233574] [ 25.254039] Allocated by task 303: [ 25.254925] kasan_save_stack+0x45/0x70 [ 25.255284] kasan_save_track+0x18/0x40 [ 25.255710] kasan_save_alloc_info+0x3b/0x50 [ 25.256558] __kasan_kmalloc+0xb7/0xc0 [ 25.256995] __kmalloc_noprof+0x1c9/0x500 [ 25.257768] kunit_kmalloc_array+0x25/0x60 [ 25.258397] copy_user_test_oob+0xab/0x10f0 [ 25.258847] kunit_try_run_case+0x1a5/0x480 [ 25.259589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.260253] kthread+0x337/0x6f0 [ 25.260798] ret_from_fork+0x116/0x1d0 [ 25.261365] ret_from_fork_asm+0x1a/0x30 [ 25.261749] [ 25.261999] The buggy address belongs to the object at ffff8881038d5f00 [ 25.261999] which belongs to the cache kmalloc-128 of size 128 [ 25.263496] The buggy address is located 0 bytes inside of [ 25.263496] allocated 120-byte region [ffff8881038d5f00, ffff8881038d5f78) [ 25.264937] [ 25.265120] The buggy address belongs to the physical page: [ 25.265495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 25.266134] flags: 0x200000000000000(node=0|zone=2) [ 25.266928] page_type: f5(slab) [ 25.267669] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.268283] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.268838] page dumped because: kasan: bad access detected [ 25.269763] [ 25.269943] Memory state around the buggy address: [ 25.270416] ffff8881038d5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.271329] ffff8881038d5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.272162] >ffff8881038d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.272934] ^ [ 25.273783] ffff8881038d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.274720] ffff8881038d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.275231] ==================================================================
[ 23.375622] ================================================================== [ 23.376277] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 23.376919] Read of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.377598] [ 23.377747] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.377779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.377789] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.377800] Call trace: [ 23.377808] show_stack+0x20/0x38 (C) [ 23.377829] dump_stack_lvl+0x8c/0xd0 [ 23.377851] print_report+0x118/0x608 [ 23.377874] kasan_report+0xdc/0x128 [ 23.377895] kasan_check_range+0x100/0x1a8 [ 23.377919] __kasan_check_read+0x20/0x30 [ 23.377937] copy_user_test_oob+0x728/0xec8 [ 23.377958] kunit_try_run_case+0x170/0x3f0 [ 23.377979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.378005] kthread+0x328/0x630 [ 23.378022] ret_from_fork+0x10/0x20 [ 23.378042] [ 23.383863] Allocated by task 338: [ 23.384178] kasan_save_stack+0x3c/0x68 [ 23.384541] kasan_save_track+0x20/0x40 [ 23.384904] kasan_save_alloc_info+0x40/0x58 [ 23.385305] __kasan_kmalloc+0xd4/0xd8 [ 23.385660] __kmalloc_noprof+0x198/0x4c8 [ 23.386036] kunit_kmalloc_array+0x34/0x88 [ 23.386421] copy_user_test_oob+0xac/0xec8 [ 23.386804] kunit_try_run_case+0x170/0x3f0 [ 23.387196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.387705] kthread+0x328/0x630 [ 23.388009] ret_from_fork+0x10/0x20 [ 23.388347] [ 23.388493] The buggy address belongs to the object at ffff00000c5d5400 [ 23.388493] which belongs to the cache kmalloc-128 of size 128 [ 23.389609] The buggy address is located 0 bytes inside of [ 23.389609] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.390719] [ 23.390866] The buggy address belongs to the physical page: [ 23.391371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.392080] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.392674] page_type: f5(slab) [ 23.392972] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.393673] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.394368] page dumped because: kasan: bad access detected [ 23.394872] [ 23.395017] Memory state around the buggy address: [ 23.395454] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.396106] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.396759] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.397408] ^ [ 23.398053] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.398706] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.399355] ================================================================== [ 23.350394] ================================================================== [ 23.351609] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 23.352266] Write of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.352955] [ 23.353109] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.353147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.353157] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.353170] Call trace: [ 23.353179] show_stack+0x20/0x38 (C) [ 23.353204] dump_stack_lvl+0x8c/0xd0 [ 23.353231] print_report+0x118/0x608 [ 23.353255] kasan_report+0xdc/0x128 [ 23.353276] kasan_check_range+0x100/0x1a8 [ 23.353300] __kasan_check_write+0x20/0x30 [ 23.353318] copy_user_test_oob+0x234/0xec8 [ 23.353339] kunit_try_run_case+0x170/0x3f0 [ 23.353364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.353390] kthread+0x328/0x630 [ 23.353407] ret_from_fork+0x10/0x20 [ 23.353429] [ 23.359260] Allocated by task 338: [ 23.359577] kasan_save_stack+0x3c/0x68 [ 23.359942] kasan_save_track+0x20/0x40 [ 23.360305] kasan_save_alloc_info+0x40/0x58 [ 23.360707] __kasan_kmalloc+0xd4/0xd8 [ 23.361060] __kmalloc_noprof+0x198/0x4c8 [ 23.361437] kunit_kmalloc_array+0x34/0x88 [ 23.361821] copy_user_test_oob+0xac/0xec8 [ 23.362205] kunit_try_run_case+0x170/0x3f0 [ 23.362597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.363105] kthread+0x328/0x630 [ 23.363409] ret_from_fork+0x10/0x20 [ 