Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 27.873517] ================================================================== [ 27.873687] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 27.873838] Write of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.873982] [ 27.874078] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.874278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.874348] Hardware name: linux,dummy-virt (DT) [ 27.874431] Call trace: [ 27.874490] show_stack+0x20/0x38 (C) [ 27.874632] dump_stack_lvl+0x8c/0xd0 [ 27.874779] print_report+0x118/0x608 [ 27.875012] kasan_report+0xdc/0x128 [ 27.875146] kasan_check_range+0x100/0x1a8 [ 27.875284] __kasan_check_write+0x20/0x30 [ 27.875424] copy_user_test_oob+0x234/0xec8 [ 27.875551] kunit_try_run_case+0x170/0x3f0 [ 27.875766] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.875944] kthread+0x328/0x630 [ 27.876149] ret_from_fork+0x10/0x20 [ 27.876290] [ 27.876346] Allocated by task 287: [ 27.876441] kasan_save_stack+0x3c/0x68 [ 27.876642] kasan_save_track+0x20/0x40 [ 27.876789] kasan_save_alloc_info+0x40/0x58 [ 27.876909] __kasan_kmalloc+0xd4/0xd8 [ 27.877069] __kmalloc_noprof+0x190/0x4d0 [ 27.877186] kunit_kmalloc_array+0x34/0x88 [ 27.877401] copy_user_test_oob+0xac/0xec8 [ 27.877674] kunit_try_run_case+0x170/0x3f0 [ 27.877960] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.878090] kthread+0x328/0x630 [ 27.878244] ret_from_fork+0x10/0x20 [ 27.878355] [ 27.878415] The buggy address belongs to the object at fff00000c67e4900 [ 27.878415] which belongs to the cache kmalloc-128 of size 128 [ 27.878571] The buggy address is located 0 bytes inside of [ 27.878571] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.878807] [ 27.878896] The buggy address belongs to the physical page: [ 27.879040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.879256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.879462] page_type: f5(slab) [ 27.879566] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.879749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.880029] page dumped because: kasan: bad access detected [ 27.880120] [ 27.880180] Memory state around the buggy address: [ 27.880336] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.880719] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.880836] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.880961] ^ [ 27.881132] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.881318] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.881467] ================================================================== [ 27.922223] ================================================================== [ 27.922494] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 27.922688] Write of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.922823] [ 27.922906] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.923263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.923349] Hardware name: linux,dummy-virt (DT) [ 27.923435] Call trace: [ 27.923503] show_stack+0x20/0x38 (C) [ 27.923826] dump_stack_lvl+0x8c/0xd0 [ 27.924053] print_report+0x118/0x608 [ 27.924245] kasan_report+0xdc/0x128 [ 27.924454] kasan_check_range+0x100/0x1a8 [ 27.925397] __kasan_check_write+0x20/0x30 [ 27.925729] copy_user_test_oob+0x35c/0xec8 [ 27.927505] kunit_try_run_case+0x170/0x3f0 [ 27.927674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.927827] kthread+0x328/0x630 [ 27.927972] ret_from_fork+0x10/0x20 [ 27.929837] [ 27.930666] Allocated by task 287: [ 27.931012] kasan_save_stack+0x3c/0x68 [ 27.931117] kasan_save_track+0x20/0x40 [ 27.931216] kasan_save_alloc_info+0x40/0x58 [ 27.931312] __kasan_kmalloc+0xd4/0xd8 [ 27.931405] __kmalloc_noprof+0x190/0x4d0 [ 27.931716] kunit_kmalloc_array+0x34/0x88 [ 27.932524] copy_user_test_oob+0xac/0xec8 [ 27.932644] kunit_try_run_case+0x170/0x3f0 [ 27.932847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.933001] kthread+0x328/0x630 [ 27.933115] ret_from_fork+0x10/0x20 [ 27.933215] [ 27.933409] The buggy address belongs to the object at fff00000c67e4900 [ 27.933409] which belongs to the cache kmalloc-128 of size 128 [ 27.933559] The buggy address is located 0 bytes inside of [ 27.933559] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.933726] [ 27.935612] The buggy address belongs to the physical page: [ 27.935713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.935859] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.936001] page_type: f5(slab) [ 27.936113] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.936250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.936371] page dumped because: kasan: bad access detected [ 27.936468] [ 27.936525] Memory state around the buggy address: [ 27.936621] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.936921] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.937227] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.937543] ^ [ 27.938065] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.938667] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.938771] ================================================================== [ 27.891477] ================================================================== [ 27.891599] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 27.891751] Read of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.891886] [ 27.892174] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.892390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.892887] Hardware name: linux,dummy-virt (DT) [ 27.893032] Call trace: [ 27.893454] show_stack+0x20/0x38 (C) [ 27.893605] dump_stack_lvl+0x8c/0xd0 [ 27.894397] print_report+0x118/0x608 [ 27.895027] kasan_report+0xdc/0x128 [ 27.896132] kasan_check_range+0x100/0x1a8 [ 27.896556] __kasan_check_read+0x20/0x30 [ 27.897972] copy_user_test_oob+0x728/0xec8 [ 27.898116] kunit_try_run_case+0x170/0x3f0 [ 27.898368] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.898973] kthread+0x328/0x630 [ 27.899626] ret_from_fork+0x10/0x20 [ 27.899900] [ 27.900127] Allocated by task 287: [ 27.900209] kasan_save_stack+0x3c/0x68 [ 27.900321] kasan_save_track+0x20/0x40 [ 27.900416] kasan_save_alloc_info+0x40/0x58 [ 27.900518] __kasan_kmalloc+0xd4/0xd8 [ 27.900629] __kmalloc_noprof+0x190/0x4d0 [ 27.900745] kunit_kmalloc_array+0x34/0x88 [ 27.901062] copy_user_test_oob+0xac/0xec8 [ 27.901613] kunit_try_run_case+0x170/0x3f0 [ 27.901722] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.902588] kthread+0x328/0x630 [ 27.902731] ret_from_fork+0x10/0x20 [ 27.902828] [ 27.903006] The buggy address belongs to the object at fff00000c67e4900 [ 27.903006] which belongs to the cache kmalloc-128 of size 128 [ 27.903269] The buggy address is located 0 bytes inside of [ 27.903269] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.903430] [ 27.903485] The buggy address belongs to the physical page: [ 27.903566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.904457] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.904927] page_type: f5(slab) [ 27.905047] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.905170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.905300] page dumped because: kasan: bad access detected [ 27.905387] [ 27.905445] Memory state around the buggy address: [ 27.905558] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.905762] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.906100] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.906203] ^ [ 27.906311] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.907607] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.907747] ================================================================== [ 27.966910] ================================================================== [ 27.967059] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 27.967394] Read of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.967526] [ 27.967844] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.968619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.968696] Hardware name: linux,dummy-virt (DT) [ 27.968771] Call trace: [ 27.968826] show_stack+0x20/0x38 (C) [ 27.968968] dump_stack_lvl+0x8c/0xd0 [ 27.969084] print_report+0x118/0x608 [ 27.969198] kasan_report+0xdc/0x128 [ 27.969307] kasan_check_range+0x100/0x1a8 [ 27.969984] __kasan_check_read+0x20/0x30 [ 27.970227] copy_user_test_oob+0x4a0/0xec8 [ 27.970367] kunit_try_run_case+0x170/0x3f0 [ 27.970695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.970998] kthread+0x328/0x630 [ 27.971126] ret_from_fork+0x10/0x20 [ 27.971249] [ 27.971298] Allocated by task 287: [ 27.971370] kasan_save_stack+0x3c/0x68 [ 27.971501] kasan_save_track+0x20/0x40 [ 27.971636] kasan_save_alloc_info+0x40/0x58 [ 27.971913] __kasan_kmalloc+0xd4/0xd8 [ 27.972135] __kmalloc_noprof+0x190/0x4d0 [ 27.972233] kunit_kmalloc_array+0x34/0x88 [ 27.972334] copy_user_test_oob+0xac/0xec8 [ 27.972427] kunit_try_run_case+0x170/0x3f0 [ 27.972526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.972635] kthread+0x328/0x630 [ 27.972722] ret_from_fork+0x10/0x20 [ 27.972850] [ 27.973224] The buggy address belongs to the object at fff00000c67e4900 [ 27.973224] which belongs to the cache kmalloc-128 of size 128 [ 27.973390] The buggy address is located 0 bytes inside of [ 27.973390] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.973557] [ 27.973626] The buggy address belongs to the physical page: [ 27.973710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.973905] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.974140] page_type: f5(slab) [ 27.974246] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.974372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.974963] page dumped because: kasan: bad access detected [ 27.975059] [ 27.975255] Memory state around the buggy address: [ 27.975384] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.975633] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.975773] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.975890] ^ [ 27.976084] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.976214] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.976615] ================================================================== [ 27.940212] ================================================================== [ 27.940389] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 27.940515] Read of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.940695] [ 27.940782] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.941007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.941077] Hardware name: linux,dummy-virt (DT) [ 27.941154] Call trace: [ 27.941228] show_stack+0x20/0x38 (C) [ 27.941453] dump_stack_lvl+0x8c/0xd0 [ 27.941722] print_report+0x118/0x608 [ 27.941854] kasan_report+0xdc/0x128 [ 27.941988] kasan_check_range+0x100/0x1a8 [ 27.942112] __kasan_check_read+0x20/0x30 [ 27.942245] copy_user_test_oob+0x3c8/0xec8 [ 27.942391] kunit_try_run_case+0x170/0x3f0 [ 27.942557] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.942747] kthread+0x328/0x630 [ 27.942915] ret_from_fork+0x10/0x20 [ 27.943151] [ 27.943211] Allocated by task 287: [ 27.943286] kasan_save_stack+0x3c/0x68 [ 27.943391] kasan_save_track+0x20/0x40 [ 27.943499] kasan_save_alloc_info+0x40/0x58 [ 27.943644] __kasan_kmalloc+0xd4/0xd8 [ 27.943796] __kmalloc_noprof+0x190/0x4d0 [ 27.943951] kunit_kmalloc_array+0x34/0x88 [ 27.944174] copy_user_test_oob+0xac/0xec8 [ 27.944344] kunit_try_run_case+0x170/0x3f0 [ 27.944545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.944687] kthread+0x328/0x630 [ 27.944879] ret_from_fork+0x10/0x20 [ 27.945040] [ 27.945100] The buggy address belongs to the object at fff00000c67e4900 [ 