23.363747] [ 23.363893] The buggy address belongs to the object at ffff00000c5d5400 [ 23.363893] which belongs to the cache kmalloc-128 of size 128 [ 23.365010] The buggy address is located 0 bytes inside of [ 23.365010] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.366123] [ 23.366269] The buggy address belongs to the physical page: [ 23.366775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.367485] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.368083] page_type: f5(slab) [ 23.368382] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.369084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.369779] page dumped because: kasan: bad access detected [ 23.370284] [ 23.370430] Memory state around the buggy address: [ 23.370869] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.371522] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.372175] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.372824] ^ [ 23.373468] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.374120] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.374770] ================================================================== [ 23.472250] ================================================================== [ 23.472892] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 23.473518] Read of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.474182] [ 23.474322] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.474338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.474343] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.474349] Call trace: [ 23.474353] show_stack+0x20/0x38 (C) [ 23.474364] dump_stack_lvl+0x8c/0xd0 [ 23.474376] print_report+0x118/0x608 [ 23.474387] kasan_report+0xdc/0x128 [ 23.474398] kasan_check_range+0x100/0x1a8 [ 23.474410] __kasan_check_read+0x20/0x30 [ 23.474419] copy_user_test_oob+0x4a0/0xec8 [ 23.474430] kunit_try_run_case+0x170/0x3f0 [ 23.474441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.474454] kthread+0x328/0x630 [ 23.474463] ret_from_fork+0x10/0x20 [ 23.474473] [ 23.480239] Allocated by task 338: [ 23.480544] kasan_save_stack+0x3c/0x68 [ 23.480889] kasan_save_track+0x20/0x40 [ 23.481236] kasan_save_alloc_info+0x40/0x58 [ 23.481621] __kasan_kmalloc+0xd4/0xd8 [ 23.481959] __kmalloc_noprof+0x198/0x4c8 [ 23.482321] kunit_kmalloc_array+0x34/0x88 [ 23.482689] copy_user_test_oob+0xac/0xec8 [ 23.483058] kunit_try_run_case+0x170/0x3f0 [ 23.483435] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.483924] kthread+0x328/0x630 [ 23.484215] ret_from_fork+0x10/0x20 [ 23.484537] [ 23.484675] The buggy address belongs to the object at ffff00000c5d5400 [ 23.484675] which belongs to the cache kmalloc-128 of size 128 [ 23.485773] The buggy address is located 0 bytes inside of [ 23.485773] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.486864] [ 23.487001] The buggy address belongs to the physical page: [ 23.487493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.488185] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.488765] page_type: f5(slab) [ 23.489048] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.489732] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.490413] page dumped because: kasan: bad access detected [ 23.490906] [ 23.491042] Memory state around the buggy address: [ 23.491468] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.492104] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.492742] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.493379] ^ [ 23.494009] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.494646] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.495282] ================================================================== [ 23.424511] ================================================================== [ 23.425162] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 23.425798] Read of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.426471] [ 23.426617] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.426643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.426651] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.426660] Call trace: [ 23.426667] show_stack+0x20/0x38 (C) [ 23.426684] dump_stack_lvl+0x8c/0xd0 [ 23.426702] print_report+0x118/0x608 [ 23.426721] kasan_report+0xdc/0x128 [ 23.426738] kasan_check_range+0x100/0x1a8 [ 23.426757] __kasan_check_read+0x20/0x30 [ 23.426772] copy_user_test_oob+0x3c8/0xec8 [ 23.426788] kunit_try_run_case+0x170/0x3f0 [ 23.426806] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.426827] kthread+0x328/0x630 [ 23.426840] ret_from_fork+0x10/0x20 [ 23.426857] [ 23.432642] Allocated by task 338: [ 23.432950] kasan_save_stack+0x3c/0x68 [ 23.433301] kasan_save_track+0x20/0x40 [ 23.433650] kasan_save_alloc_info+0x40/0x58 [ 23.434038] __kasan_kmalloc+0xd4/0xd8 [ 23.434381] __kmalloc_noprof+0x198/0x4c8 [ 23.434745] kunit_kmalloc_array+0x34/0x88 [ 23.435117] copy_user_test_oob+0xac/0xec8 [ 23.435489] kunit_try_run_case+0x170/0x3f0 [ 23.435868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.436362] kthread+0x328/0x630 [ 23.436656] ret_from_fork+0x10/0x20 [ 23.436982] [ 23.437122] The buggy address belongs to the object at ffff00000c5d5400 [ 23.437122] which belongs to the cache kmalloc-128 of size 128 [ 23.438224] The buggy address is located 0 bytes inside of [ 23.438224] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.439321] [ 23.439460] The buggy address belongs to the physical page: [ 23.439955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.440651] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.441234] page_type: f5(slab) [ 23.441521] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.442209] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.442893] page