27.945100] which belongs to the cache kmalloc-128 of size 128 [ 27.945272] The buggy address is located 0 bytes inside of [ 27.945272] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.945466] [ 27.945527] The buggy address belongs to the physical page: [ 27.945605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.945734] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.945850] page_type: f5(slab) [ 27.946090] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.946223] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.946324] page dumped because: kasan: bad access detected [ 27.946413] [ 27.946558] Memory state around the buggy address: [ 27.946754] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.946960] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947071] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.947169] ^ [ 27.947279] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947556] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947681] ================================================================== [ 27.949125] ================================================================== [ 27.949300] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 27.949414] Write of size 121 at addr fff00000c67e4900 by task kunit_try_catch/287 [ 27.949559] [ 27.949661] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 27.949948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.950031] Hardware name: linux,dummy-virt (DT) [ 27.950113] Call trace: [ 27.950165] show_stack+0x20/0x38 (C) [ 27.950291] dump_stack_lvl+0x8c/0xd0 [ 27.950415] print_report+0x118/0x608 [ 27.950560] kasan_report+0xdc/0x128 [ 27.950688] kasan_check_range+0x100/0x1a8 [ 27.950860] __kasan_check_write+0x20/0x30 [ 27.951063] copy_user_test_oob+0x434/0xec8 [ 27.951357] kunit_try_run_case+0x170/0x3f0 [ 27.951578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.952260] kthread+0x328/0x630 [ 27.952609] ret_from_fork+0x10/0x20 [ 27.953712] [ 27.953967] Allocated by task 287: [ 27.955161] kasan_save_stack+0x3c/0x68 [ 27.955281] kasan_save_track+0x20/0x40 [ 27.955394] kasan_save_alloc_info+0x40/0x58 [ 27.955652] __kasan_kmalloc+0xd4/0xd8 [ 27.955919] __kmalloc_noprof+0x190/0x4d0 [ 27.956215] kunit_kmalloc_array+0x34/0x88 [ 27.956495] copy_user_test_oob+0xac/0xec8 [ 27.956773] kunit_try_run_case+0x170/0x3f0 [ 27.956984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.957118] kthread+0x328/0x630 [ 27.957475] ret_from_fork+0x10/0x20 [ 27.957710] [ 27.958140] The buggy address belongs to the object at fff00000c67e4900 [ 27.958140] which belongs to the cache kmalloc-128 of size 128 [ 27.958491] The buggy address is located 0 bytes inside of [ 27.958491] allocated 120-byte region [fff00000c67e4900, fff00000c67e4978) [ 27.958797] [ 27.958889] The buggy address belongs to the physical page: [ 27.959044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067e4 [ 27.959195] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.959568] page_type: f5(slab) [ 27.960014] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 27.960147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.960260] page dumped because: kasan: bad access detected [ 27.960485] [ 27.960575] Memory state around the buggy address: [ 27.960663] fff00000c67e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.960803] fff00000c67e4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.961016] >fff00000c67e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.961129] ^ [ 27.961741] fff00000c67e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.961871] fff00000c67e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.962006] ==================================================================
[ 15.546801] ================================================================== [ 15.547463] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.548150] Read of size 121 at addr ffff888102b49800 by task kunit_try_catch/306 [ 15.548977] [ 15.549168] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.549213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.549226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.549248] Call Trace: [ 15.549262] <TASK> [ 15.549276] dump_stack_lvl+0x73/0xb0 [ 15.549334] print_report+0xd1/0x650 [ 15.549358] ? __virt_addr_valid+0x1db/0x2d0 [ 15.549381] ? copy_user_test_oob+0x604/0x10f0 [ 15.549401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.549424] ? copy_user_test_oob+0x604/0x10f0 [ 15.549446] kasan_report+0x141/0x180 [ 15.549469] ? copy_user_test_oob+0x604/0x10f0 [ 15.549511] kasan_check_range+0x10c/0x1c0 [ 15.549536] __kasan_check_read+0x15/0x20 [ 15.549556] copy_user_test_oob+0x604/0x10f0 [ 15.549580] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.549600] ? finish_task_switch.isra.0+0x153/0x700 [ 15.549623] ? __switch_to+0x5d9/0xf60 [ 15.549644] ? dequeue_task_fair+0x166/0x4e0 [ 15.549669] ? __schedule+0x10cc/0x2b30 [ 15.549694] ? __pfx_read_tsc+0x10/0x10 [ 15.549714] ? ktime_get_ts64+0x86/0x230 [ 15.549740] kunit_try_run_case+0x1a5/0x480 [ 15.549765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.549795] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.549819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.549862] ? __kthread_parkme+0x82/0x180 [ 15.549885] ? preempt_count_sub+0x50/0x80 [ 15.549910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.549934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.549959] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.549983] kthread+0x337/0x6f0 [ 15.550004] ? trace_preempt_on+0x20/0xc0 [ 15.550027] ? __pfx_kthread+0x10/0x10 [ 15.550051] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.550073] ? calculate_sigpending+0x7b/0xa0 [ 15.550095] ? __pfx_kthread+0x10/0x10 [ 15.550119] ret_from_fork+0x41/0x80 [ 15.550152] ? __pfx_kthread+0x10/0x10 [ 15.550194] ret_from_fork_asm+0x1a/0x30 [ 15.550226] </TASK> [ 15.550239] [ 15.561695] Allocated by task 306: [ 15.561835] kasan_save_stack+0x45/0x70 [ 15.561986] kasan_save_track+0x18/0x40 [ 15.562173] kasan_save_alloc_info+0x3b/0x50 [ 15.562506] __kasan_kmalloc+0xb7/0xc0 [ 15.562697] __kmalloc_noprof+0x1c9/0x500 [ 15.562863] kunit_kmalloc_array+0x25/0x60 [ 15.563027] copy_user_test_oob+0xab/0x10f0 [ 15.563246] kunit_try_run_case+0x1a5/0x480 [ 15.563431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.563641] kthread+0x337/0x6f0 [ 15.563764] ret_from_fork+0x41/0x80 [ 15.563927] ret_from_fork_asm+0x1a/0x30 [ 15.564122] [ 15.564219] The buggy address belongs to the object at ffff888102b49800 [ 15.564219] which belongs to the cache kmalloc-128 of size 128 [ 15.564652] The buggy address is located 0 bytes inside of [ 15.564652] allocated 120-byte region [ffff888102b49800, ffff888102b49878) [ 15.565176] [ 15.565262] The buggy address belongs to the physical page: [ 15.565496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b49 [ 15.565799] flags: 0x200000000000000(node=0|zone=2) [ 15.565996] page_type: f5(slab) [ 15.566187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.566483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.566781] page dumped because: kasan: bad access detected [ 15.566976] [ 15.567071] Memory state around the buggy address: [ 15.567352] ffff888102b49700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.567628] ffff888102b49780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.567895] >ffff888102b49800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.568108] ^ [ 15.568436] ffff888102b49880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.568694] ffff888102b49900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.568907] ================================================================== [ 15.528084] ================================================================== [ 15.528580] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.528871] Write of size 121 at addr ffff888102b49800 by task kunit_try_catch/306 [ 15.529225] [ 15.529311] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.529365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.529378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.529400] Call Trace: [ 15.529416] <TASK> [ 15.529432] dump_stack_lvl+0x73/0xb0 [ 15.529457] print_report+0xd1/0x650 [ 15.529479] ? __virt_addr_valid+0x1db/0x2d0 [ 15.529502] ? copy_user_test_oob+0x557/0x10f0 [ 15.529522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.529546] ? copy_user_test_oob+0x557/0x10f0 [ 15.529567] kasan_report+0x141/0x180 [ 15.529590] ? copy_user_test_oob+0x557/0x10f0 [ 15.529617] kasan_check_range+0x10c/0x1c0 [ 15.529641] __kasan_check_write+0x18/0x20 [ 15.529662] copy_user_test_oob+0x557/0x10f0 [ 15.529686] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.529706] ? finish_task_switch.isra.0+0x153/0x700 [ 15.529729] ? __switch_to+0x5d9/0xf60 [ 15.529751] ? dequeue_task_fair+0x166/0x4e0 [ 15.529785] ? __schedule+0x10cc/0x2b30 [ 15.529809] ? __pfx_read_tsc+0x10/0x10 [ 15.529830] ? ktime_get_ts64+0x86/0x230 [ 15.529856] kunit_try_run_case+0x1a5/0x480 [ 15.529881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.529904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.529928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.529975] ? __kthread_parkme+0x82/0x180 [ 15.529999] ? preempt_count_sub+0x50/0x80 [ 15.530025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.530049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.530072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.530097] kthread+0x337/0x6f0 [ 15.530119] ? trace_preempt_on+0x20/0xc0 [ 15.530143] ? __pfx_kthread+0x10/0x10 [ 15.530166] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.530189] ? calculate_sigpending+0x7b/0xa0 [ 15.530211] ? __pfx_kthread+0x10/0x10 [ 15.530233] ret_from_fork+0x41/0x80 [ 15.530256] ? __pfx_kthread+0x10/0x10 [ 15.530279] ret_from_fork_asm+0x1a/0x30 [ 15.530311] </TASK> [ 15.530331] [ 15.538384] Allocated by task 306: [ 15.538515] kasan_save_stack+0x45/0x70 [ 15.538658] kasan_save_track+0x18/0x40 [ 15.538793] kasan_save_alloc_info+0x3b/0x50 [ 15.538937] __kasan_kmalloc+0xb7/0xc0 [ 15.539108] __kmalloc_noprof+0x1c9/0x500 [ 15.539318] kunit_kmalloc_array+0x25/0x60 [ 15.539557] copy_user_test_oob+0xab/0x10f0 [ 15.539780] kunit_try_run_case+0x1a5/0x480 [ 15.539987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.540313] kthread+0x337/0x6f0 [ 15.540509] ret_from_fork+0x41/0x80 [ 15.540677] ret_from_fork_asm+0x1a/0x30 [ 15.540859] [ 15.540930] The buggy address belongs to the object at ffff888102b49800 [ 15.540930] which belongs to the cache kmalloc-128 of size 128 [ 15.541283] The buggy address is located 0 bytes inside of [ 15.541283] allocated 120-byte region [ffff888102b49800, ffff888102b49878) [ 15.541762] [ 15.541861] The buggy address belongs to the physical page: [ 15.542154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b49 [ 15.542512] flags: 0x200000000000000(node=0|zone=2) [ 15.542743] page_type: f5(slab) [ 15.542911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.543276] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.543598] page dumped because: kasan: bad access detected [ 15.543830] [ 15.543901] Memory state around the buggy address: [ 15.544055] ffff888102b49700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.544603] ffff888102b49780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.544854] >ffff888102b49800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.545069] ^ [ 15.545625] ffff888102b49880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.545882] ffff888102b49900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546095] ================================================================== [ 15.509894] ================================================================== [ 