dumped because: kasan: bad access detected [ 23.443388] [ 23.443528] Memory state around the buggy address: [ 23.443955] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.444597] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.445237] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.445877] ^ [ 23.446510] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.447152] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.447791] ================================================================== [ 23.448457] ================================================================== [ 23.449100] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 23.449730] Write of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.450402] [ 23.450543] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.450562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.450568] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.450575] Call trace: [ 23.450579] show_stack+0x20/0x38 (C) [ 23.450592] dump_stack_lvl+0x8c/0xd0 [ 23.450606] print_report+0x118/0x608 [ 23.450619] kasan_report+0xdc/0x128 [ 23.450631] kasan_check_range+0x100/0x1a8 [ 23.450644] __kasan_check_write+0x20/0x30 [ 23.450655] copy_user_test_oob+0x434/0xec8 [ 23.450667] kunit_try_run_case+0x170/0x3f0 [ 23.450681] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.450695] kthread+0x328/0x630 [ 23.450705] ret_from_fork+0x10/0x20 [ 23.450717] [ 23.456497] Allocated by task 338: [ 23.456803] kasan_save_stack+0x3c/0x68 [ 23.457151] kasan_save_track+0x20/0x40 [ 23.457499] kasan_save_alloc_info+0x40/0x58 [ 23.457886] __kasan_kmalloc+0xd4/0xd8 [ 23.458226] __kmalloc_noprof+0x198/0x4c8 [ 23.458589] kunit_kmalloc_array+0x34/0x88 [ 23.458960] copy_user_test_oob+0xac/0xec8 [ 23.459330] kunit_try_run_case+0x170/0x3f0 [ 23.459708] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.460200] kthread+0x328/0x630 [ 23.460492] ret_from_fork+0x10/0x20 [ 23.460816] [ 23.460954] The buggy address belongs to the object at ffff00000c5d5400 [ 23.460954] which belongs to the cache kmalloc-128 of size 128 [ 23.462053] The buggy address is located 0 bytes inside of [ 23.462053] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.463147] [ 23.463285] The buggy address belongs to the physical page: [ 23.463779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.464473] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.465053] page_type: f5(slab) [ 23.465338] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.466024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.466706] page dumped because: kasan: bad access detected [ 23.467199] [ 23.467336] Memory state around the buggy address: [ 23.467763] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.468402] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.469041] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.469678] ^ [ 23.470309] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.470948] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.471585] ================================================================== [ 23.400222] ================================================================== [ 23.400880] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 23.401525] Write of size 121 at addr ffff00000c5d5400 by task kunit_try_catch/338 [ 23.402209] [ 23.402360] CPU: 5 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 23.402393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.402403] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.402414] Call trace: [ 23.402422] show_stack+0x20/0x38 (C) [ 23.402443] dump_stack_lvl+0x8c/0xd0 [ 23.402466] print_report+0x118/0x608 [ 23.402489] kasan_report+0xdc/0x128 [ 23.402510] kasan_check_range+0x100/0x1a8 [ 23.402534] __kasan_check_write+0x20/0x30 [ 23.402552] copy_user_test_oob+0x35c/0xec8 [ 23.402573] kunit_try_run_case+0x170/0x3f0 [ 23.402596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.402621] kthread+0x328/0x630 [ 23.402638] ret_from_fork+0x10/0x20 [ 23.402659] [ 23.408469] Allocated by task 338: [ 23.408781] kasan_save_stack+0x3c/0x68 [ 23.409137] kasan_save_track+0x20/0x40 [ 23.409494] kasan_save_alloc_info+0x40/0x58 [ 23.409889] __kasan_kmalloc+0xd4/0xd8 [ 23.410239] __kmalloc_noprof+0x198/0x4c8 [ 23.410610] kunit_kmalloc_array+0x34/0x88 [ 23.410988] copy_user_test_oob+0xac/0xec8 [ 23.411366] kunit_try_run_case+0x170/0x3f0 [ 23.411752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.412254] kthread+0x328/0x630 [ 23.412553] ret_from_fork+0x10/0x20 [ 23.412885] [ 23.413028] The buggy address belongs to the object at ffff00000c5d5400 [ 23.413028] which belongs to the cache kmalloc-128 of size 128 [ 23.414137] The buggy address is located 0 bytes inside of [ 23.414137] allocated 120-byte region [ffff00000c5d5400, ffff00000c5d5478) [ 23.415241] [ 23.415385] The buggy address belongs to the physical page: [ 23.415886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc5d5 [ 23.416589] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.417179] page_type: f5(slab) [ 23.417473] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 23.418167] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.418857] page dumped because: kasan: bad access detected [ 23.419358] [ 23.419500] Memory state around the buggy address: [ 23.419934] ffff00000c5d5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.420581] ffff00000c5d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.421228] >ffff00000c5d5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.421873] ^ [ 23.422511] ffff00000c5d5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.423158] ffff00000c5d5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.423803] ==================================================================