15.510345] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.510920] Read of size 121 at addr ffff888102b49800 by task kunit_try_catch/306 [ 15.511206] [ 15.511339] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.511384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.511397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.511419] Call Trace: [ 15.511434] <TASK> [ 15.511448] dump_stack_lvl+0x73/0xb0 [ 15.511495] print_report+0xd1/0x650 [ 15.511519] ? __virt_addr_valid+0x1db/0x2d0 [ 15.511542] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.511562] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.511586] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.511607] kasan_report+0x141/0x180 [ 15.511631] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.511675] kasan_check_range+0x10c/0x1c0 [ 15.511701] __kasan_check_read+0x15/0x20 [ 15.511722] copy_user_test_oob+0x4aa/0x10f0 [ 15.511745] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.511765] ? finish_task_switch.isra.0+0x153/0x700 [ 15.511789] ? __switch_to+0x5d9/0xf60 [ 15.511809] ? dequeue_task_fair+0x166/0x4e0 [ 15.511835] ? __schedule+0x10cc/0x2b30 [ 15.511859] ? __pfx_read_tsc+0x10/0x10 [ 15.511880] ? ktime_get_ts64+0x86/0x230 [ 15.511906] kunit_try_run_case+0x1a5/0x480 [ 15.511931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.511954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.511979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.512004] ? __kthread_parkme+0x82/0x180 [ 15.512026] ? preempt_count_sub+0x50/0x80 [ 15.512051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.512098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.512122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.512146] kthread+0x337/0x6f0 [ 15.512168] ? trace_preempt_on+0x20/0xc0 [ 15.512191] ? __pfx_kthread+0x10/0x10 [ 15.512215] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.512237] ? calculate_sigpending+0x7b/0xa0 [ 15.512259] ? __pfx_kthread+0x10/0x10 [ 15.512282] ret_from_fork+0x41/0x80 [ 15.512303] ? __pfx_kthread+0x10/0x10 [ 15.512333] ret_from_fork_asm+0x1a/0x30 [ 15.512367] </TASK> [ 15.512378] [ 15.519813] Allocated by task 306: [ 15.519945] kasan_save_stack+0x45/0x70 [ 15.520089] kasan_save_track+0x18/0x40 [ 15.520285] kasan_save_alloc_info+0x3b/0x50 [ 15.520519] __kasan_kmalloc+0xb7/0xc0 [ 15.520715] __kmalloc_noprof+0x1c9/0x500 [ 15.520938] kunit_kmalloc_array+0x25/0x60 [ 15.521153] copy_user_test_oob+0xab/0x10f0 [ 15.521398] kunit_try_run_case+0x1a5/0x480 [ 15.521576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.521753] kthread+0x337/0x6f0 [ 15.521948] ret_from_fork+0x41/0x80 [ 15.522137] ret_from_fork_asm+0x1a/0x30 [ 15.522367] [ 15.522461] The buggy address belongs to the object at ffff888102b49800 [ 15.522461] which belongs to the cache kmalloc-128 of size 128 [ 15.522919] The buggy address is located 0 bytes inside of [ 15.522919] allocated 120-byte region [ffff888102b49800, ffff888102b49878) [ 15.523477] [ 15.523550] The buggy address belongs to the physical page: [ 15.523793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b49 [ 15.524153] flags: 0x200000000000000(node=0|zone=2) [ 15.524385] page_type: f5(slab) [ 15.524507] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.524735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.525024] page dumped because: kasan: bad access detected [ 15.525270] [ 15.525367] Memory state around the buggy address: [ 15.525620] ffff888102b49700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.525843] ffff888102b49780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.526058] >ffff888102b49800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.526525] ^ [ 15.526844] ffff888102b49880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.527185] ffff888102b49900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.527611] ================================================================== [ 15.492146] ================================================================== [ 15.492537] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.492856] Write of size 121 at addr ffff888102b49800 by task kunit_try_catch/306 [ 15.493157] [ 15.493246] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.493293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.493307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.493341] Call Trace: [ 15.493355] <TASK> [ 15.493384] dump_stack_lvl+0x73/0xb0 [ 15.493411] print_report+0xd1/0x650 [ 15.493435] ? __virt_addr_valid+0x1db/0x2d0 [ 15.493459] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.493479] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.493504] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.493525] kasan_report+0x141/0x180 [ 15.493549] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.493576] kasan_check_range+0x10c/0x1c0 [ 15.493602] __kasan_check_write+0x18/0x20 [ 15.493623] copy_user_test_oob+0x3fd/0x10f0 [ 15.493647] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.493667] ? finish_task_switch.isra.0+0x153/0x700 [ 15.493691] ? __switch_to+0x5d9/0xf60 [ 15.493712] ? dequeue_task_fair+0x166/0x4e0 [ 15.493738] ? __schedule+0x10cc/0x2b30 [ 15.493762] ? __pfx_read_tsc+0x10/0x10 [ 15.493787] ? ktime_get_ts64+0x86/0x230 [ 15.493813] kunit_try_run_case+0x1a5/0x480 [ 15.493839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.493862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.493887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.493912] ? __kthread_parkme+0x82/0x180 [ 15.493935] ? preempt_count_sub+0x50/0x80 [ 15.493960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.493985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.494009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.494033] kthread+0x337/0x6f0 [ 15.494055] ? trace_preempt_on+0x20/0xc0 [ 15.494079] ? __pfx_kthread+0x10/0x10 [ 15.494103] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.494135] ? calculate_sigpending+0x7b/0xa0 [ 15.494158] ? __pfx_kthread+0x10/0x10 [ 15.494180] ret_from_fork+0x41/0x80 [ 15.494201] ? __pfx_kthread+0x10/0x10 [ 15.494224] ret_from_fork_asm+0x1a/0x30 [ 15.494257] </TASK> [ 15.494268] [ 15.501391] Allocated by task 306: [ 15.501520] kasan_save_stack+0x45/0x70 [ 15.501666] kasan_save_track+0x18/0x40 [ 15.501864] kasan_save_alloc_info+0x3b/0x50 [ 15.502070] __kasan_kmalloc+0xb7/0xc0 [ 15.502258] __kmalloc_noprof+0x1c9/0x500 [ 15.502569] kunit_kmalloc_array+0x25/0x60 [ 15.502714] copy_user_test_oob+0xab/0x10f0 [ 15.502855] kunit_try_run_case+0x1a5/0x480 [ 15.503231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.503496] kthread+0x337/0x6f0 [ 15.503667] ret_from_fork+0x41/0x80 [ 15.503833] ret_from_fork_asm+0x1a/0x30 [ 15.504013] [ 15.504090] The buggy address belongs to the object at ffff888102b49800 [ 15.504090] which belongs to the cache kmalloc-128 of size 128 [ 15.504655] The buggy address is located 0 bytes inside of [ 15.504655] allocated 120-byte region [ffff888102b49800, ffff888102b49878) [ 15.505019] [ 15.505091] The buggy address belongs to the physical page: [ 15.505258] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b49 [ 15.505557] flags: 0x200000000000000(node=0|zone=2) [ 15.505784] page_type: f5(slab) [ 15.505976] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.506274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.506503] page dumped because: kasan: bad access detected [ 15.506667] [ 15.506735] Memory state around the buggy address: [ 15.506886] ffff888102b49700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.507572] ffff888102b49780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.507890] >ffff888102b49800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.508298] ^ [ 15.508757] ffff888102b49880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.509005] ffff888102b49900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.509417] ==================================================================
[ 25.749095] ================================================================== [ 25.749790] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 25.750459] Read of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.751154] [ 25.751320] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.751372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.751387] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.751405] Call trace: [ 25.751417] show_stack+0x20/0x38 (C) [ 25.751452] dump_stack_lvl+0x8c/0xd0 [ 25.751483] print_report+0x118/0x608 [ 25.751514] kasan_report+0xdc/0x128 [ 25.751544] kasan_check_range+0x100/0x1a8 [ 25.751576] __kasan_check_read+0x20/0x30 [ 25.751609] copy_user_test_oob+0x728/0xec8 [ 25.751639] kunit_try_run_case+0x170/0x3f0 [ 25.751674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.751716] kthread+0x328/0x630 [ 25.751750] ret_from_fork+0x10/0x20 [ 25.751783] [ 25.757663] Allocated by task 339: [ 25.757990] kasan_save_stack+0x3c/0x68 [ 25.758366] kasan_save_track+0x20/0x40 [ 25.758739] kasan_save_alloc_info+0x40/0x58 [ 25.759153] __kasan_kmalloc+0xd4/0xd8 [ 25.759517] __kmalloc_noprof+0x190/0x4d0 [ 25.759907] kunit_kmalloc_array+0x34/0x88 [ 25.760308] copy_user_test_oob+0xac/0xec8 [ 25.760704] kunit_try_run_case+0x170/0x3f0 [ 25.761111] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.761637] kthread+0x328/0x630 [ 25.761961] ret_from_fork+0x10/0x20 [ 25.762311] [ 25.762466] The buggy address belongs to the object at ffff0000101ea500 [ 25.762466] which belongs to the cache kmalloc-128 of size 128 [ 25.763599] The buggy address is located 0 bytes inside of [ 25.763599] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.764729] [ 25.764885] The buggy address belongs to the physical page: [ 25.765402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.766135] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.766749] page_type: f5(slab) [ 25.767062] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.767779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.768488] page dumped because: kasan: bad access detected [ 25.769005] [ 25.769158] Memory state around the buggy address: [ 25.769608] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.770276] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.770944] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.771608] ^ [ 25.772265] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.772933] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.773597] ================================================================== [ 25.722839] ================================================================== [ 25.724086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 25.724757] Write of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.725459] [ 25.725625] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.725676] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.725692] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.725712] Call trace: [ 25.725726] show_stack+0x20/0x38 (C) [ 25.725761] dump_stack_lvl+0x8c/0xd0 [ 25.725795] print_report+0x118/0x608 [ 25.725827] kasan_report+0xdc/0x128 [ 25.725857] kasan_check_range+0x100/0x1a8 [ 25.725891] __kasan_check_write+0x20/0x30 [ 25.725925] copy_user_test_oob+0x234/0xec8 [ 25.725955] kunit_try_run_case+0x170/0x3f0 [ 25.725993] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.726033] kthread+0x328/0x630 [ 25.726069] ret_from_fork+0x10/0x20 [ 25.726104] [ 25.731999] Allocated by task 339: [ 25.732332] kasan_save_stack+0x3c/0x68 [ 25.732710] kasan_save_track+0x20/0x40 [ 25.733083] kasan_save_alloc_info+0x40/0x58 [ 25.733497] __kasan_kmalloc+0xd4/0xd8 [ 25.733861] __kmalloc_noprof+0x190/0x4d0 [ 25.734251] kunit_kmalloc_array+0x34/0x88 [ 25.734654] copy_user_test_oob+0xac/0xec8 [ 25.735048] kunit_try_run_case+0x170/0x3f0 [ 25.735456] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.735981] kthread+0x328/0x630 [ 25.736305] ret_from_fork+0x10/0x20 [ 25.736657] [ 25.736812] The buggy address belongs to the object at ffff0000101ea500 [ 25.736812] which belongs to the cache kmalloc-128 of size 128 [ 25.737947] The buggy address is located 0 bytes inside of [ 25.737947] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.739076] [ 25.739232] The buggy address belongs to the physical page: [ 25.739750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.740482] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.741095] page_type: f5(slab) [ 25.741411] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.742128] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.742838] page dumped because: kasan: bad access detected [ 25.743355] [ 25.743508] Memory state around the buggy address: [ 25.743958] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.744627] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.745294] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.745957] ^ [ 25.746614] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.747282] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.747945] ================================================================== [ 25.799636] ================================================================== [ 25.800297] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 25.800945] Read of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.801626] [ 25.801783] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.801819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.801831] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.801844] Call trace: [ 25.801853] show_stack+0x20/0x38 (C) [ 25.801876] dump_stack_lvl+0x8c/0xd0 [ 25.801899] print_report+0x118/0x608 [ 25.801922] kasan_report+0xdc/0x128 [ 25.801943] kasan_check_range+0x100/0x1a8 [ 25.801966] __kasan_check_read+0x20/0x30 [ 25.801991] copy_user_test_oob+0x3c8/0xec8 [ 25.802012] kunit_try_run_case+0x170/0x3f0 [ 25.802038] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.802067] kthread+0x328/0x630 [ 25.802092] ret_from_fork+0x10/0x20 [ 25.802116] [ 25.807957] Allocated by task 339: [ 25.808280] kasan_save_stack+0x3c/0x68 [ 25.808649] kasan_save_track+0x20/0x40 [ 25.809009] kasan_save_alloc_info+0x40/0x58 [ 25.809412] __kasan_kmalloc+0xd4/0xd8 [ 25.809765] __kmalloc_noprof+0x190/0x4d0 [ 25.810144] kunit_kmalloc_array+0x34/0x88 [ 25.810534] copy_user_test_oob+0xac/0xec8 [ 25.810918] kunit_try_run_case+0x170/0x3f0 [ 25.811312] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.811822] kthread+0x328/0x630 [ 25.812135] ret_from_fork+0x10/0x20 [ 25.812474] [ 25.812620] The buggy address belongs to the object at ffff0000101ea500 [ 25.812620] which belongs to the cache kmalloc-128 of size 128 [ 25.813740] The buggy address is located 0 bytes inside of [ 25.813740] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.814854] [ 25.815002] The buggy address belongs to the physical page: [ 25.815510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.816230] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.816830] page_type: f5(slab) [ 25.817133] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.817838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.818535] page dumped because: kasan: bad access detected [ 25.819044] [ 25.819191] Memory state around the buggy address: [ 25.819632] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.820287] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.820942] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.821594] ^ [ 25.822241] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822898] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.823551] ================================================================== [ 25.824893] ================================================================== [ 25.825570] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 25.826220] Write of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.826909] [ 25.827064] CPU: 4 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.827102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.827112] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.827124] Call trace: [ 25.827133] show_stack+0x20/0x38 (C) [ 25.827158] dump_stack_lvl+0x8c/0xd0 [ 25.827179] print_report+0x118/0x608 [ 25.827199] kasan_report+0xdc/0x128 [ 25.827217] kasan_check_range+0x100/0x1a8 [ 25.827239] __kasan_check_write+0x20/0x30 [ 25.827260] copy_user_test_oob+0x434/0xec8 [ 25.827278] kunit_try_run_case+0x170/0x3f0 [ 25.827302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.827329] kthread+0x328/0x630 [ 25.827352] ret_from_fork+0x10/0x20 [ 25.827374] [ 25.833205] Allocated by task 339: [ 25.833523] kasan_save_stack+0x3c/0x68 [ 25.833884] kasan_save_track+0x20/0x40 [ 25.834243] kasan_save_alloc_info+0x40/0x58 [ 25.834641] __kasan_kmalloc+0xd4/0xd8 [ 25.834993] __kmalloc_noprof+0x190/0x4d0 [ 25.835368] kunit_kmalloc_array+0x34/0x88 [ 25.835753] copy_user_test_oob+0xac/0xec8 [ 25.836134] kunit_try_run_case+0x170/0x3f0 [ 25.836526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.837035] kthread+0x328/0x630 [ 25.837345] ret_from_fork+0x10/0x20 [ 25.837682] [ 25.837829] The buggy address belongs to the object at ffff0000101ea500 [ 25.837829] which belongs to the cache kmalloc-128 of size 128 [ 25.838948] The buggy address is located 0 bytes inside of [ 25.838948] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.840061] [ 25.840208] The buggy address belongs to the physical page: [ 25.840714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.841432] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.842029] page_type: f5(slab) [ 25.842329] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.843031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.843728] page dumped because: kasan: bad access detected [ 25.844232] [ 25.844378] Memory state around the buggy address: [ 25.844816] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.845470] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.846122] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.846772] ^ [ 25.847416] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848069] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848718] ================================================================== [ 25.849635] ================================================================== [ 25.850290] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 25.850931] Read of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.851609] [ 25.851759] CPU: 4 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.851791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.851800] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.851812] Call trace: [ 25.851819] show_stack+0x20/0x38 (C) [ 25.851840] dump_stack_lvl+0x8c/0xd0 [ 25.851859] print_report+0x118/0x608 [ 25.851878] kasan_report+0xdc/0x128 [ 25.851897] kasan_check_range+0x100/0x1a8 [ 25.851917] __kasan_check_read+0x20/0x30 [ 25.851939] copy_user_test_oob+0x4a0/0xec8 [ 25.851956] kunit_try_run_case+0x170/0x3f0 [ 25.851979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.852005] kthread+0x328/0x630 [ 25.852027] ret_from_fork+0x10/0x20 [ 25.852048] [ 25.857869] Allocated by task 339: [ 25.858185] kasan_save_stack+0x3c/0x68 [ 25.858546] kasan_save_track+0x20/0x40 [ 25.858905] kasan_save_alloc_info+0x40/0x58 [ 25.859305] __kasan_kmalloc+0xd4/0xd8 [ 25.859654] __kmalloc_noprof+0x190/0x4d0 [ 25.860027] kunit_kmalloc_array+0x34/0x88 [ 25.860412] copy_user_test_oob+0xac/0xec8 [ 25.860793] kunit_try_run_case+0x170/0x3f0 [ 25.861185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.861693] kthread+0x328/0x630 [ 25.862003] ret_from_fork+0x10/0x20 [ 25.862340] [ 25.862486] The buggy address belongs to the object at ffff0000101ea500 [ 25.862486] which belongs to the cache kmalloc-128 of size 128 [ 25.863603] The buggy address is located 0 bytes inside of [ 25.863603] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.864715] [ 25.864861] The buggy address belongs to the physical page: [ 25.865365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.866080] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.866675] page_type: f5(slab) [ 25.866972] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.867673] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.868368] page dumped because: kasan: bad access detected [ 25.868873] [ 25.869018] Memory state around the buggy address: [ 25.869455] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.870107] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.870761] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.871410] ^ [ 25.872054] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.872706] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.873355] ================================================================== [ 25.774925] ================================================================== [ 25.775618] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 25.776273] Write of size 121 at addr ffff0000101ea500 by task kunit_try_catch/339 [ 25.776962] [ 25.777119] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 25.777157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.777168] Hardware name: Radxa ROCK Pi 4B (DT) [ 25.777181] Call trace: [ 25.777191] show_stack+0x20/0x38 (C) [ 25.777214] dump_stack_lvl+0x8c/0xd0 [ 25.777237] print_report+0x118/0x608 [ 25.777261] kasan_report+0xdc/0x128 [ 25.777281] kasan_check_range+0x100/0x1a8 [ 25.777305] __kasan_check_write+0x20/0x30 [ 25.777328] copy_user_test_oob+0x35c/0xec8 [ 25.777349] kunit_try_run_case+0x170/0x3f0 [ 25.777376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.777405] kthread+0x328/0x630 [ 25.777430] ret_from_fork+0x10/0x20 [ 25.777455] [ 25.783298] Allocated by task 339: [ 25.783617] kasan_save_stack+0x3c/0x68 [ 25.783980] kasan_save_track+0x20/0x40 [ 25.784342] kasan_save_alloc_info+0x40/0x58 [ 25.784744] __kasan_kmalloc+0xd4/0xd8 [ 25.785098] __kmalloc_noprof+0x190/0x4d0 [ 25.785475] kunit_kmalloc_array+0x34/0x88 [ 25.785864] copy_user_test_oob+0xac/0xec8 [ 25.786248] kunit_try_run_case+0x170/0x3f0 [ 25.786641] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.787152] kthread+0x328/0x630 [ 25.787464] ret_from_fork+0x10/0x20 [ 25.787804] [ 25.787952] The buggy address belongs to the object at ffff0000101ea500 [ 25.787952] which belongs to the cache kmalloc-128 of size 128 [ 25.789072] The buggy address is located 0 bytes inside of [ 25.789072] allocated 120-byte region [ffff0000101ea500, ffff0000101ea578) [ 25.790186] [ 25.790334] The buggy address belongs to the physical page: [ 25.790843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea [ 25.791564] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 25.792165] page_type: f5(slab) [ 25.792468] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 25.793172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.793871] page dumped because: kasan: bad access detected [ 25.794377] [ 25.794525] Memory state around the buggy address: [ 25.794965] ffff0000101ea400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.795622] ffff0000101ea480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.796278] >ffff0000101ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.796929] ^ [ 25.797576] ffff0000101ea580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.798233] ffff0000101ea600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.798886] ==================================================================